CVE-2026-22539 INFORMATION DISCLOSURE VIA CURL REQUESTS (OCPP)

As the service interaction is performed without authentication, an attacker with some knowledge of the protocol could obtain information about the charger via OCPP v1.6...

Moodle 安全漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle that stems from a DNS rebinding risk in cURL request processing...

CVE-2023-22515

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access...

CVE-2021-39339

The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the /bypass.php file due to a user-supplied URL request value that gets called by a curl requests. This affects versions up to, and including, 1.8.0...

Server side request forgery (ssrf)

The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the /bypass.php file due to a user-supplied URL request value that gets called by a curl requests. This affects versions up to, and including, 1.8.0...

Telefication <= 1.8.0 - Open Relay & Server-Side Request Forgery

The plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the /bypass.php file due to a user-supplied URL request value that gets called by a curl requests...

HackerOne: API Last Request Date/Time Not Updating

Hi All, I believe I've found a minor vulnerability with regards to your API last request date/time. However, I could not find any documentation on what this value is supposed to represent / when it should be relied on so I debated reporting this but figured it might in fact be an issue. Descripti...