CVE-2026-39521 WordPress Nelio Content plugin <= 4.3.1 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Nelio Software Nelio Content nelio-content allows Server Side Request Forgery.This issue affects Nelio Content: from n/a through = 4.3.1...

CVE-2026-39464

Server-Side Request Forgery SSRF vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through = 6.19.8...

CVE-2026-39464 WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin <= 6.19.8 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through = 6.19.8...

freerdp: FreeRDP heap-use-after-free

A heap use after free flaw has been discovered in FreeRDP. A race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it...

WordPress Quran Translations plugin <= 1.7 - Cross-Site Request Forgery to Playlist Settings Form vulnerability

Cross-Site Request Forgery to Playlist Settings Form vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Quran Translations versions = 1.7...

CVE-2026-3499

Product Feed PRO for WooCommerce (AdTribes) for WordPress is vulnerable to Cross-Site Request Forgery in versions 13.4.6–13.5.2.1 due to missing/incorrect nonce validation on AJAX endpoints: ajax_migrate_to_custom_post_type, ajax_adt_clear_custom_attributes_product_meta_keys, ajax_update_file_url...

CVE-2026-3499 Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce 13.4.6 - 13.5.2.1 - Cross-Site Request Forgery to Multiple Administrative Actions

The Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 13.4.6 through 13.5.2.1. This is due to missing or incorrect nonce validation on the ajaxmigratetocustomposttype,...

EUVD-2026-19992

The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the actionshandler and bulkactionshandler methods in class-dlm-downloads-path.php in all versions up to, and including, 5.1.10. This is due to missing nonce verification on these functions. This makes it...

Directory Traversal

Overview @hono/node-server is a Node.js Adapter for Hono Affected versions of this package are vulnerable to Directory Traversal due to inconsistent handling of repeated slashes in the serveStatic process. An attacker can access sensitive static files that are intended to be protected by bypassin...

EUVD-2026-19886

WWBN AVideo has an Allowlisted downloadURL media extensions bypass SSRF protection and enable internal response exfiltration Incomplete fix for CVE-2026-27732...

CVE-2025-50664

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /usergroup.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr...

CVE-2025-50670

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwglbwr.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in the name, qq, and time parameters...

CVE-2025-50664

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /usergroup.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr...

PT-2026-31387

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /user group.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr...

PT-2026-31232

CVE-2026-39670 Server-Side Request Forgery SSRF vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link P… https://t.co/gG1042ZMnD...

CVE-2025-50665

CVE-2025-50665 describes a buffer overflow in the D-Link DI-8003 (firmware 16.07.26A1) caused by improper handling of input parameters to the /web_keyword.asp endpoint. A crafted HTTP GET request using parameters such as name, en, time, mem_gb2312, and mem_utf8 can trigger the vulnerability. The ...

CVE-2025-50671

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwglref.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with excessively long strings in parameters name, en, userid, shibiename, time,...

QD 安全漏洞

QD is a task scheduling and automatic execution tool developed by QD OpenSource. There is a security vulnerability in QD 20230821, which stems from a specially crafted request and may lead to server-side request forgery...

PT-2026-31328

Name of the Vulnerable Software and Affected Versions QD 20230821 affected versions not specified Description QD 20230821 is susceptible to a Server-side request forgery SSRF condition. This occurs when a crafted request is processed, allowing for potential unauthorized access or actions on...

CVE-2025-50671

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwglref.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with excessively long strings in parameters name, en, userid, shibiename, time,...