7293 matches found
PT-2026-3269
Name of the Vulnerable Software and Affected Versions Kafka Connect BigQuery Connector versions prior to 2.11.0 Description The Kafka Connect BigQuery Connector, a sink connector from Apache Kafka to Google BigQuery, contains a flaw that could allow arbitrary file reads. This occurs because the...
CVE-2025-67647
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.49.5, SvelteKit is vulnerable to a server side request forgery SSRF and denial of service DoS under certain conditions. From 2.44.0 through 2.49.4, the vulnerability results in a DoS when...
EUVD-2026-2791
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.49.5, SvelteKit is vulnerable to a server side request forgery SSRF and denial of service DoS under certain conditions. From 2.44.0 through 2.49.4, the vulnerability results in a DoS when...
CVE-2025-67647 SvelteKit Denial of service and possible SSRF when using prerendering
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.49.5, SvelteKit is vulnerable to a server side request forgery SSRF and denial of service DoS under certain conditions. From 2.44.0 through 2.49.4, the vulnerability results in a DoS when...
Umbraco CMS contains a server-side request forgery vulnerability
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...
GHSA-H66J-XM43-47PP Umbraco CMS contains a server-side request forgery vulnerability
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...
Server-side Request Forgery (SSRF)
Overview @sveltejs/adapter-node is an Adapter for SvelteKit apps that generates a standalone Node server Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper decoding of protocol headers in resolved path. An attacker can cause the server process...
CVE-2021-47776
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...
CVE-2021-47776 Umbraco v8.14.1 - 'baseUrl' SSRF
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...
EUVD-2026-2753
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...
CVE-2021-47776
Umbraco CMS v8.14.1 is affected by a server-side request forgery due to improper validation of the baseUrl parameter in dashboard and help endpoints. The vulnerability enables an attacker to force the server to perform unauthorized requests to external hosts via the GetContextHelpForPage, GetRemo...
CVE-2021-47776
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...
CVE-2026-22638
A cross-site scripting (XSS) vulnerability exists in Grafana caused by a combination of client path traversal and open redirect. This can redirect users to a site hosting a frontend plugin that executes arbitrary JavaScript, without requiring editor permissions; anonymous access may enable exploi...
SvelteKit code issues and vulnerabilities
SvelteKit is an open-source web development framework developed in Svelte. Versions of SvelteKit prior to 2.49.5 had code-related vulnerabilities. These vulnerabilities stemmed from defects under certain conditions and could lead to server-side request forgery and denial-of-service attacks...
PT-2026-3051
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...
Umbraco CMS code-related vulnerabilities
Umbraco CMS is a content management system developed by the Danish company Umbraco. Version 8.14.1 of Umbraco CMS has a code vulnerability that stems from improper handling of the baseUrl parameter, which may lead to server-side request forgeing...
Kibana 8.x < 8.19.10 / 9.1.x < 9.1.10 / 9.2.x < 9.2.4 (ESA_2026_05)
The version of Kibana installed on the remote host is prior to 8.19.10, 9.1.10, or 9.2.4. It is, therefore, affected by a vulnerability as referenced in the ESA202605 advisory. - An external control of file name or path combined with a server-side request forgery SSRF vulnerability exists in the...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy repository configuration. An attacker can access internal network resources and cloud metadata endpoints by configuring proxy repositories with malicious URLs. This is only exploitable if t...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy repository configuration. An attacker can access internal network resources and cloud metadata endpoints by configuring proxy repositories with malicious URLs. This is only exploitable if t...
CVE-2026-0600 Nexus Repository 3 - Server-Side Request Forgery in Proxy Repository Configuration
Server-Side Request Forgery SSRF vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network...