CVE-2026-11997

CVE-2026-11997 affects the WordPress plugin Bulk SEO Image

CVE-2026-6292

CVE-2026-6292 affects the WordPress plugin MP Customize Login Page (versions ≤ 1.0). The issue is a CSRF vulnerability caused by a broken nonce validation in enter_mpclp_login_options() (inverted wp_verify_nonce() check and missing action parameter) and a settings-update handler hooked on init wi...

CVE-2026-12095

The CVE-2026-12095 entry concerns the WordPress plugin Kargo Takip (versions up to 1.2). It describes an unauthenticated Server-Side Request Forgery (SSRF) via the api_url parameter, enabling an attacker to cause the application to make web requests to arbitrary locations from within the web app....

CVE-2026-9724

The CVE concerns the MotorDesk WordPress plugin up to version 1.1.2 . It is vulnerable to Cross-Site Request Forgery (CSRF) due to missing/incorrect nonce validation on the function motordesk_admin_home . This allows unauthenticated attackers to modify the plugin’s configuration, including the se...

CVE-2026-11370

CVE-2026-11370 : In the WordPress WP Meta SEO plugin (versions up to 4.5.18), there is a Server-Side Request Forgery (SSRF) via the new_link parameter. Exploitation requires an authenticated user with at leastContributor+ access. The vulnerability allows outbound web requests originating from the...

CVE-2026-12100

CVE-2026-12100 affects the WordPress URL Preview plugin. It is vulnerable to unauthenticated Server-Side Request Forgery via the url parameter in all versions up to and including 1.0. An unauthenticated attacker can cause the web application to issue requests to arbitrary locations from the web a...

CVE-2026-8905

The CVE concerns the Osiris Signature Banner WordPress plugin (versions up to and including 0.5). The root cause is missing or incorrect nonce validation on a function, enabling Cross-Site Request Forgery (CSRF). This could allow unauthenticated attackers to update plugin settings and inject mali...

CVE-2026-54514

CVE-2026-54514 affects jackson-databind’s InetSocketAddress handling during deserialization. From 2.0.0 up to fixes in 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress(host, port), causing eager DNS resolution at readValue time and enabling an attacker to trigger...

CVE-2026-46548

NocoDB (CVE-2026-46548 ) exhibits an SSRF protection bypass in the notification webhook plugins for Slack, Discord, Mattermost, and Teams. Root cause: in the affected code paths, the httpAgent/httpsAgent were incorrectly placed in the request body of axios.post instead of the config argument, all...

CVE-2026-53927

CVE-2026-53927 affects NocoDB's spreadsheet-fetch endpoint (axiosRequestMake), where URLs with a permitted extension anywhere in the path could bypass the initial blocklist of 127.0.0.0/8 and 169.254.0.0/16 and reach the cloud-metadata endpoint. The issue allowed authenticated editors to access i...

CVE-2026-53930

The CVE describes a Server-Side Request Forgery in NocoDB via the base-migration endpoint. A caller-supplied migration URL could be dereferenced by the migration worker without enforcing protocol or destination, enabling scheme abuse (file:, ftp:, etc.) and probing of internal HTTP destinations. ...

CVE-2026-53754

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach...

CVE-2026-53754

CVE-2026-53754 affects Crawl4AI prior to version 0.8.8. The Docker API server’s SSRF protection (validate_webhook_url/validate_url_destination) used an explicit IPv4/IPv6 CIDR blocklist that missed several address families, allowing an unauthenticated attacker to reach internal services and cloud...

CVE-2026-53755

CVE-2026-53755 affects Crawl4AI up to version 0.8.9. The Docker API server fails to apply SSRF checks to proxy addresses, allowing an unauthenticated attacker to specify a proxy pointing at an internal IP while using a valid crawl URL. This can route Chromium egress through the proxy to reach int...

CVE-2026-54157 LobeHub: Unauthenticated SSRF in `/webapi/proxy`

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy endpoint on app.lobehub.com accepts a URL in the POST body and fetches it server-side without any authentication. An attacker can use this to make...

CVE-2026-54308

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As a result, an unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to...

CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

EUVD-2026-38537

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

CVE-2026-50221

CVE-2026-50221 affects OpenStack Swift prior to 2.37.2, where proxy-server fails to strip internal update headers (X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device) from client requests before forwarding to object-servers. An authenticated user with write access can inje...

CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...