WordPress plugin Responsive Lightbox & Gallery 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-21890

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.1. This is due to the use of strpos for substring-based hostname validation instead of strict host comparison in the ajax upload image function. This makes...

Plane 代码问题漏洞

Plane is an open-source, self-hosted project planning tool developed by Plane OpenSource. Versions of Plane prior to 1.2.2 contained code vulnerabilities. These vulnerabilities stemmed from a flaw in the link addition function, which allowed for a full read server-side request forgeing...

Sz-Admin 代码问题漏洞

Sz-Admin is a mid-backend management software developed by INS6+ individual developers. Versions of Sz-Admin such as 1.3.2-beta and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect handling of parameters in the files/download file and API, particularly the url...

esm.sh 代码问题漏洞

esm.sh is an open-source content distribution network developed by esm.sh. Version 136 of esm.sh has a code vulnerability that stems from a complete server-side request forgery attack, which may lead to the retrieval of information from internal websites...

PT-2026-21936

Name of the Vulnerable Software and Affected Versions esm.sh versions up to and including 137 Description esm.sh is a content delivery network CDN for web development. A server-side request forgery SSRF issue CWE-918 exists in the /https fetch route. The service attempts to prevent requests to...

PT-2026-22057

Name of the Vulnerable Software and Affected Versions Mailpit versions prior to 1.29.2 Description Mailpit is an email testing tool and API for developers. A Server-Side Request Forgery SSRF issue exists in the Link Check API. This allows unauthenticated remote attackers to map internal networks...

PT-2026-21933

Name of the Vulnerable Software and Affected Versions esm.sh versions prior to 137 Description esm.sh is susceptible to a full-response Server-Side Request Forgery SSRF issue. This allows an attacker to retrieve information from internal websites. The issue resides in the routing logic,...

WordPress Responsive Lightbox & Gallery plugin <= 2.7.1 - Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload vulnerability

Authenticated Author+ Server-Side Request Forgery via Remote Library Image Upload vulnerability discovered by lucsob in WordPress Plugin Responsive Lightbox versions = 2.7.1...

CVE-2026-3026

A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack can be initiated...

Payload: Server-Side Request Forgery (SSRF) in External File URL Uploads

Impact A Server-Side Request Forgery SSRF vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an authenticated attacker to access internal network resources. Users are affected ...

Craft CMS: Cloud Metadata SSRF Protection Bypass via IPv6 Resolution

The SSRF validation in Craft CMS’s GraphQL Asset mutation uses gethostbyname, which only resolves IPv4 addresses. When a hostname has only AAAA IPv6 records, the function returns the hostname string itself, causing the blocklist comparison to always fail and completely bypassing SSRF protection...

CVE-2026-27732

WWBN AVideo is an open source video platform. Prior to version 22.0, the aVideoEncoder.json.php API endpoint accepts a downloadURL parameter and fetches the referenced resource server-side without proper validation or an allow-list. This allows authenticated users to trigger server-side requests ...

CVE-2026-27732

WWBN AVideo contains an SSRF vulnerability in the aVideoEncoder.json.php endpoint prior to version 22.0. The endpoint accepts a downloadURL parameter and fetches the referenced resource server-side without proper validation or an allow-list, enabling authenticated users to trigger requests to arb...

CVE-2026-27732 AVideo has Authenticated Server-Side Request Forgery via downloadURL in aVideoEncoder.json.php

WWBN AVideo is an open source video platform. Prior to version 22.0, the aVideoEncoder.json.php API endpoint accepts a downloadURL parameter and fetches the referenced resource server-side without proper validation or an allow-list. This allows authenticated users to trigger server-side requests ...

CVE-2026-27567

Payload CMS (free, open source headless) prior to v3.75.0 contains an SSRF in external file URL uploads. When processing external URLs, insufficient validation of HTTP redirects can allow an authenticated user with upload permissions (needs a collection with upload enabled and create access) to c...

CVE-2026-27567 Payload has Server-Side Request Forgery (SSRF) in External File URL Uploads

Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery SSRF vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an...

Server-side Request Forgery (SSRF)

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the gethostbyname function used during GraphQL Asset mutation processing. An attacker can access internal cloud metadata endpoints by supplying hostnames...

CVE-2026-3052

A vulnerability was found in DataLinkDC dinky up to 1.2.5. The impacted element is the function proxyUba of the file dinky-admin/src/main/java/org/dinky/controller/FlinkProxyController.java of the component Flink Proxy Controller. Performing a manipulation results in server-side request forgery. ...

CVE-2026-3052

A vulnerability was found in DataLinkDC dinky up to 1.2.5. The impacted element is the function proxyUba of the file dinky-admin/src/main/java/org/dinky/controller/FlinkProxyController.java of the component Flink Proxy Controller. Performing a manipulation results in server-side request forgery. ...