CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

170 matches found

Positive Technologies•added 2026/06/17 12:0 a.m.•14 views

PT-2026-50609

Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description The Media module supports oEmbed, which utilizes two discovery mechanisms: providers.json and URL discovery. The URL discovery code can be exploited to trick the system into making...

5.5AI score

Exploits0References3

RedhatCVE•added 2026/05/08 2:21 p.m.•11 views

CVE-2026-34428

Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly to getUrl via curl without scheme or destination validation. Authenticated backend users can supply file:// URLs to read...

8.3CVSS5.9AI score0.00256EPSS

Exploits0References1

OSV•added 2026/03/19 7:4 p.m.•2 views

GHSA-HH8V-HGVP-G3F5 league/commonmark has an embed extension allowed_domains bypass

Impact The DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like youtube.com.evil passes the allowlist check when youtube.com is an allowed domain. This enabl...

6.3CVSS5.9AI score0.00241EPSS

Exploits0References5

OSV•added 2026/01/29 8:40 p.m.•3 views

BIT-GHOST-2025-9862 Ghost 6.0.6 - SSRF via oEmbed Bookmark

Server-Side Request Forgery SSRF vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3...

6.5CVSS5.9AI score0.00483EPSS

Exploits1References5

RedhatCVE•added 2026/01/07 9:45 a.m.•6 views

CVE-2017-6514

WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information Path Disclosure via a /wp-json/oembed/1.0/embed?url= request, related to the "authorname":" substring...

5.3CVSS6.4AI score0.03008EPSS

Exploits0References1

Positive Technologies•added 2026/01/01 12:0 a.m.•1 views

PT-2026-26486

Name of the Vulnerable Software and Affected Versions league/commonmark versions 2.3.0 through 2.8.1 Description The DomainFilteringAdapter within the Embed extension is susceptible to an allowlist bypass because of a missing hostname boundary assertion in the domain-matching regular expression. ...

6.3CVSS5.9AI score0.00241EPSS

Exploits0References8

Hacker One•added 2025/10/14 4:8 p.m.•15 views

Rocket.Chat: SSRF via Improper Redirect Validation in Rocket.Chat oEmbed Function

A vulnerability was discovered in Rocket.Chat version 7.10.1 where the oEmbed feature did not properly validate redirected URLs. This allowed an attacker to bypass SSRF protections and access internal network resources that would otherwise be unreachable...

5.5AI score

Exploits0