9898 matches found
CVE-2026-49867
DataEase (open source data visualization tool) contains an authenticated stored XSS in template static resources prior to version 2.10.23. The flaw occurs when authenticated users submit TemplateManageRequest.staticResource via POST /de2api/templateManage/save or via DataVisualizationServer.decom...
CVE-2026-52865
CVE-2026-52865 affects the NGINX Ingress Controller. When processing Ingress or TransportServer resources, an authenticated remote attacker with write access to create/modify those resources can cause the NGINX Ingress Controller process to terminate, leading to a persistent crash loop in the con...
EUVD-2026-44681
When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate. Impact: The NGINX Ingress Controller control plane...
CVE-2026-52865 NGINX Ingress Controller vulnerability
When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate. Impact: The NGINX Ingress Controller control plane...
CVE-2026-55723 NGINX Ingress Controller vulnerability
When NGINX Ingress Controller is configured with Custom Resource Definitions CRDs or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated NGINX configuration without...
CVE-2026-61646 FastGPT: Shared axios SSRF guard validates only the initial URL before following redirects
FastGPT is a knowledge-based AI application platform. Prior to 4.15.0-beta5, FastGPT's shared SSRF guard validates only the initial request URL before handing the request to axios, and axios follows redirects by default. An authenticated workflow user can configure an HTTP request node to call an...
XStream <1.4.15 - Server-Side Request Forgery
XStream before 1.4.15 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorize...
MeterSphere < 2.5.0 SSRF
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in...
WebMvc.fn/WebFlux.fn - Path Traversal
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...
Liferay Portal - Open Redirect
HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' U+FFFD, which allows remote...
Spring Framework - Path Traversal
Spring Framework MVC applications deployed as WAR or with embedded Servlet containers that do not reject suspicious URI sequences and serve static resources with Spring resource handling contain a path traversal vulnerability, letting attackers access unauthorized files, exploit requires...
LyLme spage v1.9.5 - Server-Side Request Forgery
LyLme spage v1.9.5 is vulnerable to server-side request forgery SSRF via the url parameter in apply/index.php. An attacker can force the server to make arbitrary requests, potentially accessing internal resources. id: CVE-2024-36675 info: name: LyLme spage v1.9.5 - Server-Side Request Forgery...
MagicMirror <= 2.35.0 - Server-Side Request Forgery
An unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment...
EspoCRM <= 9.3.3 - Server-Side Request Forgery
EspoCRM = 9.3.3 contains an authenticated server-side request forgery caused by improper internal-host validation using alternative IPv4 formats in HostCheck::isNotInternalHost, letting authenticated users access internal resources via /api/v1/Attachment/fromImageUrl endpoint. id: CVE-2026-33534...
Astro SSR - Server-Side Request Forgery
Astro before 5.17.3 and @astrojs/node before 9.5.4 are vulnerable to full-read SSRF due to improper Host header validation in error page rendering, allowing attackers to redirect requests and access internal resources. id: CVE-2026-25545 info: name: Astro SSR - Server-Side Request Forgery author:...
CVE-2026-24271
NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause allocation of GPU resources without limits or throttling. A successful exploit of this vulnerability might lead to denial of service...
CVE-2026-50676
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Media allows an authorized attacker to elevate privileges locally...
CVE-2026-49788
Allocation of resources without limits or throttling in HTTP/2 allows an unauthorized attacker to deny service over a network...
CVE-2026-54996
CVE-2026-54996 describes a race condition in the Windows USB Print Driver caused by concurrent access to a shared resource with improper synchronization. An authorized local attacker could elevate privileges. The entry provides CVSS 3.1 base score 7.0 (High) with local attack vector, high impact ...
Windows Runtime Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Runtime allows an authorized attacker to elevate privileges locally...