CVE-2026-2532 lintsinghua DeepAudit IP Address embedding_config.py server-side request forgery

A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embeddingconfig.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initia...

CVE-2026-2532 lintsinghua DeepAudit IP Address embedding_config.py server-side request forgery

A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embeddingconfig.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initia...

CVE-2026-2532

A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embeddingconfig.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initia...

CVE-2026-2531

CVE-2026-2531 affects MindsDB up to version 25.14.1, targeting the clear_filename function in mindsdb/utilities/security.py (File Upload). The vulnerability enables server-side request forgery (SSRF) from remote attackers. Public disclosure and exploits exist. The patch referenced is 74d6f0fd4b63...

CVE-2026-2531 MindsDB File Upload security.py clear_filename server-side request forgery

A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clearfilename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The...

DeepAudit 代码问题漏洞

DeepAudit is an automated vulnerability auditing tool developed by lintsinghua’s individual developers. Versions of DeepAudit 3.0.3 and earlier contained code-related vulnerabilities. These vulnerabilities stemmed from incorrect operations with the component IP Address Handler’s file...

cskefu 安全漏洞

cskefu Chunsong Customer Service is an open-source, free intelligent customer service system developed by Chatopera in China. Versions of cskefu 8.0.1 and earlier contain security vulnerabilities. These vulnerabilities stem from improper handling of the url parameter by the Endpoint component in...

MindsDB 安全漏洞

MindsDB is a joint query engine designed by MindsDB Corporation, specifically for AI agents and large language models. It can handle questions related to PB-level enterprise data. MindsDB versions 25.14.1 and earlier contained a security vulnerability. This vulnerability stemmed from incorrect...

PT-2026-8343

A security vulnerability has been detected in cskefu up to 8.0.1. This issue affects some unknown processing of the file com/cskefu/cc/controller/resource/MediaController.java of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack may be...

PT-2026-8348

A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/net handler.go. This manipulation of the argument url causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be use...

GeekAI 代码问题漏洞

GeekAI is a large language model assistant developed by GeekMaser’s individual developers. Versions of GeekAI 4.2.4 and earlier contained code vulnerabilities. These vulnerabilities stemmed from improper handling of the url parameter in the Download function within the...

CVE-2026-1249

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the 'loadlyricsajaxcallback' function. This makes it possible for authenticated attackers, with author level access and above, to mak...

CVE-2026-0745

The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.10 due to missing URL validation on the 'downloadlanguage' function. This makes it possible for authenticated attackers, with Administrator-level access and above, ...

CVE-2026-1249

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the 'loadlyricsajaxcallback' function. This makes it possible for authenticated attackers, with author level access and above, to mak...

CVE-2026-1249

The CVE-2026-1249 entry concerns the WordPress plugin MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar. Affected versions 5.3–5.10 are vulnerable to Server-Side Request Forgery via load_lyrics_ajax_callback. Exploitation requires at least author-level authentication, enabling an ...

CVE-2026-0745 User Language Switch <= 1.6.10 - Authenticated (Administrator+) Server-Side Request Forgery via 'info_language' Parameter

The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.10 due to missing URL validation on the 'downloadlanguage' function. This makes it possible for authenticated attackers, with Administrator-level access and above, ...

CVE-2026-0745 User Language Switch <= 1.6.10 - Authenticated (Administrator+) Server-Side Request Forgery via 'info_language' Parameter

The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.10 due to missing URL validation on the 'downloadlanguage' function. This makes it possible for authenticated attackers, with Administrator-level access and above, ...

CVE-2026-26005

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 45, in Clip Bucket V5, The Remote Play allows creating video entries that reference external video URLs without uploading the video files to the server. However, by specifying an internal network host in the video URL, an SS...

PT-2026-8067

The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.10 due to missing URL validation on the 'download language' function. This makes it possible for authenticated attackers, with Administrator-level access and above,...

PT-2026-8097

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the 'load lyrics ajax callback' function. This makes it possible for authenticated attackers, with author level access and above, to...