Lucene search
K

12 matches found

Vulnrichment
Vulnrichment
added 2026/02/24 2:39 a.m.3 views

CVE-2026-27127 Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebindi...

7CVSS5.9AI score0.00446EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/24 2:39 a.m.30 views

CVE-2026-27127 Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebindi...

7CVSS0.00446EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.8 views

PT-2026-21609

Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.5.0-RC1 through 4.16.18 Craft CMS versions 5.0.0-RC1 through 5.8.22 Description Craft CMS is susceptible to a Server-Side Request Forgery SSRF vulnerability in its GraphQL Asset mutation. The validation process performs DN...

7CVSS6AI score0.00446EPSS
Exploits1References11
Cvelist
Cvelist
added 2026/02/02 11:48 p.m.26 views

CVE-2025-61639 Suppressed blocked IP is visible in Special:BlockList, RC, and other places

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php. This...

6.3CVSS0.0022EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/02 11:48 p.m.2 views

CVE-2025-61639 Suppressed blocked IP is visible in Special:BlockList, RC, and other places

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php. This...

6.3CVSS5.4AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/01 12:4 p.m.12 views

CVE-2025-12094

The OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments No CAPTCHA plugin for WordPress is vulnerable to IP Header Spoofing in all versions up to, and including, 1.2.53. This is due to the plugin trusting client-controlled forwarded headers such as CF-Connecting-IP, X-Forwarded-For,...

5.3CVSS6.2AI score0.0031EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/31 8:25 a.m.6 views

CVE-2025-12094 OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) <= 1.2.53 - Unauthenticated IP Header Spoofing

The OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments No CAPTCHA plugin for WordPress is vulnerable to IP Header Spoofing in all versions up to, and including, 1.2.53. This is due to the plugin trusting client-controlled forwarded headers such as CF-Connecting-IP, X-Forwarded-For,...

5.3CVSS0.0031EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/12/29 5:20 p.m.32 views

CVE-2021-45471

A flaw was found in mediawiki in versions through 1.37. Blocked IP addresses are allowed to edit EntitySchema items...

5.3CVSS4.4AI score0.01242EPSS
Exploits0References3
Prion
Prion
added 2021/12/24 2:15 a.m.19 views

Design/Logic Flaw

In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items...

5CVSS5.3AI score0.01242EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2021/12/24 1:4 a.m.30 views

CVE-2021-45471

In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items...

5.8AI score0.01242EPSS
Exploits0References4
OSV
OSV
added 2020/02/10 6:15 p.m.4 views

CVE-2019-19667

A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1 that could allow an attacker to whitelist or block any IP address via RAPR/BlockedClients.html...

5.4CVSS6.1AI score0.00374EPSS
Exploits0References2
myhack58
myhack58
added 2019/05/14 12:0 a.m.104 views

Easy WP SMTP v1. 3. 9)0 day vulnerability is being attacked in the process and reproducibility-vulnerability warning-the black bar safety net

Foreword Your own blog site with wordpres hosting, last month found some abnormalities. 3.12 days, the mailbox explosion, received more than 100 letter on the site is the blasting of the notification mail. ! Day to see also not strange, because before it appeared such a situation, every day there...

6.9AI score
Exploits0
Rows per page
Query Builder