Lucene search
K

356 matches found

CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

SillyTavern 代码问题漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.16.0 had code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing in the asset download endpoint, which could allow authenticated users to make...

8.5CVSS6AI score0.00282EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/09 11:22 a.m.30 views

CVE-2026-0632 Fluent Forms Pro Add On Pack <= 6.1.12 - Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource'

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...

5.4CVSS0.00225EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/28 6:10 p.m.6 views

CVE-2026-24775

OpenProject is an open-source, web-based project management software. In the new editor for collaborative documents based on BlockNote, OpenProject maintainers added a custom extension in OpenProject version 17.0.0 that allows to mention OpenProject work packages in the document. To show work...

6.3CVSS6AI score0.00105EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/28 6:10 p.m.8 views

CVE-2026-24775 OpenProject has Forced Actions, Content Spoofing, and Persistent DoS via ID Manipulation in OpenProject Blocknote Editor Extension

OpenProject is an open-source, web-based project management software. In the new editor for collaborative documents based on BlockNote, OpenProject maintainers added a custom extension in OpenProject version 17.0.0 that allows to mention OpenProject work packages in the document. To show work...

6.3CVSS6AI score0.00105EPSS
Exploits0References2
OSV
OSV
added 2026/01/28 6:10 p.m.9 views

CVE-2026-24775 OpenProject has Forced Actions, Content Spoofing, and Persistent DoS via ID Manipulation in OpenProject Blocknote Editor Extension

OpenProject is an open-source, web-based project management software. In the new editor for collaborative documents based on BlockNote, OpenProject maintainers added a custom extension in OpenProject version 17.0.0 that allows to mention OpenProject work packages in the document. To show work...

6.3CVSS6AI score0.00105EPSS
Exploits0References4
CVE
CVE
added 2026/01/28 6:10 p.m.19 views

CVE-2026-24775

OpenProject 17.0.0 added a BlockNote editor extension that may expose internal resources. The vulnerability (CVE-2026-24775) arises because the extension does not properly validate the work package ID when loading details via the OpenProject API, allowing an attacker to craft documents with relat...

7.3CVSS6AI score0.00105EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/01/28 6:10 p.m.8 views

EUVD-2026-4878

OpenProject is an open-source, web-based project management software. In the new editor for collaborative documents based on BlockNote, OpenProject maintainers added a custom extension in OpenProject version 17.0.0 that allows to mention OpenProject work packages in the document. To show work...

6.3CVSS6AI score0.00105EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.15 views

PT-2026-5180

Name of the Vulnerable Software and Affected Versions OpenProject versions 17.0.0 through 17.0.1 Description OpenProject is a web-based project management software. A flaw exists in the BlockNote editor extension introduced in version 17.0.0, which allows mentioning OpenProject work packages with...

7.3CVSS5.6AI score0.00105EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.10 views

Apryse HTML2PDF SDK has security vulnerabilities

The Apryse HTML2PDF SDK is a file format conversion component developed by the American company Apryse. Versions of the Apryse HTML2PDF SDK 11.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the InsertFromHtmlString function, which had issues with local file...

7.5CVSS5.9AI score0.00404EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/19 11:15 p.m.4 views

CVE-2026-22219 Chainlit < 2.9.4 SQLAlchemy Data Layer SSRF via /project/element

Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy...

8.3CVSS5.8AI score0.04439EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/01/16 2:0 p.m.6 views

CVE-2025-15104

Nu Html Checker validator.nu contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. While the validator implements hostname-based protections to block direct access to localhost and...

6.9CVSS5.9AI score0.00425EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.9 views

CVE-2023-31456

There is an SSRF vulnerability in the Fluid Topics platform that affects versions prior to 4.3, where the server can be forced to make arbitrary requests to internal and external resources by an authenticated user...

5.4CVSS6.8AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:17 a.m.6 views

CVE-2019-18346

A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the application. If the attacked user is an administrator, the attacker could for example add a new admin user...

8.8CVSS6.7AI score0.00983EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:35 a.m.19 views

CVE-2024-41305

A Server-Side Request Forgery SSRF in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...

7.1CVSS7.3AI score0.00186EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:0 a.m.17 views

CVE-2023-29119

Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/dbstore.php...

9.6CVSS7.6AI score0.00326EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:0 a.m.9 views

CVE-2023-29118

Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/versions.php...

9.6CVSS7.6AI score0.00326EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:41 a.m.6 views

CVE-2022-0427

Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover...

8.8CVSS6.4AI score0.00815EPSS
Exploits1References1
NVD
NVD
added 2025/12/16 6:16 p.m.8 views

CVE-2025-52196

Server-Side Request Forgery SSRF vulnerability in Ctera Portal 8.1.x 8.1.1417.24 allows remote attackers to induce the server to make arbitrary HTTP requests via a crafted HTML file containing an iframe...

7.5CVSS0.003EPSS
Exploits0References2
CNVD
CNVD
added 2025/12/16 12:0 a.m.6 views

WordPress RSS Aggregator by Feedzy Code Issue Vulnerability

WordPress RSS Aggregator by Feedzy is a lightweight plugin designed for WordPress that focuses on automatically grabbing content from external RSS feeds and syndicating it to your website. WordPress RSS Aggregator by Feedzy has a code issue vulnerability that stems from the existence of a blind...

5.8CVSS7.2AI score0.00227EPSS
Exploits0References1
CVE
CVE
added 2025/12/15 8:28 p.m.15 views

CVE-2023-53893

Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery (SSRF) in the job callback URL parameter, enabling an attacker to bypass network restrictions and force the application to make HTTP, DNS, or file requests to arbitrary destinations for enumeration. Affected component...

6.5CVSS6.6AI score0.00246EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder