CVE-2026-25385

Summary (CVE-2026-25385): A Server-Side Request Forgery (SSRF) vulnerability exists in the WordPress plugin URL Shortify (KaizenCoders) for versions from the initial release up to and including 1.12.3. Public sources in the Connected documents corroborate the SSRF issue and indicate the vulnerabi...

CVE-2026-25310

Server-Side Request Forgery SSRF vulnerability in Alobaidi Extend Link extend-link allows Server Side Request Forgery.This issue affects Extend Link: from n/a through = 2.0.0...

CVE-2026-2711

A vulnerability has been found in zhutoutoutousan worldquant-miner up to 1.0.9. The impacted element is an unknown function of the file worldquant-miner-master/agent-dify-api/core/helper/ssrfproxy.py of the component URL Handler. The manipulation of the argument makerequest leads to server-side...

CVE-2025-12375

The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.11 via the advanced size chart REST API endpoint. This is due to insufficient validation of user-supplied URLs before passing them to the downloadur...

CVE-2026-2711

CVE-2026-2711 affects zhutoutoutousan/worldquant-miner

CVE-2026-2711 zhutoutoutousan worldquant-miner URL ssrf_proxy.py server-side request forgery

A vulnerability has been found in zhutoutoutousan worldquant-miner up to 1.0.9. The impacted element is an unknown function of the file worldquant-miner-master/agent-dify-api/core/helper/ssrfproxy.py of the component URL Handler. The manipulation of the argument makerequest leads to server-side...

CVE-2026-2711 zhutoutoutousan worldquant-miner URL ssrf_proxy.py server-side request forgery

A vulnerability has been found in zhutoutoutousan worldquant-miner up to 1.0.9. The impacted element is an unknown function of the file worldquant-miner-master/agent-dify-api/core/helper/ssrfproxy.py of the component URL Handler. The manipulation of the argument makerequest leads to server-side...

CVE-2025-12375

CVE-2025-12375 refers to a Server-Side Request Forgery in the Printful Integration for WooCommerce plugin for WordPress. The vulnerability exists in all versions up to and including 2.2.11 and is triggered via the advanced size chart REST API endpoint, due to insufficient validation of user-suppl...

CVE-2025-12375 Printful Integration for WooCommerce <= 2.2.11 - Authenticated (Contributor+) Server-Side Request Forgery

The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.11 via the advanced size chart REST API endpoint. This is due to insufficient validation of user-supplied URLs before passing them to the downloadur...

CVE-2025-12375 Printful Integration for WooCommerce <= 2.2.11 - Authenticated (Contributor+) Server-Side Request Forgery

The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.11 via the advanced size chart REST API endpoint. This is due to insufficient validation of user-supplied URLs before passing them to the downloadur...

CVE-2026-22048

StorageGRID formerly StorageGRID Webscale versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID formerly Azure AD as an IdP are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an authenticated...

SoftVision webPDF 安全漏洞

SoftVision webPDF is a PDF service platform provided by the German company SoftVision. Versions of SoftVision webPDF prior to 10.0.2 contained security vulnerabilities. These vulnerabilities stemmed from the PDF converter’s failure to check for resource requests in uploaded files, which could lea...

WordPress plugin Smart Auto Upload Images 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-20745

Server-Side Request Forgery SSRF vulnerability in totalsoft TS Poll poll-wp allows Server Side Request Forgery.This issue affects TS Poll: from n/a through = 2.5.5...

PT-2026-20836

Name of the Vulnerable Software and Affected Versions SoftVision webPDF versions prior to 10.0.2 Description The software contains a Server-Side Request Forgery SSRF issue. The PDF converter function does not validate requested resources in uploaded files, permitting protocols like http:// and...

WordPress plugin Printful Integration for WooCommerce 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-20581

Name of the Vulnerable Software and Affected Versions Printful Integration for WooCommerce versions up to and including 2.2.11 Description The Printful Integration for WooCommerce plugin for WordPress is susceptible to Server-Side Request Forgery via the advanced size chart REST API endpoint...

Indico 代码问题漏洞

Indico is an open-source event management system with rich functionality. Versions of Indico prior to 3.3.10 had code-related vulnerabilities. These vulnerabilities stemmed from improper handling of URLs provided by users, which could lead to server-side request forgery attacks...

WorldQuant Alpha Generator 代码问题漏洞

WorldQuant Alpha Generator is a mining software developed by zhutoutoutousan. Versions of WorldQuant Alpha Generator 1.0.9 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect operations with the parameter makerequest in the file...

SillyTavern 代码问题漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.16.0 had code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing in the asset download endpoint, which could allow authenticated users to make...