GeoServer Demo Request Endpoint - Server Side Request Forgery

It is possible to achieve Server Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. An unauthenticated user can supply a request that will be issued by the server, allowing enumeration of internal networks and, in the case of cloud instances, access to...

CVE-2026-12321 vulnerabilities

Vulnerabilities for packages: firefox...

CVE-2026-46785

creationtimestamp| type| source ---|---|--- 2026-06-17 05:31:59+00:00| seen| https://www.acn.gov.it/portale/w/critical-patch-update-di-oracle-8 2026-06-18 12:37:13+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3moktrm6nvw2z...

CVE-2026-35319

...

CVE-2026-11676 vulnerabilities

Vulnerabilities for packages: chromium...

PT-2026-48873

Here's the writeup for CVE-2026-53943, a cache poisoning - XSS vuln I found in Ghost CMS 👻 https://t.co/B2FW5SGdsA...

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 1, 2026 to June 7, 2026)

Last week, there were 159 vulnerabilities disclosed in 142 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 96 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

CVE-2026-2049

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

CVE-2026-9716

creationtimestamp| type| source ---|---|--- 2026-06-10 01:56:40+00:00| seen| https://www.acn.gov.it/portale/w/vulnerabilita-in-prodotti-schneider-electric-12...

CVE-2026-9650

creationtimestamp| type| source ---|---|--- 2026-06-10 01:56:40+00:00| seen| https://www.acn.gov.it/portale/w/vulnerabilita-in-prodotti-schneider-electric-12...

CVE-2026-11283

A policy bypass flaw was found in the Shortcuts component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502069297...

CVE-2026-11184

An insufficient policy enforcement flaw was found in the Actor component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502777516...

WordPress plugin EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Some...

GHSA-88C6-WRWV-4CJQ vulnerabilities

Vulnerabilities for packages: chromium...

CVE-2026-37336

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/viewmusic.php...

GHSA-32VR-5HXF-X93F vulnerabilities

Vulnerabilities for packages: openjdk-11-openj9, openjdk-17-openj9, openjdk-26-openj9, openjdk-8-openj9, openjdk-21-openj9, openjdk-25-openj9...

CVE-2026-11334 tittuvarghese CollegeManagementSystem fetch.php sql injection

A vulnerability was detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This affects an unknown function of the file dashboardpage/forms/fetch.php. Performing a manipulation of the argument departmentcode results in...

CVE-2026-10176

A weakness has been identified in Aider-AI Aider 0.86.3. Affected by this issue is some unknown functionality of the component Code Generation Workflow. Executing a manipulation can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and...

CVE-2026-28581

creationtimestamp| type| source ---|---|--- 2026-06-01 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/android-multiple-vulnerabilities20260602 2026-06-02 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/samsung-products-multiple-vulnerabilities20260603...

student_management_system_by_php SQL注入漏洞

studentmanagementsystembyphp is a student information management tool developed by Raisul Islam, based on PHP. studentmanagementsystembyphp has a SQL injection vulnerability. This vulnerability arises from incorrect operations with parameters such as userid, courseid, teacherid, and studentid in...