MagicMirror vulnerable to unauthenticated SSRF via /cors endpoint

Summary An unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environme...

CVE-2026-23693

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor elementskit-lite WordPress plugin versions prior to 3.7.9 expose the REST endpoint /wp-json/elementskit/v1/widget/mailchimp/subscribe without authentication. The endpoint accepts client-supplied Mailchimp API...

CVE-2026-23693 ElementsKit Elementor Addons < 3.7.9 Unauthenticated Mailchimp REST Endpoint

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor elementskit-lite WordPress plugin versions prior to 3.7.9 expose the REST endpoint /wp-json/elementskit/v1/widget/mailchimp/subscribe without authentication. The endpoint accepts client-supplied Mailchimp API...

CVE-2026-23693 ElementsKit Elementor Addons < 3.7.9 Unauthenticated Mailchimp REST Endpoint

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor elementskit-lite WordPress plugin versions prior to 3.7.9 expose the REST endpoint /wp-json/elementskit/v1/widget/mailchimp/subscribe without authentication. The endpoint accepts client-supplied Mailchimp API...

EUVD-2003-0311

Malware in sbrugna...

EUVD-2016-6617

Malware in sbrugna...

EUVD-2015-1017

Malware in sbrugna...

EUVD-2021-25700

Malware in sbrugna...

EUVD-2015-3031

Malware in sbrugna...

EUVD-2020-30801

Malware in sbrugna...

EUVD-2015-7692

Malware in sbrugna...

EUVD-2015-1010

Malware in sbrugna...

EUVD-2024-28064

Malicious code in bioql PyPI...

CVE-2020-36851

Rob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services,...

cors-anywhere vulnerable to server-side request forgery

Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services...

GHSA-R3JV-XFGX-GJ24 cors-anywhere vulnerable to server-side request forgery

Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services...

CVE-2020-36851

Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services...

CVE-2020-36851

CVE-2020-36851 affects cors-anywhere/server-side proxy configurations that run as an open proxy. The issue allows unauthenticated external users to induce the proxy to make HTTP requests to arbitrary targets (SSRF) because the proxy forwards requests and headers, enabling access to internal endpo...

CVE-2020-36851

Rob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services,...

cors-anywhere 安全漏洞

cors-anywhere is a NodeJS reverse proxy by Rob Wu, a personal developer. A security vulnerability exists in cors-anywhere that stems from allowing an unauthenticated external user when configured as an open proxy to trick the server into making HTTP requests to arbitrary targets, which could lead...