Lucene search
K

25 matches found

NVD
NVD
added 2026/06/26 3:16 p.m.5 views

CVE-2026-4339

Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery SS...

6.5CVSS0.00104EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:44 p.m.27 views

CVE-2026-4339

Mattermost CPT: CVE-2026-4339 affects Mattermost versions 10.11.x up to 10.11.18, 11.6.x up to 11.6.3, and 11.5.x up to 11.5.6. The vulnerability arises from the Agents plugin MCP server failing to validate attachment URLs against internal/private IP ranges, enabling an attacker with MCP stdio ac...

6.5CVSS5.8AI score0.00104EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/26 8:33 p.m.5 views

GO-2026-4851 Vikunja has SSRF via Todoist/Trello Migration File Attachment URLs that Allows Reading Internal Network Resources in code.vikunja.io/api

Vikunja has SSRF via Todoist/Trello Migration File Attachment URLs that Allows Reading Internal Network Resources in code.vikunja.io/api. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causin...

6.4CVSS5.9AI score0.00272EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:14 p.m.6 views

CVE-2026-22210

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpload class. Attackers can craft malicious attachment records or filter hooks to inject arbitrary...

6.1CVSS5.8AI score0.00161EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/25 9:14 p.m.9 views

Vikunja has SSRF via Todoist/Trello Migration File Attachment URLs that Allows Reading Internal Network Resources

Summary The migration helper functions DownloadFile and DownloadFileWithHeaders in pkg/modules/migration/helpers.go make arbitrary HTTP GET requests without any SSRF protection. When a user triggers a Todoist or Trello migration, file attachment URLs from the third-party API response are passed...

6.4CVSS6AI score0.00272EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/24 3:33 p.m.6 views

CVE-2026-33675 Vikunja has SSRF via Todoist/Trello Migration File Attachment URLs that Allows Reading Internal Network Resources

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the migration helper functions DownloadFile and DownloadFileWithHeaders in pkg/modules/migration/helpers.go make arbitrary HTTP GET requests without any SSRF protection. When a user triggers a Todoist or Trell...

6.4CVSS6AI score0.00272EPSS
Exploits1References5
NVD
NVD
added 2026/03/13 7:54 p.m.5 views

CVE-2026-22210

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpload class. Attackers can craft malicious attachment records or filter hooks to inject arbitrary...

6.1CVSS0.00161EPSS
Exploits0References3
CVE
CVE
added 2026/03/13 1:18 a.m.14 views

CVE-2026-22210

CVE-2026-22210 affects the WordPress plugin wpDiscuz prior to version 7.6.47. The issue is a cross-site scripting (XSS) vulnerability in the WpdiscuzHelperUpload class that allows injecting arbitrary JavaScript into image and anchor tag attributes via unescaped attachment URLs in HTML output. Att...

6.1CVSS5.8AI score0.00161EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/13 1:18 a.m.2 views

CVE-2026-22210

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpload class. Attackers can craft malicious attachment records or filter hooks to inject arbitrary...

4.4CVSS5.9AI score0.00161EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/13 1:18 a.m.28 views

CVE-2026-22210 wpDiscuz before 7.6.47 - Cross-Site Scripting via Unescaped Attachment URLs

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpload class. Attackers can craft malicious attachment records or filter hooks to inject arbitrary...

4.4CVSS0.00161EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/13 1:18 a.m.2 views

CVE-2026-22210 wpDiscuz before 7.6.47 - Cross-Site Scripting via Unescaped Attachment URLs

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpload class. Attackers can craft malicious attachment records or filter hooks to inject arbitrary...

4.4CVSS5.8AI score0.00161EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.8 views

PT-2026-25146

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpload class. Attackers can craft malicious attachment records or filter hooks to inject arbitrary...

4.4CVSS5.9AI score0.00161EPSS
Exploits0References3
NVD
NVD
added 2026/03/06 8:16 p.m.8 views

CVE-2026-30844

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...

9.3CVSS0.00235EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/06 7:33 p.m.37 views

CVE-2026-30844 Wekan Vulnerable to SSRF through Lack of Validation or Filtering in Attachment URL Loading

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...

9.3CVSS0.00235EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/06 7:33 p.m.1 views

CVE-2026-30844 Wekan Vulnerable to SSRF through Lack of Validation or Filtering in Attachment URL Loading

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...

9.3CVSS5.8AI score0.00235EPSS
Exploits0References3
CVE
CVE
added 2026/03/06 7:33 p.m.23 views

CVE-2026-30844

Wekan (versions 8.32 and 8.33) is vulnerable to SSRF via attachment URL loading during board import. User-supplied JSON data contains attachment URLs that are read by the server without URL validation or filtering. The parseActivities() and parseActions() flows extract these URLs and pass them to...

9.3CVSS5.8AI score0.00235EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/06 7:33 p.m.3 views

CVE-2026-30844 Wekan Vulnerable to SSRF through Lack of Validation or Filtering in Attachment URL Loading

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...

9.3CVSS5.8AI score0.00235EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/06 7:33 p.m.5 views

EUVD-2026-10063

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...

9.3CVSS5.8AI score0.00235EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.8 views

PT-2026-23744

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...

9.3CVSS5.8AI score0.00235EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/03 6:10 p.m.5 views

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the bypass of the mediaAllowHosts configuration. An attacker can access internal or unintended network resources by supplying or influencing attachmen...

8.7CVSS6AI score0.00172EPSS
Exploits0References2
Rows per page
Query Builder