Server-side Request Forgery (SSRF)

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchurl function in the webhook add-on. An attacker can access internal resources by supplying...

CVE-2026-39845

Weblate (web-based localization tool) has a vulnerability in versions prior to 5.17 where the webhook add-on did not apply SSRF protections. The root cause is exposure via the webhook add-on’s fetch_url() path, enabling potential SSRF risks as described in the CVE entry. The issue is fixed in ver...

PT-2025-7338 · WordPress · The Wordpress Portfolio Builder – Portfolio Gallery

Name of the Vulnerable Software and Affected Versions: The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress versions up to, and including, 1.1.7 Description: The issue is related to unauthorized modification of data due to a missing capability check on the add video function...

PT-2025-7249 · Unknown · Orml Rewards

Name of the Vulnerable Software and Affected Versions: ORML Rewards pallet versions prior to the fixed version Description: A vulnerability in the add share function can lead to an uncaught Rust panic when handling user-provided input exceeding the u128 range. This issue affects any Substrate-bas...

PT-2024-16051 · Infiniflow · Ragflow

Name of the Vulnerable Software and Affected Versions: infiniflow/ragflow version 0.11.0 Description: The issue concerns a remote code execution vulnerability in the add llm function, located in llm app.py. This function utilizes user-supplied input, specifically req'llm factory' and req'llm name...

PT-2024-39616

Name of the Vulnerable Software and Affected Versions OFCMS version 1.1.2 Description A problematic vulnerability has been found in OFCMS, affecting the add function of the file "/admin/system/dict/add.json?sqlid=system.dict.save". The manipulation of the dict value argument leads to cross-site...

PT-2024-19663 · Apfloat · Apfloat

Name of the Vulnerable Software and Affected Versions: Apfloat version 1.10.1 Description: The issue is related to an ArrayIndexOutOfBoundsException in the org.apfloat.internal.DoubleCRTMath::adddouble, double component. However, it is noted that the existence of this vulnerability is disputed by...

PT-2024-14057 · Trendnet · Trendnet Ac1200 Tew-821Dap

Name of the Vulnerable Software and Affected Versions: TRENDnet AC1200 TEW-821DAP version 3.00b06 Description: A Buffer Overflow issue allows an attacker to execute arbitrary code via the adm add user action. This can be exploited to gain unauthorized access and control over the device...

PT-2024-15628 · WordPress · The Royal Elementor Addons/Templates

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.3.87 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the add to wishlist function...

PT-2024-20419 · Unknown · Daily Habit Tracker

Name of the Vulnerable Software and Affected Versions: Daily Habit Tracker version 1.0 Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the day, exercise, pray, read book, vitamins, laundry, alcohol, and meat parameters in the "add-tracker.php" and...

PT-2023-10301 · WordPress · Most Popular Posts Widget Plugin

Name of the Vulnerable Software and Affected Versions: Most Popular Posts Widget Plugin versions up to 0.8 Description: A critical issue has been found in the Most Popular Posts Widget Plugin, affecting the add views/show views function of the functions.php file. This issue leads to sql injection...

PT-2022-27354 · Webtareas · Webtareas

Name of the Vulnerable Software and Affected Versions: webtareas version 2.4p5 Description: The issue is related to a cross-site scripting XSS vulnerability in the /contacts/listcontacts.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted...

PT-2022-18783 · Shopxo · Shopxo

Name of the Vulnerable Software and Affected Versions: ShopXO versions 2.2.5 and below Description: The issue is related to a system re-install vulnerability. It is exploited via the Add function in the app/install/controller/Index.php file. Recommendations: For versions 2.2.5 and below, consider...

PT-2021-10651 · Muyucms · Muyucms

Name of the Vulnerable Software and Affected Versions: Myucms version 2.2.1 Description: The issue is related to a remote code execution RCE vulnerability in the controllerpoint.php component. This vulnerability can be exploited via the add method. Recommendations: For Myucms version 2.2.1,...

How to Speed Up Firefox With Multi-Process, If It's Not Working By Default

After years of waiting, Mozilla last week launched Firefox 54 for Windows, Mac, Linux, and Android, with multi-process support — a "major improvement" to improve your browsing experience — but many users are still struggling to take advantage of this feature. Mozilla's multi-process support in...

PHP-Nuke Gallery Add-on modules.php include Parameter Traversal Arbitrary File Access

The remote PHP-Nuke service has a version of the 'Gallery' Add-on that allow attackers to read arbitrary files on this host. Every file that the web server has access to can be read by anyone. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...