CVE-2026-44883

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed...

CVE-2026-44883

Summary: Portainer Community Edition versions 2.33.0–2.33.7.x, 2.39.0–2.39.1.x, and 2.40.x prior to 2.41.0 expose JWTs via the ?token= URL query parameter on any authenticated API endpoint, in addition to the Authorization header. Root cause: The authentication middleware accepted the token from ...

EUVD-2026-32175

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

CVE-2026-3349

The CVE describes a vulnerability in the MinhNhut Link Gateway plugin for WordPress: a Reflected Cross-Site Scripting issue exploitable via the url parameter on the redirect page, affecting all versions up to and including 3.6.1. The root cause is insufficient input sanitization and output escapi...

CVE-2018-25329 WordPress Plugin WP with Spritz 1.0 Remote File Inclusion

WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attackers can send GET requests to wp.spritz.content.filter.php with malicious url values to access...

CVE-2026-7330

The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.8.8 This is due to insufficient input sanitization on the 'url' POST parameter in the aalurlstatssaveaction function and a complete absence of output escaping in...

PT-2026-36886

Name of the Vulnerable Software and Affected Versions PlantUML Macro versions prior to 2.4.1 Description PlantUML Macro, used for rendering UML diagrams from textual schemes, contains a Server-Side Request Forgery SSRF flaw. The application fails to validate the URL provided through the server...

EUVD-2026-26198

This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API request URL to gain unauthorized access to sensitive information of patients on the targeted system...

Server-side Request Forgery (SSRF)

Overview mcp-url-downloader is a MCP server that enables AI assistants to download files from URLs to the local filesystem Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the validateurlsafe function. An attacker can access internal resources or services b...

BuildingAI 代码问题漏洞

BuildingAI is an enterprise-level open-source intelligence platform for individual developers, enabling the visualization configuration of AI applications. Versions of BuildingAI prior to 26.0.1 have code vulnerabilities; these vulnerabilities stem from the handling of the url parameter in the...

PT-2026-31928

Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform SB2 v.2.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the URL parameter...

CVE-2026-31262

CVE-2026-31262 is a Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) version 2.0. The entry states that a remote attacker can obtain sensitive information and execute arbitrary code via a URL parameter. Connected documents consistently describe the issue as XSS in ...

CVE-2026-40077 Beszel has an IDOR in hub API endpoints that read system ID from URL parameter

Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...

CVE-2026-39344

ChurchCRM prior to 7.1.0 is affected by a reflected XSS on the login page via the username parameter from the URL. The vulnerability arises from lack of sanitization/encoding, allowing injected scripts to execute in the user’s browser and potentially steal data such as cookies or alter the login ...

CVE-2026-3478 Content Syndication Toolkit <= 1.3 - Unauthenticated Server-Side Request Forgery via 'url' Parameter

The Content Syndication Toolkit plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3 via the reduxp AJAX action in the bundled ReduxFramework library. The plugin registers a proxy endpoint wpajaxnoprivreduxp that is accessible to...

CVE-2026-0489

Due to insufficient validation of user-controlled input in the URLs query parameter. SAP Business One Job Service could allow an unauthenticated attacker to inject specially crafted input which upon user interaction could result in a DOM-based Cross-Site Scripting XSS vulnerability. This issue ha...

CVE-2026-30828 Wallos: SSRF via url parameter leading to File Traversal

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, the url parameter can be used to retrieve local system files. This issue has been patched in version 4.6.2...

CVE-2026-30828

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, the url parameter can be used to retrieve local system files. This issue has been patched in version 4.6.2...

WordPress SEO Plugin by Squirrly SEO plugin <= 12.3.19 - Authenticated (Contributor+) SQL Injection via url Parameter vulnerability

Authenticated Contributor+ SQL Injection via url Parameter vulnerability discovered by bart in WordPress Plugin SEO Plugin by Squirrly SEO versions = 12.3.19...

CVE-2025-11687 Gi-docgen: reflected dom xss in gi-docgen

A flaw was found in the gi-docgen. This vulnerability allows arbitrary JavaScript execution in the context of the page — enabling DOM access, session cookie theft and other client-side attacks — via a crafted URL that supplies a malicious value to the q GET parameter reflected DOM XSS...