EUVD-2026-30948

scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery SSRF in the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers to force the backend server to send HTTP requests to attacker-controlled URLs, leading to...

EUVD-2026-30944

scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file...

CVE-2026-37281

An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter...

PT-2026-42041

Name of the Vulnerable Software and Affected Versions SillyTavern versions prior to 1.18.0 Description SillyTavern is a locally installed user interface for interacting with large language models, image generation engines, and text-to-speech models. The application contains a Server-Side Request...

CVE-2026-30117

The CVE-2026-30117 entry affects scalar/astro v0.1.13, exposing an arbitrary file-upload vulnerability in the Scalar Proxy endpoint via the scalar_url parameter. This leads to remote code execution by uploading a crafted SVG file, as described across multiple sources. The CVSSv3.1 score is 9.8 (C...

CVE-2026-37281

An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter...

CVE-2025-65954 SimpleSAMLphp-casserver has an Open Redirect vulnerability via logout

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the...

Insertion of Sensitive Information Into Sent Data

Overview n8n-mcp is an Integration between n8n workflow automation and Model Context Protocol MCP Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the telemetry sanitization process in event-validator.ts. An operator with access to the...

CVE-2018-25329

WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attackers can send GET requests to wp.spritz.content.filter.php with malicious url values to access...

CVE-2018-25329

WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attackers can send GET requests to wp.spritz.content.filter.php with malicious url values to access...

CVE-2020-37235 WordPress Theme Wibar 1.1.8 Stored Cross-Site Scripting via Brand Component

WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject...

CVE-2020-37235

CVE-2020-37235 concerns WordPress Theme Wibar 1.1.8, where a stored XSS flaw exists in the Brand component. The vulnerability allows authenticated users with editor/administrator/contributor/author roles to inject base64-encoded script payloads via the ftc_brand_url input field, resulting in arbi...

Server-Side Request Forgery

Arcane is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the /api/templates/fetch endpoint accepting a user-controlled url parameter and performing server-side HTTP requests without authentication or validation of the URL scheme and destination host, allowing...

GHSA-CVRM-5HP6-H523 SimpleSAMLphp casserver: Open Redirect in logout

Summary The logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the browser there, or shows a "you've been logged out" page with a link to continue to that url. There are a number of other things broke...

SimpleSAMLphp casserver: Open Redirect in logout

Summary The logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the browser there, or shows a "you've been logged out" page with a link to continue to that url. There are a number of other things broke...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the logout process. An attacker can redirect users to arbitrary external websites by supplying a crafted url parameter. This is only exploitable if the configuration option enablelogout is set to true, and is most...

PT-2026-41385

Name of the Vulnerable Software and Affected Versions SimpleSAMLphp-casserver versions prior to 6.3.1 SimpleSAMLphp-casserver versions prior to 7.0.0 Description The logout endpoint accepts a url query parameter for redirection. The server treats this URL as trusted and, depending on the...

CVE-2026-6514

The CVE concerns InfusedWoo Pro for WordPress (all versions up to 5.1.2) with an Arbitrary File Read vulnerability exploitable via the popup_submit parameter. The root cause enables unauthenticated attackers to issue web requests to arbitrary locations from the application, potentially enabling a...

CVE-2026-6514 InfusedWoo Pro <= 5.1.2 - Unauthenticated Arbitrary File Read via 'url' Parameter

The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popupsubmit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...

PT-2026-41143

Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions 2.33.0 through 2.33.7 Portainer Community Edition versions 2.39.0 through 2.39.1 Portainer Community Edition versions prior to 2.41.0 Description The authentication middleware accepts JSON Web Tokens JWT...