Lucene search
K

121697 matches found

Vulnrichment
Vulnrichment
added 2026/03/27 5:27 a.m.3 views

CVE-2026-22742 Server-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL Fetching

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery SSRF vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests...

8.6CVSS5.9AI score0.00353EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/27 4:56 a.m.26 views

CVE-2026-33559

WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user with a page-creating/editing privilege can embed some malicious script with a crafted HTTP request. When a victim user...

5.4CVSS0.00177EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/27 4:56 a.m.2 views

CVE-2026-33559

WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user with a page-creating/editing privilege can embed some malicious script with a crafted HTTP request. When a victim user...

5.4CVSS5.9AI score0.00177EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/27 3:31 a.m.10 views

EUVD-2026-16525

A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. The impacted element is the function sitemap.fetch of the file /sitemap of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack is...

6.5CVSS6.1AI score0.00206EPSS
Exploits0References5
NVD
NVD
added 2026/03/27 2:16 a.m.3 views

CVE-2026-4907

A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. The impacted element is the function sitemap.fetch of the file /sitemap of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack is...

6.5CVSS0.00206EPSS
Exploits0References4
CVE
CVE
added 2026/03/27 1:33 a.m.8 views

CVE-2026-4907

CVE-2026-4907 affects Page-Replica Page Replica (Endpoint sitemap) where the function sitemap.fetch in /sitemap is vulnerable to server-side request forgery via manipulation of the url argument. This can be exploited remotely and there is reference to a publicly available exploit. The product use...

6.5CVSS6.1AI score0.00206EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:53 a.m.2 views

CVE-2026-4906

A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed...

9CVSS8.1AI score0.02604EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/03/27 12:53 a.m.14 views

CVE-2026-4906

CVE-2026-4906 affects Tenda AC5 firmware 15.03.06.47. The vulnerability resides in the decodePwd function of the /goform/WizardHandle POST Request Handler. By manipulating the WANT/WANS argument, an attacker can trigger a stack-based buffer overflow, with remote execution potential. Public disclo...

9CVSS8.1AI score0.02604EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/03/27 12:31 a.m.3 views

EUVD-2026-16476

A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the attack is possible...

9CVSS7.8AI score0.00632EPSS
Exploits1References6
EUVD
EUVD
added 2026/03/27 12:31 a.m.5 views

EUVD-2026-16470

A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is n...

9CVSS8.1AI score0.00632EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2026/03/27 12:15 a.m.5 views

CVE-2026-33721

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...

7.5CVSS5.3AI score0.00865EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.3 views

PT-2026-28416

Server-Side Request Forgery SSRF vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to internal services or any remote server...

7.5CVSS6AI score0.00499EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/27 12:0 a.m.20 views

CVE-2026-30637

Server-Side Request Forgery SSRF vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to internal services or any remote server...

0.00499EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:0 a.m.1 views

CVE-2026-30637

Server-Side Request Forgery SSRF vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to internal services or any remote server...

6AI score0.00499EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/27 12:0 a.m.2 views

CVE-2026-30637

Server-Side Request Forgery SSRF vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to internal services or any remote server...

6AI score0.00499EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.3 views

PT-2026-28495

Name of the Vulnerable Software and Affected Versions WordPress Plugin OpenStreetMap versions affected versions not specified Description The OpenStreetMap WordPress plugin by MiKa has a cross-site scripting issue. A user logged in with page creation or editing rights can inject malicious script...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.11 views

elixir-nodejs 竞争条件问题漏洞

Elixir-nodejs is an open-source project by Revelry that serves as an Elixir API for calling Node.js functions. Versions of elixir-nodejs prior to 3.1.4 contained a race condition vulnerability. This vulnerability stemmed from race conditions in the working protocol, which led to the loss of...

7.1CVSS5.8AI score0.00315EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.9 views

pyLoad 代码问题漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev97 contained code vulnerabilities. These vulnerabilities stemmed from the download engine accepting unverified arbitrary URLs, which could lead to server-side request forgeing attacks...

9.3CVSS6AI score0.00397EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.7 views

Fleet 安全漏洞

Fleet is Fleet Device Management open source a device management platform that supports a wide range of operating systems and devices to help IT and security teams with device management, vulnerability reporting, MDM and more. A denial of service vulnerability exists in Fleet versions prior to...

8.7CVSS5.8AI score0.00434EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.9 views

PT-2026-28686

Name of the Vulnerable Software and Affected Versions Tenda AC6 version 15.03.05.16 Description A stack-based buffer overflow exists in the fromWizardHandle function of the /goform/WizardHandle file within the POST Request Handler component. Manipulation of the WANT/WANS argument can trigger this...

9CVSS6.2AI score0.00773EPSS
Exploits1References7
Rows per page
Query Builder