CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

168 matches found

RedhatCVE•added 2026/05/08 2:21 p.m.•4 views

CVE-2026-34428

Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly to getUrl via curl without scheme or destination validation. Authenticated backend users can supply file:// URLs to read...

8.3CVSS5.9AI score0.00034EPSS

Exploits0References1

OSV•added 2026/03/19 7:4 p.m.•1 views

GHSA-HH8V-HGVP-G3F5 league/commonmark has an embed extension allowed_domains bypass

Impact The DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like youtube.com.evil passes the allowlist check when youtube.com is an allowed domain. This enabl...

6.3CVSS5.9AI score0.00015EPSS

Exploits0References5

OSV•added 2026/01/29 8:40 p.m.•2 views

BIT-GHOST-2025-9862 Ghost 6.0.6 - SSRF via oEmbed Bookmark

Server-Side Request Forgery SSRF vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3...

6.5CVSS5.9AI score0.00017EPSS

Exploits1References5

RedhatCVE•added 2026/01/07 9:45 a.m.•5 views

CVE-2017-6514

WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information Path Disclosure via a /wp-json/oembed/1.0/embed?url= request, related to the "authorname":" substring...

5.3CVSS6.4AI score0.01375EPSS

Exploits0References1

Positive Technologies•added 2026/01/01 12:0 a.m.•0 views

PT-2026-26486

Name of the Vulnerable Software and Affected Versions league/commonmark versions 2.3.0 through 2.8.1 Description The DomainFilteringAdapter within the Embed extension is susceptible to an allowlist bypass because of a missing hostname boundary assertion in the domain-matching regular expression. ...

6.3CVSS5.9AI score0.00015EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-0320

Malware in sbrugna...

9.3CVSS8AI score0.00735EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2017-6221

Malware in sbrugna...

6.1CVSS7.6AI score0.07679EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2016-6771

Malware in sbrugna...

7.5CVSS7.6AI score0.07246EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2013-2157

Malware in sbrugna...

4.3CVSS6AI score0.01357EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-19226

Malware in sbrugna...

9.8CVSS9.5AI score0.00418EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-14932