Lucene search
+L

2516 matches found

CVE
CVE
added 2026/05/06 4:24 p.m.30 views

CVE-2026-23870

CVE-2026-23870 is a denial-of-service vulnerability in react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack. It affects versions 19.0.0–19.0.5, 19.1.0–19.1.6, and 19.2.0–19.2.5. Triggered by specially crafted HTTP requests to server function endpoints, it can cause se...

7.5CVSS5.8AI score0.01533EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 4:15 p.m.9 views

CVE-2026-20035

A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by...

7.2CVSS6AI score0.00304EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/06 4:15 p.m.32 views

CVE-2026-20035 Cisco Unity Connection Server-Side Request Forgery Vulnerability

A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by...

7.2CVSS0.00304EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.20 views

PT-2026-37660

Name of the Vulnerable Software and Affected Versions react-server-dom-webpack versions 19.0.0 through 19.0.5 react-server-dom-webpack versions 19.1.0 through 19.1.6 react-server-dom-webpack versions 19.2.0 through 19.2.5 react-server-dom-parcel versions 19.0.0 through 19.0.5...

7.8CVSS5.8AI score0.01533EPSS
Exploits1References31
CVE
CVE
added 2026/05/05 3:37 a.m.17 views

CVE-2026-2948

The vulnerability CVE-2026-2948 affects the Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress (versions ≤ 3.5.3). It permits Server-Side Request Forgery via the import_images() function, exploitable by authenticated users with contributor-level access or higher. T...

6.4CVSS5.9AI score0.00151EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/05 3:37 a.m.4 views

CVE-2026-2948

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the importimages function. This makes it possible for authenticated attackers, with contributor-level access and above, t...

6.4CVSS5.9AI score0.00151EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.20 views

PT-2026-37252

Name of the Vulnerable Software and Affected Versions Geyser versions prior to 2.9.3 Description A server-side request forgery SSRF exists in the handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the '/give' command, an attacker can cause the...

2.4CVSS5.9AI score0.00158EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/04 11:37 p.m.8 views

react-server-dom-webpack: react-server-dom-parcel: reactreact-server-dom-turbopack: React Server Components: Denial of Service via specially crafted HTTP requests

A flaw was found in React Server Components. A remote attacker can exploit this vulnerability by sending specially crafted HTTP requests to Server Function endpoints. This can lead to a Denial of Service DoS, causing server crashes, out-of-memory exceptions, or excessive CPU usage, thereby...

7.5CVSS7.5AI score0.02499EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/04 4:53 p.m.9 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the imgPostURLInfo function. An attacker can cause the server to initiate outbound HTTP HEAD requests to arbitrary endpoints by supplying a crafted URL during the image import preflight stage. This c...

5.3CVSS5.9AI score0.00271EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2026/05/04 12:0 a.m.7 views

The vulnerability in the Google Chrome web browser, related to errors in HTTP requests, allows a hacker to induce a service failure.

The vulnerability in the Google Chrome web browser is related to errors in HTTP requests. Exploiting this vulnerability can allow a malicious actor to cause a service failure through a specially created HTML page...

10CVSS7.5AI score0.00642EPSS
Exploits0References10Affected Software3
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.10 views

GeoVision GV-VMS 缓冲区错误漏洞

GeoVision GV-VMS is a video management system software developed by GeoVision Corporation in China. The GeoVision GV-VMS V20 20.0.2 version contains a buffer error vulnerability. This vulnerability stems from the sscanf function in the WebCam Server login feature, which does not limit the size of...

9CVSS6.5AI score0.00463EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.10 views

GeoVision GV-VMS 缓冲区错误漏洞

GeoVision GV-VMS is a video management system software developed by GeoVision Corporation in China. The version GV-VMS V20 20.0.2 contains a buffer error vulnerability. This vulnerability stems from a stack overflow issue in the WebCam Server login function, which may allow custom HTTP requests t...

9.8CVSS6.3AI score0.00534EPSS
Exploits0References1
NVD
NVD
added 2026/05/02 6:16 a.m.4 views

CVE-2026-6812

The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the onaactivatechildtheme. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating...

4.4CVSS0.0025EPSS
Exploits0References5
NVD
NVD
added 2026/04/30 1:16 p.m.5 views

CVE-2024-13971

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

7.7CVSS0.0047EPSS
Exploits2References2
CVE
CVE
added 2026/04/30 7:10 a.m.19 views

CVE-2024-39847

CVE-2024-39847 describes an XXE-like weakness in the XML parser of the 4D Server SOAP endpoints. Unauthenticated attackers can read files on the application server and adjacent network shares, and can issue HTTP GET requests to arbitrary services. The connected documents confirm the vulnerability...

8.7CVSS5.5AI score0.00447EPSS
Exploits2References3Affected Software1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.10 views

U-SPEED N300 资源管理错误漏洞

The U-SPEED N300 is a wireless router device produced by the U-SPEED company. The U-SPEED N300 V1.0.0 version has a resource management vulnerability. This vulnerability stems from a denial-of-service attack on the embedded Boa HTTP server. It is possible for attackers to exhaust system resources...

7.5CVSS5.8AI score0.00323EPSS
Exploits2References1
Snyk
Snyk
added 2026/04/29 12:0 a.m.8 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via the reuse of an easy handle in HTTP requests when a custom Host: header is set for the initial request and omitted in a subsequent one. An attacker can obtain cookies intended for a different host by exploiti...

7.5CVSS5.8AI score0.00291EPSS
Exploits1References2
NVD
NVD
added 2026/04/24 1:16 a.m.4 views

CVE-2026-31955

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...

4.9CVSS0.00282EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/24 12:14 a.m.10 views

EUVD-2026-25366

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...

4.9CVSS5.8AI score0.00282EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.9 views

Delta Electronics AS320T 安全漏洞

The Delta Electronics AS320T is a high-performance programmable logic controller device used for industrial automation control by Delta Electronics. There is a security vulnerability present in the Delta Electronics AS320T, which stems from an incorrect calculation of the stack buffer size in the...

9.8CVSS5.9AI score0.00611EPSS
Exploits0References1
Rows per page
Query Builder