7152 matches found
CVE-2026-39670 WordPress Visual Link Preview plugin <= 2.3.0 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link Preview: from n/a through = 2.3.0...
CVE-2026-39647
CVE-2026-39647 describes a Server-Side Request Forgery (SSRF) in the WordPress plugin “MP3 Audio Player for Music, Radio & Podcast by Sonaar”, affected through version 5.11. The connected records confirm the issue is SSRF and affect the plugin with versions up to 5.11. No remediation details are ...
CVE-2026-39647 WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.11 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...
CVE-2026-39645 WordPress GlobalPayments WooCommerce plugin <= 1.18.0 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Global Payments GlobalPayments WooCommerce global-payments-woocommerce allows Server Side Request Forgery.This issue affects GlobalPayments WooCommerce: from n/a through = 1.18.0...
CVE-2026-39645 WordPress GlobalPayments WooCommerce plugin <= 1.18.0 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Global Payments GlobalPayments WooCommerce global-payments-woocommerce allows Server Side Request Forgery.This issue affects GlobalPayments WooCommerce: from n/a through = 1.18.0...
CVE-2026-39630 WordPress Getty Images plugin <= 4.1.0 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Getty Images Getty Images getty-images allows Server Side Request Forgery.This issue affects Getty Images: from n/a through = 4.1.0...
CVE-2026-39630
CVE-2026-39630 is a Server-Side Request Forgery (SSRF) affecting the WordPress Getty Images plugin version 4.1.0 and earlier (Getty Images getty-images). The issue is called out across multiple feeds (NVD, Red Hat, ENISA) with the CVSSv3.1 base score 6.4 (Medium) and impact limited to confidentia...
CVE-2026-39521
CVE-2026-39521. A Server-Side Request Forgery (SSRF) in the WordPress Nelio Content plugin (nelio-content) affects versions up to 4.3.1. The issue is documented across multiple sources (NVD/Red Hat/ENISA/CVE list). The precise root cause is not detailed in the provided documents, but the vulnerab...
CVE-2026-39521
Server-Side Request Forgery SSRF vulnerability in Nelio Software Nelio Content nelio-content allows Server Side Request Forgery.This issue affects Nelio Content: from n/a through = 4.3.1...
CVE-2026-39464 WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin <= 6.19.8 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through = 6.19.8...
H4C-WEB
H4C-WEB !/bin/bash =======================================...
Exploit for CVE-2026-27739
-CVE-2026-27739-poc curl -H "X-Forwarded-For: http://169.254...
Server-Side Request Forgery (SSRF)
github.com/charmbracelet/soft-serve is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to lack of validation in webhook URLs, which allows an attacker to create malicious webhooks that target internal services, private networks, and cloud metadata endpoints...
EUVD-2026-19915
FastFeedParser has an infinite redirect loop DoS via meta-refresh chain...
Server-side Request Forgery (SSRF)
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the downloadURL parameter processing in objects/aVideoEncoder.json.php. An attacker can access internal resources and exfiltrat...
Server-side Request Forgery (SSRF)
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the restreamerURL parameter of the restream log callback flow. An attacker can access internal network resources and retrieve...
EUVD-2026-19881
WWBN AVideo has a Live restream log callback flow enabling stored SSRF to internal services...
PT-2026-31662
Impact An authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTH TOKEN to cause the server to issue HTTP requests to arbitrary URLs supplied through multi-tenant HTTP headers. Response bodies are reflected back through JSON-RPC, so an attacker can read the...
WordPress plugin GlobalPayments WooCommerce 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
PT-2026-31330
Name of the Vulnerable Software and Affected Versions mirror-registry affected versions not specified Description An issue exists in mirror-registry where authenticated users can exploit the log export feature by providing a specially crafted web address URL. This allows the application's backend...