Lucene search
K

13 matches found

Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-15080 Ray Enterprise Translation - Moderately critical - Cross site request forgery - SA-CONTRIB-2026-071

Cross-Site Request Forgery CSRF vulnerability in Drupal Ray Enterprise Translation allows Cross Site Request Forgery. This issue affects Ray Enterprise Translation versions: from 0.0.0 to 4.0.4, from 4.1.0 to 4.1.4, from 11.0.0 to 11.0.4...

0.00118EPSS
Exploits0References1
Snyk
Snyk
added 2026/07/03 12:17 p.m.13 views

Server-side Request Forgery (SSRF)

Overview @theia/request is a Theia Proxy-Aware Request Service Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request-service process. An attacker can access sensitive internal resources by sending crafted URLs to the backend, which then performs...

8.5CVSS5.9AI score0.00297EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 7:53 a.m.7 views

EUVD-2026-40924

The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0.9.1. This is due to missing or incorrect nonce validation on the processrequest function. This makes it possible for unauthenticated...

8.8CVSS5.8AI score0.00205EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.15 views

CVE-2026-33458

Server-Side Request Forgery CWE-918 in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data...

7.7CVSS5.7AI score0.00226EPSS
Exploits0References1
OSV
OSV
added 2026/05/15 5:53 p.m.34 views

GHSA-FGQV-JH4G-PVG2 Budibase: SSRF Bypass via HTTP Redirect in REST Datasource Integration

Summary The REST datasource integration follows HTTP redirects without re-checking the IP blacklist, allowing an authenticated Builder to access internal services cloud metadata, databases by redirecting through an attacker-controlled server. The same vulnerability class was already patched in...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References4
CVE
CVE
added 2026/03/24 1:39 a.m.14 views

CVE-2026-4623

CVE-2026-4623 affects DefaultFuction Jeson-Customer-Relationship-Management-System up to build 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. The vulnerability resides in the API Module, specifically the file /api/System.php, where manipulation of the url argument enables server-side request forgery (...

7.5CVSS6.5AI score0.00321EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.9 views

CVE-2026-3681

A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /internal/service/webhook/webhook.go. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The exploit has been made available to...

6.5CVSS5.5AI score0.00224EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.5 views

Malicious code in mp3-file-zip-d-ownload-459867-forgiveness-3nns7-tralfe (npm)

The package mp3-file-zip-d-ownload-459867-forgiveness-3nns7-tralfe was found to contain malicious code...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.6 views

PT-2025-14230 · Unknown · N-Media Bulk Product Sync

Name of the Vulnerable Software and Affected Versions: N-Media Bulk Product Sync versions n/a through 8.6 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. This means an attacker can trick a user into performing unintended actions ...

4.3CVSS5.5AI score0.00158EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/11/24 12:0 a.m.8 views

PT-2022-25614 · Unknown · Rickxy Stock Management System

Name of the Vulnerable Software and Affected Versions: rickxy Stock Management System affected versions not specified Description: A vulnerability was found in the rickxy Stock Management System, classified as problematic. This issue affects some unknown processing of the file "us...

8.8CVSS8.4AI score0.00246EPSS
Exploits1References5
Talos Blog
Talos Blog
added 2022/09/22 6:0 p.m.29 views

Threat Source newsletter (Sept. 22, 2022) — Attackers are already using student loan relief for scams

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. We’ve seen attackers capitalize on the news time and again, from COVID-19 to U.S.-North Korea relationships and, of course, holiday shopping sales every November. So, I was far from surprised to see that attackers are...

6.6AI score
Exploits0
ThreatPost
ThreatPost
added 2018/10/26 10:13 p.m.647 views

ThreatList: 1 Out of 5 Would Ditch a Business After a Data Breach

About a fifth of Americans would ditch a business in the wake of a major data breach, new research has found. In a survey of 2,000 adult consumers across the United States by PCI Pal, almost half 44 percent of them have personally suffered the negative consequences of a security breach or hack. S...

0.3AI score
Exploits0References6
Wired Threat Level
Wired Threat Level
added 2018/10/23 10:0 a.m.57 views

Forging a Relationship With Tyler Barriss, the Internet’s Most Hated Swatter

Journalist Brendan Koerner strikes up a jail-cell correspondence with a man charged with instigating a fatal shooting. “Only by peering into the abyss of human malice can we divine how we can muster the strength to forgive the truly lost," he writes...

7AI score
Exploits0
Rows per page
Query Builder