CVE-2026-53607

ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, when prettyUrls: true is enabled on @apostrophecms/file a documented SEO feature for serving uploaded files at clean URLs, the public pretty-URL handler builds the upstream URL using the raw...

CVE-2026-53607 @apostrophecms/file pretty-URL Vulnerable to Unauthenticated SSRF via Host header

ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, when prettyUrls: true is enabled on @apostrophecms/file a documented SEO feature for serving uploaded files at clean URLs, the public pretty-URL handler builds the upstream URL using the raw...

CVE-2026-53607

Technical details are not publicly available in the provided documents. Monitor for updates and confirm when patched versions or advisories are published.

PT-2026-48991

ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, when prettyUrls: true is enabled on @apostrophecms/file a documented SEO feature for serving uploaded files at clean URLs, the public pretty-URL handler builds the upstream URL using the raw...

CVE-2025-22563 WordPress Pretty Urls Plugin <= 1.5.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in faaiq Pretty Url pretty-url allows Cross Site Request Forgery.This issue affects Pretty Url: from n/a through = 1.5.5...

CVE-2025-22563 WordPress Pretty Urls Plugin <= 1.5.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Faaiq Pretty Url allows Cross Site Request Forgery.This issue affects Pretty Url: from n/a through 1.5.4...

CVE-2025-22563

CVE-2025-22563 : Cross-Site Request Forgery (CSRF) vulnerability in the Pretty Url (WordPress plugin) affecting versions up to 1.5.4. The available connected documents confirm the CSRF nature and affected version, but do not provide exploitation details or a confirmed fixed version. No further te...

WordPress Pretty Urls Plugin <= 1.5.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by thiennv Patchstack Alliance in WordPress Plugin Pretty Url versions = 1.5.5...

Drupal External URL injection through URL aliases leading to Open Redirect

The path module in Drupal allows users with the 'administer paths' to create pretty URLs for content. In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url...

Drupal Core Multiple Security Vulnerabilities (SA-CORE-2018-006) - Linux

Drupal is prone to multiple security vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...