CVE-2026-35400

LORIS (Longitudinal Online Research and Imaging System) is affected from 20.0.0 up to but not including 27.0.3 and 28.0.1 by a publication module flaw that trusts the baseURL submitted via a user’s POST request instead of the internal LORIS value. This could allow an attacker with publication-mod...

CKAN MCP Server 代码问题漏洞

CKAN MCP Server is an open-source tool developed by onData, designed for natural language queries between AI assistants and open data platforms. Versions of CKAN MCP Server prior to 0.4.85 contained code vulnerabilities. These vulnerabilities stemmed from insufficient validation of the baseurl...

Server-Side Request Forgery (SSRF)

Umbraco CMS is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of the baseUrl parameter in dashboard and help controller endpoints, which allows an attacker to craft requests that force the server to make unauthorized requests to external hosts...

jenkins-subversion-plugin: XSS in project repository base url

Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability...

jenkins-subversion-plugin: XSS in project repository base url

Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability...