Lucene search
K

6 matches found

NVD
NVD
added 5 days ago6 views

CVE-2026-59095

LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service importFromUrl and topic cover update fetchImageFromUrl...

8.3CVSS0.00235EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-59095

LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service importFromUrl and topic cover update fetchImageFromUrl...

8.3CVSS5.9AI score0.00235EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-41426

LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service importFromUrl and topic cover update fetchImageFromUrl...

8.3CVSS5.9AI score0.00235EPSS
Exploits0References3
CVE
CVE
added 5 days ago11 views

CVE-2026-59095

CVE-2026-59095 affects LobeChat prior to 2.2.10-canary.18. It is a server-side request forgery (SSRF) vulnerability where authenticated attackers can supply input to the skill import service (importFromUrl) and topic cover update (fetchImageFromUrl) endpoints that use the global fetch without the...

8.3CVSS5.9AI score0.00235EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/11 7:16 a.m.8 views

CVE-2025-9539

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the automatorwpajaximportautomationfromurl function in all versions up to, and...

8CVSS5.9AI score0.00416EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/06/27 12:0 a.m.5 views

PT-2022-14230 · WordPress · Import Export All Wordpress Images

Name of the Vulnerable Software and Affected Versions: Import Export All WordPress Images, Users & Post Types WordPress plugin versions prior to 6.5.3 Description: The issue concerns the lack of full validation for files to be imported via URL, which could allow high-privilege users, such as...

7.2CVSS6.9AI score0.0126EPSS
Exploits2References4
Rows per page
Query Builder