CVE-2019-25729 PDF Signer 3.0 Server-Side Template Injection RCE via CSRF Cookie

PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection payloads like shellex...

EUVD-2026-34182

A vulnerability was found in crmeb crmebjava 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server-side request...

PT-2026-46302

Name of the Vulnerable Software and Affected Versions Axios versions 1.7.0 through 1.15.x Description Axios fails to enforce configured request and response size limits when using the fetch adapter. This occurs when applications explicitly set adapter: 'fetch', use a configuration where fetch is...

PT-2026-46853

Summary plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST parameter. The endpoint contains a TODO for real Authorize.Net charging, hardcodes $paymentSuccess = true, and then calls YPTWallet::addBalance without...

PT-2026-46889

Summary The /api/ action/media/external-link endpoint allows authenticated admin users to make server-side HTTP HEAD requests to arbitrary internal IP addresses. While the parallel uploadFromURL flow validates target IPs against private/reserved ranges via FileUrlValidator, the linkURL flow only...

PT-2026-46237

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists in the 'over-correlation' endpoint where the order query parameter is accepted from user-controlled named request parameters. This allows an...

PT-2026-46199

PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection payloads like shell...

PT-2026-46763

Name of the Vulnerable Software and Affected Versions Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns versions prior to 6.1.4 Description The plugin is susceptible to Server-Side Request Forgery SSRF, a flaw where an attacker can induce the server-side application to mak...

PT-2026-46863

Summary The /api/ action/media/external-link endpoint allows authenticated admin users to make server-side HTTP HEAD requests to arbitrary internal IP addresses. While the parallel uploadFromURL flow validates target IPs against private/reserved ranges via FileUrlValidator, the linkURL flow only...

Kibana 9.3.x < 9.3.3 SSRF (ESA-2026-40)

The version of Kibana installed on the remote host is 9.3.x prior to 9.3.3. It is, therefore, affected by a vulnerability as referenced in the ESA-2026-40 advisory. - Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the...

CVE-2026-10771

A vulnerability was found in crmeb crmebjava 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server-side request...

Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resulting in Remote Code Execution

Summary The environment variables KERNELXXX used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection SSTI. By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can...

CVE-2026-10771 crmeb crmeb_java base64 Qrcode Endpoint RestTemplateUtil.java RestTemplate.getForEntity server-side request forgery

A vulnerability was found in crmeb crmebjava 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server-side request...

CVE-2026-10771

CVE-2026-10771 affects crmeb_crmeb_java 1.4. The vulnerability targets the function RestTemplate.getForEntity in the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint . Manipulating the argument url results in a server-side request...

CVE-2026-10771 crmeb crmeb_java base64 Qrcode Endpoint RestTemplateUtil.java RestTemplate.getForEntity server-side request forgery

A vulnerability was found in crmeb crmebjava 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server-side request...

CVE-2026-10771

A vulnerability was found in crmeb crmebjava 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server-side request...

Server-side Request Forgery (SSRF)

Overview docling-core is an A python library to define and validate data types in Docling. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the resolveremotefilename function, which processes headers from remote requests. An attacker can access sensitive fil...

Server-side Request Forgery (SSRF)

Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the HTML rendering process when the...

CVE-2026-20230

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...

CVE-2026-20230

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct server-side request forgery SSRF attacks through an affected device. This vulnerability ...