121568 matches found
CVE-2026-36756
CVE-2026-36756 describes a Server-Side Request Forgery (SSRF) in halo v2.22.14. The authenticated attacker can trigger the vulnerability via a crafted GET request to the endpoint /plugins/-/install-from-uri , enabling internal resource scanning. The NVD entry provides a CVSS v3.1 base score of 5....
Halo 代码问题漏洞
Halo is a powerful and easy-to-use open-source website building tool developed by Halo. Version 2.22.14 of Halo contains a code vulnerability. This vulnerability stems from the /themes/name/upgrade-from-uri endpoint, where server-side request forgeing exists. This could allow authenticated...
CVE-2026-36767
A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request...
EUVD-2025-209598
An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request...
CVE-2026-36756
A Server-Side Request Forgery SSRF in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
EUVD-2026-26384
A Server-Side Request Forgery SSRF in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
EUVD-2026-26399
A Server-Side Request Forgery SSRF in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request...
chartbrew 访问控制错误漏洞
Chartbrew is an open-source data visualization and dashboard-building tool developed by Chartbrew. Version 4.9.0 of Chartbrew contains a access control vulnerability. This vulnerability arises from the fact that multiple dataset and data request endpoints are authorized only to project members wi...
PT-2026-36133
Name of the Vulnerable Software and Affected Versions shopizer version 3.2.5 Description A path traversal issue in the '/content/images/add' endpoint allows attackers to write arbitrary files to any writable path using a crafted POST request. Path traversal is a technique that allows an attacker ...
CVE-2026-36764
A Server-Side Request Forgery SSRF in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request...
CVE-2025-46115
An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request...
PT-2026-36117
A Server-Side Request Forgery SSRF in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
CVE-2026-36758
A Server-Side Request Forgery SSRF in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
U-SPEED N300 跨站请求伪造漏洞
The U-SPEED N300 is a wireless router device produced by the U-SPEED company. The U-SPEED N300 V1.0.0 version has a cross-site request forgery vulnerability. This vulnerability stems from the lack of a mechanism to protect against cross-site request forgery in the web management interface. This...
PT-2026-36118
A Server-Side Request Forgery SSRF in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
EUVD-2026-26385
A Server-Side Request Forgery SSRF in the /themes/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
EUVD-2026-26401
A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request...
CVE-2026-36759
A Server-Side Request Forgery SSRF in the /themes/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
CVE-2025-46115
An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request...
HP Printer Cross-Site Request Forgery (CVE-2009-0940)
Multiple cross-site request forgery CSRF vulnerabilities in the HP Embedded Web Server EWS on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that 1 print documents via unknown vectors, 2 modif...