CVE-2020-37241

bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can craft hidden forms targeting the admin user creation endpoint to add new administrative accounts...

CLSA-2026-1778946135 subversion: Fix of CVE-2018-11782

CVE-2018-11782: fix svnserve DoS via well-formed read-only get-deleted-rev request...

subversion: Fix of CVE-2018-11782

CVE-2018-11782: fix svnserve DoS via well-formed read-only get-deleted-rev request...

CVE-2021-47981 Quick.CMS 6.7 Cross-Site Scripting via CSRF to Sliders Form

Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute...

EUVD-2021-34834

WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers can send POST requests to admin-ajax.php with crafted filename and foldername parameters to delete...

CVE-2021-47979

WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers can send POST requests to admin-ajax.php with crafted filename and foldername parameters to delete...

EUVD-2021-34841

LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the searchquery parameter. Attackers can send POST requests to /search.php with malicious searchquery values using CASE WHEN statements to extra...

CVE-2021-47954 LayerBB 1.1.4 SQL Injection via search_query Parameter

LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the searchquery parameter. Attackers can send POST requests to /search.php with malicious searchquery values using CASE WHEN statements to extra...

CVE-2021-47934

MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and Bio. Attackers can also exploit a cross-site request forgery vulnerability in the timeline.php...

CLSA-2026-1778756991 libsoup: Fix of CVE-2026-2708

CVE-2026-2708: reject duplicate Content-Length headers with different values to prevent HTTP request smuggling per RFC 9110 section 7.7...

Exploit for Server-Side Request Forgery in Vercel Next.Js

CVE-2026-44578 — Next.js WebSocket Upgrade SSRF Pre-authentic...

Server-Side Request Forgery

esm.sh is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation in the /https fetch route, where localhost and internal network protections rely on hostname string checks that can be bypassed using DNS alias domains, allowing attackers to induce...

Server-Side Request Forgery (SSRF)

github.com/centrifugal/centrifug is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of dynamic JWKS endpoint template variables, which allows an unauthenticated attacker to craft a malicious JWT with manipulated iss or aud claims to force Centrifugo t...

Server-Side Request Forgery (SSRF)

n8n-mcp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of webhook trigger tools, the n8n API client N8NAPIURL, and per-request URLs supplied through the x-n8n-url header in multi-tenant HTTP mode, which allows an authenticated attacker to send...

PT-2026-41420

Name of the Vulnerable Software and Affected Versions Essential Chat Support versions prior to 1.0.2 Description The Essential Chat Support plugin for WordPress contains an authorization bypass. The plugin fails to properly verify if a user is authorized to perform specific actions, allowing...

PT-2026-41467

Name of the Vulnerable Software and Affected Versions Quick.CMS version 6.7 Description An issue in the sliders form allows authenticated attackers to inject malicious scripts by submitting payloads through the sDescription parameter. This can be achieved by crafting CSRF Cross-Site Request Forge...

PT-2026-41448

Name of the Vulnerable Software and Affected Versions MyBB Timeline Plugin version 1.0 Description Cross-site scripting issues allow the injection of malicious scripts via thread titles, post content, and user profile fields such as Location and Bio. Additionally, a cross-site request forgery fla...

MyBB Timeline Plugin 跨站脚本漏洞

The MyBB Timeline Plugin is a plugin provided by MyBB Corporation that offers dynamic timeline displays and social activity stream functions for MyBB forums. Version 1.0 of the MyBB Timeline Plugin contained a cross-site scripting vulnerability. This vulnerability stemmed from cross-site scriptin...

Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2026-1699)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1699 advisory. When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory. CVE-2026-3805 Tenable has extracted the preceding description block...

PT-2026-41451

Name of the Vulnerable Software and Affected Versions LayerBB version 1.1.4 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code. This is achieved by sending POST requests to the '/search.php' endpoint using malicious values in the...