Lucene search
K

121638 matches found

Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.12 views

PT-2026-40618

Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the admin.php?action=add user endpoint with POST requests...

5.1CVSS5.7AI score0.0014EPSS
Exploits0References4
Grafana
Grafana
added 2026/05/13 12:0 a.m.11 views

Grafana plugin resources can lead to unbounded memory allocation

A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory. An authenticated user can exploit this to trigger an out-of-memory condition, potentially causing a denial of service...

6.5CVSS5.8AI score0.00328EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/12 10:33 p.m.41 views

CVE-2026-44548 ChurchCRM: CSRF via legacy GET-delete pages (FundRaiserDelete.php, PropertyTypeDelete.php, NoteDelete.php)

ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, PropertyTypeDelete.php, or NoteDelete.php causes a logged-in ChurchCRM user with the relevant role to silently delete records,...

8.1CVSS0.0012EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/12 10:24 p.m.8 views

Server-side Request Forgery (SSRF)

Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the corsProxyMiddleware function. An attacker can access internal network services or sensitive metadata endpoints by supplying a crafted URL to the GET...

6.9CVSS5.8AI score0.00375EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 10:16 p.m.6 views

CVE-2026-42196

django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random...

9.9CVSS0.00564EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 9:31 p.m.11 views

EUVD-2026-29756

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...

7.4CVSS5.8AI score0.00471EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:24 p.m.6 views

CVE-2026-41195

mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server later fetches. Because the server follows http/https redirects and...

5CVSS5.8AI score0.00197EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/12 9:24 p.m.8 views

EUVD-2026-29853

mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server later fetches. Because the server follows http/https redirects and...

5CVSS5.8AI score0.00197EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/12 9:20 p.m.7 views

Server-side Request Forgery (SSRF)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request process. An attacker can gain unauthorized read access to internal resources by tricking a user into visiting a maliciously...

7.4CVSS5.8AI score0.00471EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 9:9 p.m.48 views

EUVD-2026-29845

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

8.1CVSS5.8AI score0.00301EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/12 9:0 p.m.9 views

Prototype Pollution

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Prototype Pollution via the pagination parameter in the HTTP Request node. An attacker can execute arbitrary code on the instance by achieving global prototype pollution and chaining this with other...

9.9CVSS6.6AI score0.00632EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 8:58 p.m.9 views

CVE-2026-42196

django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random...

9.9CVSS5.8AI score0.00564EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/12 8:58 p.m.31 views

CVE-2026-42196 django-s3file: Relative path traversal

django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random...

9.9CVSS0.00564EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 8:49 p.m.9 views

CVE-2026-44015 Nginx UI: Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware Allows Access to Internal Services

Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwar...

8.5CVSS5.9AI score0.00318EPSS
Exploits1References1
NVD
NVD
added 2026/05/12 8:16 p.m.11 views

CVE-2026-34647

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...

7.4CVSS0.00471EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 7:50 p.m.32 views

CVE-2026-34647 Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...

7.4CVSS0.00471EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 7:50 p.m.11 views

CVE-2026-34647 Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...

7.4CVSS5.8AI score0.00471EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:50 p.m.9 views

CVE-2026-34647

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...

7.4CVSS5.8AI score0.00471EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.10 views

EUVD-2025-209801

An improper neutralization of special elements used in an SQL Command "SQL Injection&" vulnerability CWE-89 vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized cod...

7.2CVSS6AI score0.00359EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.11 views

EUVD-2026-29495

Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affects Pandora FMS: from 777 through 800...

7.1CVSS5.8AI score0.00144EPSS
Exploits0References2
Rows per page
Query Builder