7111 matches found
CVE-2026-36757
A Server-Side Request Forgery SSRF in the /plugins/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
CVE-2026-36756
A Server-Side Request Forgery SSRF in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
CVE-2026-36759
A Server-Side Request Forgery SSRF in the /themes/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
CVE-2026-41914
OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download paths that bypass SSRF protection. Attackers can exploit unprotected media fetch endpoints to access internal resources and bypass allowlist policies...
CVE-2024-13971 Arbitrary File Read and Server Side Request Forgery via XML External Entities in Lobster_pro
Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...
CVE-2024-13971 Arbitrary File Read and Server Side Request Forgery via XML External Entities in Lobster_pro
Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...
CVE-2024-39847 Arbitrary File Read and Server Side Request Forgery via XML External Entities in 4D Server SOAP
Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...
SpringBlade 代码问题漏洞
SpringBlade is a microservices development platform developed by Blade China. Version 4.8.0 of SpringBlade contains a code vulnerability. This vulnerability stems from a server-side request forgeing issue in the /ureport/datasource/testConnection endpoint. It may allow authenticated attackers to...
CVE-2026-36758
A Server-Side Request Forgery SSRF in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
Halo 代码问题漏洞
Halo is a powerful and easy-to-use open-source website building tool developed by Halo. Version 2.22.14 of Halo has a code vulnerability. This vulnerability stems from server-side request forgery at the /plugins/-/install-from-uri endpoint, which may allow authenticated attackers to scan internal...
EUVD-2026-26391
A Server-Side Request Forgery SSRF in the /plugins/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
Halo 代码问题漏洞
Halo is a powerful and easy-to-use open-source website building tool developed by Halo. Version 2.22.14 of Halo has a code vulnerability. This vulnerability stems from the /themes/-/install-from-uri endpoints, where server-side request forgery exists. This could allow authenticated attackers to...
PT-2026-36129
A Server-Side Request Forgery SSRF in the /plugins/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
CVE-2026-36757
CVE-2026-36757 describes a Server-Side Request Forgery (SSRF) in halo v2.22.14. The vulnerability is triggered via the /plugins/{name}/upgrade-from-uri endpoint and can allow authenticated attackers to scan internal resources through a crafted GET request. Public sources in NVD/NVD-derived feeds ...
CVE-2026-36758
CVE-2026-36758 describes a Server-Side Request Forgery (SSRF) in halo v2.22.14 affecting the /themes/-/install-from-uri endpoint. Authenticated attackers can trigger the vulnerability with a crafted GET request to scan internal resources. The issue is documented across multiple sources (NVD, CVE ...
CVE-2026-36757
A Server-Side Request Forgery SSRF in the /plugins/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
PT-2026-36132
A Server-Side Request Forgery SSRF in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request...
CVE-2026-36757
A Server-Side Request Forgery SSRF in the /plugins/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
CVE-2026-36764
A Server-Side Request Forgery SSRF in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request...
EUVD-2026-26384
A Server-Side Request Forgery SSRF in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...