13 matches found
CVE-2026-15080 Ray Enterprise Translation - Moderately critical - Cross site request forgery - SA-CONTRIB-2026-071
Cross-Site Request Forgery CSRF vulnerability in Drupal Ray Enterprise Translation allows Cross Site Request Forgery. This issue affects Ray Enterprise Translation versions: from 0.0.0 to 4.0.4, from 4.1.0 to 4.1.4, from 11.0.0 to 11.0.4...
Server-side Request Forgery (SSRF)
Overview @theia/request is a Theia Proxy-Aware Request Service Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request-service process. An attacker can access sensitive internal resources by sending crafted URLs to the backend, which then performs...
EUVD-2026-40924
The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0.9.1. This is due to missing or incorrect nonce validation on the processrequest function. This makes it possible for unauthenticated...
CVE-2026-33458
Server-Side Request Forgery CWE-918 in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data...
GHSA-FGQV-JH4G-PVG2 Budibase: SSRF Bypass via HTTP Redirect in REST Datasource Integration
Summary The REST datasource integration follows HTTP redirects without re-checking the IP blacklist, allowing an authenticated Builder to access internal services cloud metadata, databases by redirecting through an attacker-controlled server. The same vulnerability class was already patched in...
CVE-2026-4623
CVE-2026-4623 affects DefaultFuction Jeson-Customer-Relationship-Management-System up to build 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. The vulnerability resides in the API Module, specifically the file /api/System.php, where manipulation of the url argument enables server-side request forgery (...
CVE-2026-3681
A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /internal/service/webhook/webhook.go. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The exploit has been made available to...
Malicious code in mp3-file-zip-d-ownload-459867-forgiveness-3nns7-tralfe (npm)
The package mp3-file-zip-d-ownload-459867-forgiveness-3nns7-tralfe was found to contain malicious code...
PT-2025-14230 · Unknown · N-Media Bulk Product Sync
Name of the Vulnerable Software and Affected Versions: N-Media Bulk Product Sync versions n/a through 8.6 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. This means an attacker can trick a user into performing unintended actions ...
PT-2022-25614 · Unknown · Rickxy Stock Management System
Name of the Vulnerable Software and Affected Versions: rickxy Stock Management System affected versions not specified Description: A vulnerability was found in the rickxy Stock Management System, classified as problematic. This issue affects some unknown processing of the file "us...
Threat Source newsletter (Sept. 22, 2022) — Attackers are already using student loan relief for scams
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. We’ve seen attackers capitalize on the news time and again, from COVID-19 to U.S.-North Korea relationships and, of course, holiday shopping sales every November. So, I was far from surprised to see that attackers are...
ThreatList: 1 Out of 5 Would Ditch a Business After a Data Breach
About a fifth of Americans would ditch a business in the wake of a major data breach, new research has found. In a survey of 2,000 adult consumers across the United States by PCI Pal, almost half 44 percent of them have personally suffered the negative consequences of a security breach or hack. S...
Forging a Relationship With Tyler Barriss, the Internet’s Most Hated Swatter
Journalist Brendan Koerner strikes up a jail-cell correspondence with a man charged with instigating a fatal shooting. “Only by peering into the abyss of human malice can we divine how we can muster the strength to forgive the truly lost," he writes...