4170 matches found
CVE-2026-1931
The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0.32.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to...
CVE-2026-1931
The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0.32.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to...
CVE-2026-1931 Rent Fetch <= 0.32.4 - Unauthenticated Stored Cross-Site Scripting via 'keyword' Parameter
The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0.32.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to...
CVE-2026-1931 Rent Fetch <= 0.32.4 - Unauthenticated Stored Cross-Site Scripting via 'keyword' Parameter
The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0.32.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to...
CVE-2026-1931
The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0.32.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to...
CVE-2026-1931
The affected software is the Rent Fetch plugin for WordPress. The CVE describes a Stored Cross‑Site Scripting flaw via the keyword parameter in all versions up to 0.32.4 caused by insufficient input sanitization and output escaping on user-supplied attributes. Unauthenticated attackers can inject...
OpenClaw affected by denial of service via unbounded URL-backed media fetch
Summary URL-backed media fetch handling allocated the entire response payload in memory arrayBuffer before enforcing maxBytes, allowing oversized responses to cause memory exhaustion. Affected Versions - openclaw npm: res.writeHead200,"content-type":"application/octet-stream";forlet...
WordPress plugin Rent Fetch 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-20292
Name of the Vulnerable Software and Affected Versions Rent Fetch plugin for WordPress versions up to and including 0.32.4 Description The Rent Fetch plugin for WordPress is susceptible to Stored Cross-Site Scripting through the keyword parameter. This is due to inadequate input sanitization and...
PT-2026-23562
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 clawdbot versions 2026.1.24 and earlier Description The software contains a denial of service issue in the fetchWithGuard function. This function allocates entire response payloads in memory before enforcin...
PT-2026-23529
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description The Feishu extension in OpenClaw is susceptible to server-side request forgery SSRF. This allows attackers to retrieve content from attacker-controlled remote URLs without proper SSRF protection...
GHSA-56F2-HVWG-5743 OpenClaw affected by SSRF in Image Tool Remote Fetch
Summary A server-side request forgery SSRF vulnerability in the Image tool allowed attackers to force OpenClaw to make HTTP requests to arbitrary internal or restricted network targets. Affected Versions - npm: openclaw = 2026.2.1 Patched Versions - npm: openclaw 2026.2.2 and later Fix Commits -...
OpenClaw affected by SSRF in Image Tool Remote Fetch
Summary A server-side request forgery SSRF vulnerability in the Image tool allowed attackers to force OpenClaw to make HTTP requests to arbitrary internal or restricted network targets. Affected Versions - npm: openclaw = 2026.2.1 Patched Versions - npm: openclaw 2026.2.2 and later Fix Commits -...
FreeBSD : MongoDB Server -- Multiple vulnerabilities (77e32b14-0800-11f1-8a6f-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 77e32b14-0800-11f1-8a6f-b42e991fc52e advisory. https://jira.mongodb.org/browse/SERVER-114126 reports: Complex queries can cause excessive...
CVE-2026-25870
DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...
LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages
Server-Side Request Forgery SSRF in ChatOpenAI Image Token Counting Summary The ChatOpenAI.getnumtokensfrommessages method fetches arbitrary imageurl values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Request Forgery SSRF...
CVE-2026-25870
DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...
CVE-2026-25870
DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...
CVE-2026-25870 DoraCMS <= 3.1 UEditor Remote Image Fetch SSRF
DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...
CVE-2026-25870
CVE-2026-25870 affects DoraCMS (