7309 matches found
WordPress MP3 Audio Player 5.3-5.10 - Authenticated (Author+) Server-Side Request Forgery vulnerability
Authenticated Author+ Server-Side Request Forgery vulnerability discovered by kr0d in WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar versions 5.3-5.10...
Server-Side Request Forgery (SSRF)
Pydantic AI is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of URLs in the download functionality when processing untrusted message history, which allows an attacker to supply malicious URLs that force the server to make unauthorized requests to...
CVE-2026-1356
The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.5.1 via the PassthruLoader::loadimagesource function. This makes it possible for unauthenticated attackers to make web requests...
CVE-2025-68493 impact on Bamboo
h3. Issue Summary Impact of CVE-2025-68493 in Bamboo https://cwiki.apache.org/confluence/display/WW/S2-069 Parsing of XML configuration in XWork component does not validate XML in proper way and it's vulnerable to XML external entity XXE injection. h3. Steps to Reproduce ||Impact of...
CVE-2025-12073
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing...
CVE-2026-1356 Converter for Media – Optimize images | Convert WebP & AVIF <= 6.5.1 - Unauthenticated Server-Side Request Forgery via src
The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.5.1 via the PassthruLoader::loadimagesource function. This makes it possible for unauthenticated attackers to make web requests...
CVE-2026-1356 Converter for Media – Optimize images | Convert WebP & AVIF <= 6.5.1 - Unauthenticated Server-Side Request Forgery via src
The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.5.1 via the PassthruLoader::loadimagesource function. This makes it possible for unauthenticated attackers to make web requests...
PT-2026-7833
The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.5.1 via the PassthruLoader::load image source function. This makes it possible for unauthenticated attackers to make web reques...
Linux Distros Unpatched Vulnerability : CVE-2025-12073
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain...
GitLab 18.0 < 18.6.6 / 18.7 < 18.7.4 / 18.8 < 18.8.4 (CVE-2025-12073)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an...
Server-side Request Forgery (SSRF)
Overview @langchain/core is a Core LangChain.js abstractions and schemas Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the RecursiveUrlLoader class. An attacker can access internal or sensitive resources by influencing crawled page content to include lin...
CVE-2026-26013
A flaw was found in LangChain. The ChatOpenAI.getnumtokensfrommessages method fetches arbitrary imageurl values without validation when computing token counts for vision-enabled models. This issue allows an attacker to cause Server-Side Request Forgery SSRF by providing malicious image URLs in us...
LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages
Server-Side Request Forgery SSRF in ChatOpenAI Image Token Counting Summary The ChatOpenAI.getnumtokensfrommessages method fetches arbitrary imageurl values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Request Forgery SSRF...
GHSA-2G6R-C272-W58R LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages
Server-Side Request Forgery SSRF in ChatOpenAI Image Token Counting Summary The ChatOpenAI.getnumtokensfrommessages method fetches arbitrary imageurl values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Request Forgery SSRF...
CVE-2025-12073
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing...
UBUNTU-CVE-2025-12073
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing...
Vulnerabilities fixed in GitLab CE/EE
GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions prior to 18.6.6, 18.7.4, and 18.8.4. The vulnerabilities include server-side request forgery, unauthorized access to internal network services, injection of malicious content, unauthorized actions via the GLQL API,...
CVE-2025-12073
Removed by vendor...
CVE-2025-12073
GitLab CVE-2025-12073 affects CE/EE versions 18.0–18.6.5, 18.7–18.7.3, and 18.8–18.8.3, where an authenticated user could perform SSRF against internal services by bypassing protections in the repository import functionality. The issue has been remediated in patch releases, notably the 18.6.6, 18...
CVE-2025-12073
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing...