CVE-2026-28423

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, when Glide image manipulation is used in insecure mode which is not the default, the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary...

Statamic Vulnerable to Server-Side Request Forgery via Glide

Impact When Glide image manipulation is used in insecure mode which is not the default, the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary URLs—either via the URL directly or via the watermark feature. That can allow access to internal...

GHSA-CWPP-325Q-2CVP Statamic Vulnerable to Server-Side Request Forgery via Glide

Impact When Glide image manipulation is used in insecure mode which is not the default, the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary URLs—either via the URL directly or via the watermark feature. That can allow access to internal...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in Glide when operating in insecure mode. An unauthenticated attacker can access internal services and cloud metadata endpoints by supplying arbitrary URLs to the image proxy or watermark feature. This i...

CVE-2026-28423

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, when Glide image manipulation is used in insecure mode which is not the default, the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary...

CVE-2026-28423

CVE-2026-28423 affects Statamic CMS: prior to versions 5.73.11 and 6.4.0, when Glide image manipulation is used in insecure mode (not default), the image proxy can be abused by an unauthenticated user to trigger HTTP requests to arbitrary URLs via the URL or watermark feature, enabling access to ...

EUVD-2026-9092

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, when Glide image manipulation is used in insecure mode which is not the default, the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary...

CVE-2026-28423 Statamic Vulnerable to Server-Side Request Forgery via Glide

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, when Glide image manipulation is used in insecure mode which is not the default, the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary...

CVE-2026-28423 Statamic Vulnerable to Server-Side Request Forgery via Glide

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, when Glide image manipulation is used in insecure mode which is not the default, the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary...

CVE-2026-28423 Statamic Vulnerable to Server-Side Request Forgery via Glide

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, when Glide image manipulation is used in insecure mode which is not the default, the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary...

cms 代码问题漏洞

Cms is a software package developed by Statamic. Versions of CMS prior to 5.73.11 and 6.4.0 contained code-related vulnerabilities. These vulnerabilities occurred when using Glide image processing in an insecure mode. In such cases, the image proxy could be exploited to send HTTP requests to...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to not checking the Certificate Revocation List CRL when insecureMode is set to its default value of false. An attacker with access to the private key of a correctly issued certificate and the ability...

PT-2023-8999 · Snowflake · Snowflake-Connector-Net

Name of the Vulnerable Software and Affected Versions: Snowflake Connector .NET versions 2.0.25 through 2.1.4 Description: The issue is related to errors in the certificate authentication procedure, which may allow a remote attacker to perform a Man-in-the-Middle MitM attack. The vulnerability is...

curl: Inadequate Cryptographic Key Size and Insecure Cryptographic Mode. File Name :- curl_ntlm_core.c

The application is generating cryptographic keys or key pairs using a short and inadequate length. This application is using the ECB Electronic Codebook mode of operation to perform encryption, which is considered semantically insecure. Vulnerable File name :- curlntlmcore.c Vulnerable line no. 2...

Web Pen-Test Practice Application: OWASP Mutillidae

OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF and OWASP BWA. The existing version can be updated on...

CVE-2017-15696

When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code...

rpc.ypupdated RCE Vulnerability

ypupdated with the SPDX-FileCopyrightText: 2008 Tenable Network Security, Inc. and Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-1999-0568

The CVE-1999-0568 entry concerns the Solaris rpc.admind service not running in a secure mode. Connected sources identify the vulnerable component as rpc.admind on Sun Solaris, with the root cause described as the service not operating securely. The materials do not provide specific affected Solar...

PT-1999-1195 · Sun · Solaris

Name of the Vulnerable Software and Affected Versions: Sun Solaris affected versions not specified Description: The issue is related to the rpc.admind service in Solaris not running in a secure mode. Recommendations: At the moment, there is no information about a newer version that contains a fix...