UBUNTU-CVE-2026-21885

Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs...

CVE-2026-21885

Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs...

CVE-2026-21885 Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources

Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs...

Miniflux 安全漏洞

Miniflux is a minimalist synopsis reader open-sourced by Miniflux. A security vulnerability exists in Miniflux 2 versions prior to 2.2.16, which stems from a media proxy endpoint that can be abused, potentially leading to server-side request forgery...

PT-2026-2121

Name of the Vulnerable Software and Affected Versions Miniflux versions prior to 2.2.16 Description Miniflux is an open source feed reader. Prior to version 2.2.16, the media proxy endpoint, GET /proxy/encodedDigest/encodedURL, can be exploited to perform Server-Side Request Forgery SSRF. An...

EUVD-2006-4507

Malware in sbrugna...

EUVD-2025-6621

Malicious code in bioql PyPI...

EUVD-2025-6622

Malicious code in bioql PyPI...

CVE-2025-58228

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShapedPlugin LLC Quick View for WooCommerce woo-quickview allows Stored XSS.This issue affects Quick View for WooCommerce: from n/a through = 2.2.16...

WordPress Quick View for WooCommerce Plugin <= 2.2.16 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Prissy in WordPress Plugin Quick View for WooCommerce versions = 2.2.16...

WordPress plugin Quick View for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-38457

Xenforo before 2.2.16 allows CSRF...

CVE-2025-1670

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

CVE-2025-1670

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

CVE-2025-1670 School Management System – WPSchoolPress <= 2.2.16 - Authenticated (Parent+) SQL Injection

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

WordPress WPSchoolPress plugin <= 2.2.16 - Missing Authorization to Privilege Escalation via Account Takeover vulnerability

Missing Authorization to Privilege Escalation via Account Takeover vulnerability discovered by wesley wcraft in WordPress Plugin WPSchoolPress versions = 2.2.16...

CVE-2024-38458

Xenforo before 2.2.16 allows code injection...

Jenkins Plugin requests-plugin授权问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins Plugin requests-plugin version...

Incorrect Authorization in Jenkins requests-plugin

An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. requests-plugin Plugin 2.2.17 requires Overall/Administer permission to view the list of pending requests. This is basically the...

PT-2022-22333 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins requests-plugin Plugin versions 2.2.16 and earlier Description: An incorrect permission check in the Jenkins requests-plugin Plugin allows attackers with Overall/Read permission to view the list of pending requests. This issue is...