Lucene search
K

175 matches found

NVD
NVD
added 6 days ago7 views

CVE-2026-12002

The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.11.1. This is due to missing or incorrect nonce validation on the maybeconnectiondata function. This makes it possible for...

4.7CVSS0.00102EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42230

The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.11.1. This is due to missing or incorrect nonce validation on the maybeconnectiondata function. This makes it possible for...

4.7CVSS5.8AI score0.00102EPSS
Exploits0References2
CVE
CVE
added 6 days ago12 views

CVE-2026-12002

The CVE-2026-12002 entry concerns the Smash Balloon Social Photo Feed – Easy Social Feeds Plugin for WordPress. A CSRF vulnerability exists in all versions up to and including 6.11.1 due to missing/incorrect nonce validation in the maybe_connection_data function. This allows unauthenticated attac...

4.7CVSS5.8AI score0.00102EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.8 views

Drupal 10.5.x < 10.5.12 / 10.6.x < 10.6.11 / 11.2.x < 11.2.14 / 11.3.x < 11.3.12 Multiple Vulnerabilities (drupal-2026-06-17)

According to its self-reported version, the instance of Drupal running on the remote web server is 10.5.x prior to 10.5.12, 10.6.x prior to 10.6.11, 11.2.x prior to 11.2.14, or 11.3.x prior to 11.3.12. It is, therefore, affected by multiple vulnerabilities. - Drupal core contains a chain of metho...

5.9CVSS6.3AI score0.00161EPSS
Exploits0References19
OSV
OSV
added 2026/06/17 6:57 p.m.10 views

DRUPAL-CORE-2026-008

The Media module comes with support for oEmbed. The oEmbed specification contains two discovery mechanisms, via providers.json and via URL discovery. The URL discovery code could be leveraged to trick Drupal into making server-side requests to any URL...

3.1CVSS5.4AI score0.00133EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50609

Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description The Media module supports oEmbed, which utilizes two discovery mechanisms: providers.json and URL discovery. The URL discovery code can be exploited to trick the system into making...

5.5AI score0.00133EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/08 2:21 p.m.17 views

CVE-2026-34428

Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly to getUrl via curl without scheme or destination validation. Authenticated backend users can supply file:// URLs to read...

8.3CVSS5.9AI score0.00256EPSS
Exploits0References1
OSV
OSV
added 2026/03/19 7:4 p.m.3 views

GHSA-HH8V-HGVP-G3F5 league/commonmark has an embed extension allowed_domains bypass

Impact The DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like youtube.com.evil passes the allowlist check when youtube.com is an allowed domain. This enabl...

6.3CVSS5.9AI score0.00241EPSS
Exploits0References5
OSV
OSV
added 2026/01/29 8:40 p.m.4 views

BIT-GHOST-2025-9862 Ghost 6.0.6 - SSRF via oEmbed Bookmark

Server-Side Request Forgery SSRF vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3...

6.5CVSS5.9AI score0.00483EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/07 9:45 a.m.8 views

CVE-2017-6514

WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information Path Disclosure via a /wp-json/oembed/1.0/embed?url= request, related to the "authorname":" substring...

5.3CVSS6.4AI score0.03008EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.4 views

PT-2026-26486

Name of the Vulnerable Software and Affected Versions league/commonmark versions 2.3.0 through 2.8.1 Description The DomainFilteringAdapter within the Embed extension is susceptible to an allowlist bypass because of a missing hostname boundary assertion in the domain-matching regular expression. ...

6.3CVSS5.9AI score0.00241EPSS
Exploits0References8
Hacker One
Hacker One
added 2025/10/14 4:8 p.m.21 views

Rocket.Chat: SSRF via Improper Redirect Validation in Rocket.Chat oEmbed Function

A vulnerability was discovered in Rocket.Chat version 7.10.1 where the oEmbed feature did not properly validate redirected URLs. This allowed an attacker to bypass SSRF protections and access internal network resources that would otherwise be unreachable...

5.5AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2017-6221

Malware in sbrugna...

6.1CVSS7.6AI score0.02859EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2019-19226

Malware in sbrugna...

9.8CVSS9.5AI score0.01846EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-0320

Malware in sbrugna...

9.3CVSS8AI score0.01752EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-6771

Malware in sbrugna...

7.5CVSS7.6AI score0.04084EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2013-2157

Malware in sbrugna...

4.3CVSS6AI score0.0225EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-56867

Malicious code in bioql PyPI...

6.5CVSS6.7AI score0.00328EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-22460

Malicious code in bioql PyPI...

6.5CVSS7.2AI score0.0031EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-14932

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00195EPSS
Exploits0References2
Rows per page
Query Builder