CVE-2026-4888

The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 3.4.7. This makes it possible for authenticated...

CVE-2026-45412

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via workflowtemplate Import. Authenticated users can supply arbitrary URLs in workflowtemplate.downloadUrl which are fetched server-side without any URL validation or internal IP filtering. This vulnerability is fixed in...

PT-2026-43405

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via work flow template Import. Authenticated users can supply arbitrary URLs in work flow template.downloadUrl which are fetched server-side without any URL validation or internal IP filtering. This vulnerability is fixed i...

AMD Chipset 安全漏洞

The AMD Chipset is a series of chips developed by American semiconductor company AMD. The AMD Chipset contains security vulnerabilities; these vulnerabilities stem from the lack of checking return values, which may allow attackers to read or modify arbitrary addresses, resulting in losses related...

CVE-2026-41321

@astrojs/cloudflare is an SSR adapter for use with Cloudflare Workers targets. Prior to 13.1.10, the fetch call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transform.ts uses the default redirect: 'follow' behavior. This allows the Cloudflare Worker to follow HTTP...

SocialEngine 代码问题漏洞

SocialEngine is a content management platform developed by SocialEngine Company in India, designed for supporting community interactions and building social networks. Versions of SocialEngine 7.8.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from the use of...

CVE-2026-39922 GeoNode SSRF via Service Registration

GeoNode versions 4.4.5 and 5.0.2 and prior within their respective releases contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL durin...

EUVD-2026-20968

n8n-MCP is a Model Context Protocol MCP server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, an authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to iss...

Ech0 代码问题漏洞

Ech0 is a self-hosted personal microblogging platform developed by L1nSn0w. Versions of Ech0 prior to 4.2.8 had code vulnerabilities. These vulnerabilities stemmed from the GET /api/website/title endpoint, which made server-side HTTP requests to arbitrary URLs without verification. This could all...

SUSE CVE-2025-59353

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, a peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager's Certificate gRPC service does not...

CVE-2026-32111

CVE-2026-32111 affects ha-mcp, a Home Assistant MCP Server. Before version 7.0.0, the ha-mcp OAuth consent form (beta) accepts a user-supplied ha_url and makes a server-side HTTP request to {ha_url}/api/config without URL validation. An unauthenticated attacker can submit arbitrary URLs to perfor...

CVE-2026-23817

CVE-2026-23817 affects the web-based management interface of AOS-CX Switches. It describes an unauthenticated remote attacker who could redirect users to an arbitrary URL. CVSS3.1 base score 6.5 (NETWORK, LOW attack complexity, NONE privileges, UI: REQUIRED) with I: HIGH. No remediation or exploi...

pinchtab 代码问题漏洞

Pinchtab is an open-source AI proxy browser control tool developed by Pinchtab. Versions of Pinchtab prior to 0.7.7 contained code vulnerabilities. These vulnerabilities stemmed from the download endpoint’s server-side request forgeing, which could allow the server to make requests to arbitrary...

CVE-2026-27600

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. No validation or restriction is applied to the supplied host, IP address, or port. Although...

EUVD-2026-5563

Spree is an open source e-commerce solution built with Ruby on Rails. A critical IDOR vulnerability exists in Spree Commerce's guest checkout flow that allows any guest user to bind arbitrary guest addresses to their order by manipulating address ID parameters. This enables unauthorized access to...

CVE-2026-25758 Spree allows unauthenticated users can access all guest addresses

Spree is an open source e-commerce solution built with Ruby on Rails. A critical IDOR vulnerability exists in Spree Commerce's guest checkout flow that allows any guest user to bind arbitrary guest addresses to their order by manipulating address ID parameters. This enables unauthorized access to...

Improper Access Control

github.com/slackhq/nebula is vulnerable to Improper Access Control. The vulnerability is due to incorrect handling of CIDR ranges in certain configurations, which allows an attacker to spoof or use arbitrary source IP addresses within the Nebula network...

CVE-2025-14613

The WordPress GetContentFromURL plugin is affected in all versions up to 1.0. The root cause is using wp_remote_get() instead of wp_safe_remote_get() to fetch content from a user-supplied URL in the [gcfu] shortcode; this enables authenticated attackers with Contributor-level access and above to ...

CVE-2025-54065 GZDoom engine allows arbitrary code execution via ZScript actor states

GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor state handling allows scripts to read arbitrary addresses, write constants into the JIT-compiled code section, and redirect control flow through crafted...

PT-2025-47967

Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service...