14672 matches found
EUVD-2026-44953
text-generation-inference through 3.3.7 contains a server-side request forgery SSRF vulnerability in the OpenAI-compatible multimodal chat completions endpoint that allows unauthenticated network attackers to coerce the server into issuing arbitrary HTTP GET requests by supplying a crafted imageu...
CVE-2026-63086
text-generation-inference through 3.3.7 contains a server-side request forgery SSRF vulnerability in the OpenAI-compatible multimodal chat completions endpoint that allows unauthenticated network attackers to coerce the server into issuing arbitrary HTTP GET requests by supplying a crafted imageu...
CVE-2026-57205
CVE-2026-57205 affects SimpleChat prior to version 0.241.203. An authenticated low-privilege user could exploit IDOR on two endpoints (GET /api/user/info/ and GET /api/user/profile-image/) by supplying a caller-controlled user_id to read another user’s email address, display name, and profile ima...
DomainMOD 4.13.0 - Cross-Site Scripting
DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...
ResourceSpace - Metadata Export
In Montala ResourceSpace through 9.8 before r19636, csvexportresultsmetadata.php allows attackers to export collection metadata via a non-NULL k value. id: CVE-2022-31260 info: name: ResourceSpace - Metadata Export author: ritikchaddha severity: medium description: | In Montala ResourceSpace...
MagicMirror <= 2.35.0 - Server-Side Request Forgery
An unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment...
WordPress 3D FlipBook <= 1.16.17 - Information Disclosure
WordPress 3D FlipBook - PDF Flipbook Viewer, Flipbook Image Gallery plugin versions = 1.16.17 contain a missing authorization vulnerability in multiple AJAX endpoints. The fb3dsendpostsin, fb3dsendpostpages, fb3dsendpostsinpages, fb3dsendpostsinfirstpage, and fb3dsendpostfirstpage handlers are...
Gotenberg - Command Injection
Gotenberg 8.31.0 contains a command injection caused by lack of validation on JSON metadata keys in /forms/pdfengines/metadata/write endpoint, letting unauthenticated attackers execute OS commands, exploit requires crafted HTTP request. id: CVE-2026-42589 info: name: Gotenberg - Command Injection...
Rank Math SEO < 1.0.229 - Unauthenticated User and Term Metadata Insert/Update/Deletion
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress contains a missing capability check on 'updatemetadata' in all versions up to 1.0.228, letting unauthenticated attackers insert, update, or delete metadata, including user and term metadata, potentially causing loss of...
CVE-2026-22752 Spring Security Authorization Server Dynamic Client Registration endpoints perform insufficient validation of client metadata
Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server. This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10...
CVE-2026-22752
CVE-2026-22752 affects Spring Authorization Server dynamic client registration: versions 7.0.0–7.0.4, 1.5.0–1.5.6, 1.4.0–1.4.9, and 1.3.0–1.3.10, with insufficient validation of client metadata during dynamic registration. This can lead to Stored XSS, SSRF, or Privilege Escalation depending on co...
RLSA-2026:39868 Important: nodejs:24 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...
CVE-2026-53446
Wekan is open source kanban built with Meteor. Prior to 9.32, Wekan webhook integration URLs in models/integrations.js are stored from user input and later fetched by server/notifications/outgoing.js without applying the existing validateAttachmentUrl private-network checks from...
CVE-2026-54458 AVideo: Unauthenticated Stored DOM Cross-Site Scripting via Per-Client Metadata Broadcast in YPTSocket Plugin
WWBN AVideo is an open source video platform. Versions prior to 29.0 contain a stored DOM Cross-Site Scripting vulnerability in the YPTSocket plugin. Any unauthenticated remote attacker can execute arbitrary JavaScript in the authenticated origin of every administrator currently viewing a page th...
CVE-2026-55410
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to 2.1.19, NocoBase @nocobase/plugin-backups restored PostgreSQL backups by interpolating the database.schema value from metadata.json into shell command strings executed with...
CVE-2026-52888
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. In 2.0.59 and earlier, NocoBase @nocobase/plugin-collection-sql used the checkSQL function in packages/plugins/@nocobase/plugin-collection-sql/src/server/utils.ts with an incomplete...
CVE-2026-55410
NocoBase (with the @nocobase/plugin-backups) prior to version 2.1.19 is vulnerable. The backups restoration flow interpolates database.schema from _metadata.json into Node.js child_process.exec() shell commands, enabling a backup-management user to execute arbitrary commands with the NocoBase ser...
CVE-2026-52888 NocoBase: Sensitive Data Exposure via SQL Blacklist Bypass
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. In 2.0.59 and earlier, NocoBase @nocobase/plugin-collection-sql used the checkSQL function in packages/plugins/@nocobase/plugin-collection-sql/src/server/utils.ts with an incomplete...
CVE-2026-52888
NocoBase before 2.1.0-alpha.46 exposes sensitive data via the SQL Collection feature. The plugin-collection-sql checkSQL() used an incomplete keyword blacklist that did not block PostgreSQL system catalogs (e.g., pg_shadow, pg_roles, pg_stat_activity), allowing an admin-role user to read password...
CVE-2026-41580 Stirling-PDF: Reflected XSS through crafted PDF metadata fields (Title and Author)
Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. Prior to 2.0.0, Stirling-PDF's /get-info-on-pdf endpoint rendered PDF Title and Author metadata fields without proper HTML encoding or sanitization, allowing a crafted PDF to execute...