CVE-2026-0600 Nexus Repository 3 - Server-Side Request Forgery in Proxy Repository Configuration

Server-Side Request Forgery SSRF vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network...

CVE-2026-0600

Server-Side Request Forgery SSRF vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network...

EUVD-2026-2838

Server-Side Request Forgery SSRF vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network...

CVE-2026-0532

External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticate...

CVE-2026-0532 External Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Gemini Connector

External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticate...

CVE-2026-0532

CVE-2026-0532 affects Kibana’s Google Gemini Connector. External control of a file name or path (CWE-73) combined with SSRF (CWE-918) enables an authenticated attacker with privileges to create/modify connectors to trigger arbitrary file reads and arbitrary network requests through a crafted cred...

CVE-2026-0532 External Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Gemini Connector

External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticate...

CVE-2025-14613

The WordPress GetContentFromURL plugin is affected in all versions up to 1.0. The root cause is using wp_remote_get() instead of wp_safe_remote_get() to fetch content from a user-supplied URL in the [gcfu] shortcode; this enables authenticated attackers with Contributor-level access and above to ...

WordPress plugin GetContentFromURL 代码问题漏洞

The WordPress GetContentFromURL plugin is a tool that allows users to grab content from other websites and display it on WordPress sites with a simple short code. The WordPress GetContentFromURL plugin suffers from a server-side request forgery vulnerability that stems from the use of the...

Elastic Kibana 安全漏洞

Elastic Kibana is an available data visualization dashboard software from Elastic. A security vulnerability exists in Elastic Kibana that stems from a failure to adequately validate user-supplied credentials JSON loads when processing configurations for the Google Gemini connector, which could le...

Sonatype Nexus Repository 安全漏洞

Sonatype Nexus Repository is a repository manager from Sonatype, Inc. that is used for managing, storing, and distributing software, among other things. A security vulnerability exists in Sonatype Nexus Repository 3 3.0.0 and later versions, which stems from improper validation of proxy repositor...

PT-2026-2966

Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository versions 3.0.0 and later Description A Server-Side Request Forgery SSRF issue exists in Sonatype Nexus Repository. Authenticated administrators can configure proxy repositories with URLs that may access unintended...

CVE-2025-13393

The Featured Image from URL FIFU plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This is due to insufficient validation of user-supplied URLs before passing them to the getimagesize function in the Elementor widget integration. This...

Kibana 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-05)

External Control of File Name or Path and Server-Side Request Forgery SSRF in Kibana Google Gemini Connector ESA-2026-05 External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allow an attacker to cause arbitrary file disclosure through a specially...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the metaRegex function. An attacker can access internal network resources by crafting a malicious issuer URL that bypasses validation and causes the system to send HTTP GET requests to arbitrary...

EUVD-2026-2001

Fulcio is vulnerable to Server-Side Request Forgery SSRF via MetaIssuer Regex Bypass...

CVE-2026-20958

Server-side request forgery ssrf in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network...

CVE-2025-67685

A Server-Side Request Forgery SSRF vulnerability CWE-918 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versions, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to proxy internal requests limited to plaintext...

Microsoft SharePoint Information Disclosure Vulnerability

Server-side request forgery ssrf in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network...

BIT-MASTODON-2026-22245 Mastodon has SSRF Protection bypass

Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP addresses unless specified in ALLOWEDPRIVATEADDRESSES to...