ChanCMS <= 3.3.0 - Server-Side Request Forgery

yanyutao0402 ChanCMS 3.3.0 contains a server-side request forgery caused by manipulation of the "taskUrl" argument in /cms/collect/getArticle, letting remote attackers make arbitrary requests, exploit requires no special privileges. id: CVE-2025-10211 info: name: ChanCMS = 3.3.0 - Server-Side...

IBM MQ 9.1 < 9.1.0.36 LTS / 9.2 < 9.2.0.42 LTS / 9.3 < 9.3.0.40 LTS / 9.3 < 9.4.5.1 CD / 9.4 < 9.4.0.21 LTS / 9.4.5.1 (7271941)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7271941 advisory. - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery SSRF. This may...

CVE-2026-41403 OpenClaw < 2026.3.31 - Access Control Bypass via Proxied Remote Request Misclassification

OpenClaw before 2026.3.31 misclassifies proxied remote requests as loopback connections in the diffs viewer when allowRemoteViewer is disabled, allowing unauthorized access. Attackers can bypass access controls by sending proxied requests that are incorrectly identified as local loopback traffic,...

CVE-2026-41302

OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...

PT-2026-33869

OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...

OpenClaw: diffs viewer misclassifies proxied remote requests as loopback when `allowRemoteViewer` is disabled

Summary diffs viewer misclassifies proxied remote requests as loopback when allowRemoteViewer is disabled Current Maintainer Triage - Status: open - Normalized severity: low - Assessment: Shipped v2026.3.28 misclassified proxied diff-viewer requests as local loopback in some cases, a real but...

GHSA-3XV9-89FM-7H4R OpenClaw: diffs viewer misclassifies proxied remote requests as loopback when `allowRemoteViewer` is disabled

Summary diffs viewer misclassifies proxied remote requests as loopback when allowRemoteViewer is disabled Current Maintainer Triage - Status: open - Normalized severity: low - Assessment: Shipped v2026.3.28 misclassified proxied diff-viewer requests as local loopback in some cases, a real but...

CVE-2026-32916

OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes. Remote unauthenticated requests to plugin-owned routes can invoke runtime.subagent...

CVE-2026-24964

Server-Side Request Forgery SSRF vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Server Side Request Forgery.This issue affects Contest Gallery: from n/a through = 28.1.2.1...

CVE-2026-33502

Summary (CVE-2026-33502) AVideo (open-source video platform) contains an unauthenticated SSRF via plugin/Live/test.php. In affected versions

CVE-2026-3478

The Content Syndication Toolkit plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3 via the reduxp AJAX action in the bundled ReduxFramework library. The plugin registers a proxy endpoint wpajaxnoprivreduxp that is accessible to...

USN-7976-1 node-form-data vulnerability

Ben Shonaldmann discovered that Form-data incorrectly generated boundary values for multipart form-encoded data, leading to predictable values. A remote attacker could possibly use this issue to make arbitrary requests to internal systems...

CVE-2025-15104

Nu Html Checker validator.nu contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. While the validator implements hostname-based protections to block direct access to localhost and...

CVE-2025-15104

Nu Html Checker validator.nu contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. While the validator implements hostname-based protections to block direct access to localhost and...

CVE-2025-15104

Nu Html Checker validator.nu contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. While the validator implements hostname-based protections to block direct access to localhost and...

CVE-2025-15104

Nu Html Checker validator.nu contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. While the validator implements hostname-based protections to block direct access to localhost and...

CVE-2025-15104

Nu Html Checker validator.nu contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. While the validator implements hostname-based protections to block direct access to localhost and...

PT-2026-3253

Name of the Vulnerable Software and Affected Versions Nu Html Checker versions prior to commit 23f090a11bab8d0d4e698f1ffc197a4fe226a9cd Description The Nu Html Checker validator.nu is susceptible to a restriction bypass that enables remote attackers to initiate arbitrary HTTP/HTTPS requests to...

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key via the JWTSecretKey argument in the JWT Secret Handler. An attacker can gain unauthorized access to sensitive information by exploiting the use of a hard-coded cryptographic key in remote requests...

EUVD-2025-204295

due to insufficient sanitazation in Vega’s convert function when safeMode is enabled and the spec variable is an array. An attacker can craft a malicious Vega diagram specification that will allow them to send requests to any URL, including local file system paths, leading to exposure of sensitiv...