Lucene search
K

121698 matches found

Patchstack
Patchstack
added 2026/03/27 11:21 a.m.6 views

WordPress Blog2Social: Social Media Auto Post & Scheduler plugin <= 8.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Deletion via 'b2s_reset_social_meta_tags' AJAX Action vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Meta Deletion via 'b2sresetsocialmetatags' AJAX Action vulnerability discovered by s00me00ne in WordPress Plugin Blog2Social versions = 8.8.2...

4.3CVSS5.9AI score0.00248EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/03/27 11:0 a.m.126 views

msfpro

msfpro 🔥 Lightweight Web Exploitation Framework for Bug Bou...

6AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/03/27 8:1 a.m.2 views

Squid vulnerable to Denial of Service in ICP Request handling

...

9.2CVSS5.8AI score0.08942EPSS
Exploits0
Snyk
Snyk
added 2026/03/27 7:20 a.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to insufficient validation of user-supplied media URLs in the BedrockProxyChatModel function. An attacker can cause the server to send HTTP requests to unintended internal or external destinations by...

9.2CVSS5.9AI score0.00353EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/27 7:20 a.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to insufficient validation of user-supplied media URLs in the BedrockProxyChatModel function. An attacker can cause the server to send HTTP requests to unintended internal or external destinations by...

9.2CVSS5.9AI score0.00353EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/27 6:31 a.m.7 views

Spring AI: Insufficient Validation causes SSRF when processing multimodal messages with user-supplied URLs

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery SSRF vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests...

8.6CVSS5.9AI score0.00353EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/03/27 6:16 a.m.10 views

CVE-2026-33559

WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user with a page-creating/editing privilege can embed some malicious script with a crafted HTTP request. When a victim user...

5.4CVSS0.00177EPSS
Exploits0References2
CVE
CVE
added 2026/03/27 5:33 a.m.32 views

CVE-2026-22743

CVE-2026-22743 affects Spring AI’s spring-ai-neo4j-store, specifically the Cypher injection in the Neo4jVectorFilterExpressionConverter. A user-controlled string used as a filter expression key is embedded into a backtick-delimited Cypher property accessor (node.metadata.) after stripping only do...

7.5CVSS5.8AI score0.0025EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 5:27 a.m.3 views

CVE-2026-22742 Server-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL Fetching

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery SSRF vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests...

8.6CVSS5.9AI score0.00353EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/27 4:56 a.m.26 views

CVE-2026-33559

WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user with a page-creating/editing privilege can embed some malicious script with a crafted HTTP request. When a victim user...

5.4CVSS0.00177EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/27 4:56 a.m.2 views

CVE-2026-33559

WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user with a page-creating/editing privilege can embed some malicious script with a crafted HTTP request. When a victim user...

5.4CVSS5.9AI score0.00177EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/27 3:31 a.m.10 views

EUVD-2026-16525

A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. The impacted element is the function sitemap.fetch of the file /sitemap of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack is...

6.5CVSS6.1AI score0.00206EPSS
Exploits0References5
NVD
NVD
added 2026/03/27 2:16 a.m.3 views

CVE-2026-4907

A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. The impacted element is the function sitemap.fetch of the file /sitemap of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack is...

6.5CVSS0.00206EPSS
Exploits0References4
CVE
CVE
added 2026/03/27 1:33 a.m.8 views

CVE-2026-4907

CVE-2026-4907 affects Page-Replica Page Replica (Endpoint sitemap) where the function sitemap.fetch in /sitemap is vulnerable to server-side request forgery via manipulation of the url argument. This can be exploited remotely and there is reference to a publicly available exploit. The product use...

6.5CVSS6.1AI score0.00206EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:53 a.m.2 views

CVE-2026-4906

A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed...

9CVSS8.1AI score0.02604EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/03/27 12:53 a.m.14 views

CVE-2026-4906

CVE-2026-4906 affects Tenda AC5 firmware 15.03.06.47. The vulnerability resides in the decodePwd function of the /goform/WizardHandle POST Request Handler. By manipulating the WANT/WANS argument, an attacker can trigger a stack-based buffer overflow, with remote execution potential. Public disclo...

9CVSS8.1AI score0.02604EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/03/27 12:31 a.m.3 views

EUVD-2026-16476

A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the attack is possible...

9CVSS7.8AI score0.00632EPSS
Exploits1References6
EUVD
EUVD
added 2026/03/27 12:31 a.m.5 views

EUVD-2026-16470

A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is n...

9CVSS8.1AI score0.00632EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2026/03/27 12:15 a.m.5 views

CVE-2026-33721

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...

7.5CVSS5.3AI score0.00865EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.3 views

PT-2026-28416

Server-Side Request Forgery SSRF vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to internal services or any remote server...

7.5CVSS6AI score0.00499EPSS
Exploits1References2
Rows per page
Query Builder