Lucene search
K

7476 matches found

EUVD
EUVD
added 2026/06/26 3:32 p.m.5 views

EUVD-2026-39779

Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery SS...

6.5CVSS5.8AI score0.00104EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 3:16 p.m.5 views

CVE-2026-57627

Subscriber Server Side Request Forgery SSRF in Kirki = 6.0.11 versions...

4.9CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-56026

Subscriber Server Side Request Forgery SSRF in utm.codes = 1.9.0 versions...

6.4CVSS0.0022EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.15 views

CVE-2026-57627

CVE-2026-57627 describes a Server-Side Request Forgery (SSRF) in the WordPress Kirki plugin, versions

4.9CVSS5.8AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.29 views

CVE-2026-56026 WordPress utm.codes plugin <= 1.9.0 - Server Side Request Forgery (SSRF) vulnerability

Subscriber Server Side Request Forgery SSRF in utm.codes = 1.9.0 versions...

6.4CVSS0.0022EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.4 views

EUVD-2026-39689

Subscriber Server Side Request Forgery SSRF in utm.codes = 1.9.0 versions...

6.4CVSS5.8AI score0.0022EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.7 views

CVE-2026-56026

The WordPress utm.codes plugin (versions

6.4CVSS5.8AI score0.0022EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:44 p.m.13 views

CVE-2026-4339

Mattermost CPT: CVE-2026-4339 affects Mattermost versions 10.11.x up to 10.11.18, 11.6.x up to 11.6.3, and 11.5.x up to 11.5.6. The vulnerability arises from the Agents plugin MCP server failing to validate attachment URLs against internal/private IP ranges, enabling an attacker with MCP stdio ac...

6.5CVSS5.8AI score0.00104EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/26 2:17 p.m.9 views

CVE-2026-57940

HTMLy 3.1.1 contains a Server-Side Request Forgery SSRF vulnerability in the RSS feed import functionality. The function getfeed in system/admin/admin.php passes user-supplied $feedurl directly to filegetcontents without any validation. An authenticated attacker with administrative privileges can...

2.1CVSS0.00229EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 1:8 p.m.5 views

CVE-2026-57940

HTMLy 3.1.1 contains a Server-Side Request Forgery SSRF vulnerability in the RSS feed import functionality. The function getfeed in system/admin/admin.php passes user-supplied $feedurl directly to filegetcontents without any validation. An authenticated attacker with administrative privileges can...

2.1CVSS5.8AI score0.00229EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/26 1:8 p.m.12 views

CVE-2026-57940

CVE-2026-57940 affects HTMLy 3.1.1 and describes an SSRF in the RSS feed import. The vulnerable code path is get_feed() in system/admin/admin.php, which passes user-supplied feed_url directly to file_get_contents() without validation. An authenticated admin can exploit this by supplying a crafted...

2.1CVSS5.8AI score0.00229EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 12:18 p.m.5 views

WordPress Kirki plugin <= 6.0.11 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Kirki versions = 6.0.11...

4.9CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2026/06/26 9:30 a.m.7 views

Server-Side Request Forgery

jackson-databind is vulnerable to server-side request forgery SSRF. The vulnerability is due to eager DNS resolution during InetSocketAddress deserialization, where untrusted hostnames are resolved before application-level validation, allowing attackers to trigger arbitrary DNS requests by...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/26 7:26 a.m.37 views

CVE-2026-2053 Unauthenticated Server-Side Request Forgery via WS-Addressing in WSO2 API Manager

The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated...

8.3CVSS0.00222EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.5 views

FreeBSD : Gitlab -- Vulnerabilities (ee1e7aef-7117-11f1-873f-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ee1e7aef-7117-11f1-873f-2cf05da270f3 advisory. Gitlab reports: Cross-site Scripting issue in Analytics Dashboard impacts GitLab EE Cross-site...

8.7CVSS5.7AI score0.00328EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

SUSE SLED15 / SLES15 Security Update : python-PyJWT (SUSE-SU-2026:2627-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2627-1 advisory. This update for python-PyJWT fixes the following issues - CVE-2026-48522: PyJWKClient passes URI arguments...

7.4CVSS5.9AI score0.00394EPSS
Exploits4References13
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.13 views

SUSE SLES16 Security Update : python-PyJWT (SUSE-SU-2026:22170-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22170-1 advisory. This update for python-PyJWT fixes the following issues - CVE-2026-48522: PyJWKClient passes URI arguments directly to...

7.4CVSS5.8AI score0.00394EPSS
Exploits4References16
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.11 views

SUSE SLED15 / SLES15 Security Update : python-PyJWT (SUSE-SU-2026:2626-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2626-1 advisory. This update for python-PyJWT fixes the following issues - CVE-2026-48522: PyJWKClient passes URI arguments...

7.4CVSS5.8AI score0.00394EPSS
Exploits4References16
CVE
CVE
added 2026/06/25 11:23 p.m.15 views

CVE-2026-13318

KubeVirt exposes an SSRF in virt-api port-forward: when handling a port-forward to a VirtualMachineInstance, virt-api reads vmi.Status.Interfaces[0].IP and dials it without validation. For VMIs using non-masquerade networks (bridge or secondary-only), this IP is supplied by the in-guest QEMU agen...

6.4CVSS6AI score0.00164EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 10:58 p.m.6 views

CVE-2026-50221

A flaw was found in OpenStack Swift's proxy-server. Internal container update routing headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device are not stripped from client requests before being forwarded to object-servers. An authenticated user with write access can inje...

6.4CVSS5.9AI score0.00146EPSS
Exploits1References6
Rows per page
Query Builder