269 matches found
CVE-2026-12123
The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locatio...
CVE-2026-60105
Monsta FTP before 2.14.5 contains a server-side request forgery (SSRF) in the fetchRemoteFile action due to an incomplete IP blocklist in isBlockedIP(), which fails to detect IPv4 addresses embedded in IPv4-mapped IPv6 addresses. An unauthenticated attacker can obtain a CSRF token from the public...
PT-2026-56613
Name of the Vulnerable Software and Affected Versions Monsta FTP versions prior to 2.14.5 Description An unauthenticated attacker can trigger a server-side request forgery SSRF by bypassing an IP blocklist. The issue occurs in the fetchRemoteFile action due to an incomplete check in the isBlocked...
CVE-2026-55418 FastGPT: S3 presign/read handlers do not bind the object key to the caller's team (cross-team file disclosure)
FastGPT is an open source AI knowledge base platform. Prior to v4.15.0-beta5, two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from the request, without checking that the key belongs to the caller's team. Because S3 object key...
CVE-2026-11397
The CVE-2026-11397 entry concerns the WordPress plugin WP Import Export Lite (versions
BIT-GHOST-2026-53944 Ghost: Private IP filtering bypass to make server-side requests to internal services
Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that ensures the request isn't going to an internal service using an IPv6 literal which maps to a private IPv4 address. This vulnerability is fixed in...
CVE-2026-10134
IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally...
EUVD-2026-40404
IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally...
Security Bulletin: Vulnerabilities in lodash, cryptography and axios might affect IBM Storage Defender Sentinel Anomaly Scan Engine.
Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by lodash, cryptography and axios. Vulnerabilities include allowing an attacker to perform prototype pollution, create buffer overflows, improper validation of certificates and connect to internal services. More details are...
Fluentd is Vulnerable to Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http`
The outhttp output plugin allows the use of placeholders such as $tag in the endpoint configuration parameter. It was discovered that if the placeholder value is derived from untrusted user input, an attacker can maliciously control the destination hostname of the outbound HTTP requests made by...
DRUPAL-CONTRIB-2026-049
The Flag attendance field module gives you the ability to add attendance by depending on Flag module. flagattendancefield stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can lead to an object injection vulnerability when th...
CVE-2026-47260 Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs
Koel is a free, open-source music streaming solution. Prior to version 9.3.5, Koel validates the podcast feed URL via the SafeUrl rule DNS resolution + public IP check, but the individual episode values extracted from the RSS XML are stored directly into the database without any SSRF validation...
CVE-2026-40002
Red Magic 11 Pro NX809J contains a vulnerability that allows non-privileged applications to trigger sensitive operations. The vulnerability stems from the lack of validation for applications accessing the service interface. Exploiting this vulnerability, an attacker can write files to specific...
CVE-2026-33362
In Meari IoT SDK builds embedded in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and white-label Android apps = 1.8.x latest observed, multiple security-critical secrets are hardcoded and shared, including API signing material, password-transport keying, and service access keys...
NocoDB: Server-Side Request Forgery via Database Connection Host
Summary The connection-test endpoint opened a raw TCP socket to the user-supplied database host without resolving and range-checking the destination, so private and link-local addresses including IPv4-mapped IPv6 forms and localhost reached the driver. Details A new validateDbConnectionHost helpe...
MAL-2026-5267 Malicious code in wrangler-deploy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d2085fa4916157b99799df085aa11e3d29bdb9a47f5798c85375b1bfdf8bd7e Package name wrangler-deploy is close to Cloudflare's official wrangler CLI, which raises confusion-risk concerns for developers who may install it...
PT-2026-45047
Name of the Vulnerable Software and Affected Versions Koel versions prior to 9.3.5 Description Koel fails to validate individual episode enclosure URLs extracted from RSS XML feeds, despite validating the main podcast feed URL. These unvalidated URLs are stored in the database and subsequently...
CVE-2026-45310
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetchurl tool validates the initial URL's resolved IP address against a restricted-IP blocklist isrestrictedip to prevent SSRF attacks against internal services cloud metadata endpoints, localhost, private networks...
PT-2026-44731
Name of the Vulnerable Software and Affected Versions Trestle affected versions not specified Description Security issues were discovered in the trestle/core/remote/cache.py module. The HTTPSFetcher. do fetch function passes a user-supplied URL directly to requests.get without validation, enablin...
CVE-2026-47076
Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackneyurl:normalize/2 URL-decodes the host component after the URL has been parsed into a hackneyurl record. OTP's uristring:parse/1 and inet:parseaddress/1 do not decode percent-escapes in the host, so ...