21 matches found
CVE-2026-40564 Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator
Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...
PT-2026-41975
Summary An authenticated Server-Side Request Forgery SSRF vulnerability in HAXcms allows users to fetch arbitrary internal or local resources and write the responses to a web-accessible directory, enabling arbitrary file read and internal network access. Details The createSite endpoint in HAXcms...
PT-2026-20879
Name of the Vulnerable Software and Affected Versions Kargo versions 1.7.0 through 1.7.7 Kargo version 1.8.11 Kargo version 1.9.3 Description Kargo manages and automates the promotion of software artifacts. The batch resource creation endpoints of both Kargo's legacy gRPC API and newer REST API...
CVE-2026-26056
Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...
EUVD-2025-203050
The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'getservertimeajaxrequest' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...
Summer Pearl Group Vacation Rental Management Platform 安全漏洞
Summer Pearl Group Vacation Rental Management Platform is a vacation rental property management software platform from Summer Pearl Group, Greece. A security vulnerability exists in Summer Pearl Group Vacation Rental Management Platform versions prior to 1.0.2, which stems from insufficient...
WordPress plugin aoa-downloadable 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...
GO-2024-3281 github.com/rancher/steve's users can issue watch commands for arbitrary resources in github.com/rancher/steve
github.com/rancher/steve's users can issue watch commands for arbitrary resources in github.com/rancher/steve...
CVE-2024-26029 Adobe Experience Manager | Improper Access Control (CWE-284)
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain disclose information. Exploitation of this issue does no...
CVE-2024-26029 Adobe Experience Manager | Improper Access Control (CWE-284)
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain disclose information. Exploitation of this issue does no...
CVE-2023-3154 NextGEN Gallery < 3.39 - Admin+ PHAR Deserialization
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the galleryedit function, allowing an attacker to access arbitrary resources on the server...
PT-2023-25486 · Solarwinds · Solarwinds Platform
Name of the Vulnerable Software and Affected Versions: SolarWinds Platform affected versions not specified Description: The issue allows an underprivileged user to bypass access controls and read arbitrary resources. Recommendations: At the moment, there is no information about a newer version th...
Directory traversal
The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains an easily exploitable Directory Traversal vulnerability that allows a low privileged attacker with network access to read arbitrary resources on the affected system. Affected releases are TIBCO...
PYSEC-2019-151
sendemail in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent ...
UBUNTU-CVE-2017-18638
sendemail in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent ...
Design/Logic Flaw
AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters...
CVE-2015-5207
Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods...
Code injection
Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods...
Directory traversal
Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103...
PT-2014-3817 · Schneider Electric · Modicon Plc Ethernet Modules +1
Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec versions prior to 5.5 Schneider Electric Modicon PLC Ethernet modules 140NOC78x Exec versions prior to 1.62 Schneider Electric Modicon PLC Ethernet modules 140NOE77x Exec versions...