EUVD-2026-37875

An OS Command Injection vulnerability exists in LMS LAN Management System before commit 9fcb4de due to an IP address parameter being passed to the "exec" function without proper validation, allowing attackers to execute arbitrary operating system commands...

EEF-CVE-2026-48858 ftp client PASV response IP not validated against control peer, enabling SSRF and FTP bounce attacks

Summary Server-Side Request Forgery SSRF vulnerability in Erlang/OTP ftp ftp\internal module allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftp\internal:handle\ctrl\result/2 PASV handler mode=passive, ipfamily=inet, ftp\extension=false extracts the IP address...

CVE-2026-5066

A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem subsys/net/lib/sockets/socketstls.c. When the TLS session cache is enabled, tlssessionstore and tlssessionrestore memcpy the caller-supplied address into a fixed-size buffer using the...

CVE-2026-48153

Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the blacklist.isBlacklisted check that every other outbound fetch path in the codebase uses. The Joi schema for the OAuth2 URL has no...

i18next-locize-backend 路径遍历漏洞

i18next-locize-backend is an open-source plugin for internationalization resource loading and key storage by locize. Versions of i18next-locize-backend prior to 9.0.2 had a path traversal vulnerability. This vulnerability arises from directly inserting lng, ns, projectId, and version into the URL...

CVE-2026-42140

PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery SSRF. The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does...

CVE-2026-42140

The CVE covers the PlantUML Macro used in XWiki, where the vulnerability lies in the server parameter not being validated. Prior to version 2.4.1, an attacker can supply an arbitrary URL (including internal addresses) to the server parameter, causing the XWiki server to attempt to connect for ren...

EUVD-2026-25389

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...

EUVD-2026-21513

PraisonAIAgents: SSRF via unvalidated URL in webcrawl httpx fallback...

CVE-2026-34954

PrašionAI (praisonaiagents) contains a SSRF vulnerability in FileTools.download_file(): it only validates the destination path and passes the unvalidated url directly to httpx.stream() with follow_redirects=True, allowing an attacker-controlled URL to reach any host accessible from the server, in...

CVE-2022-0591

The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3get AJAX action, leading to SSRF issues exploitable by unauthenticated users...

Jellysweep 代码问题漏洞

Jellysweep is a smart cleanup tool for media servers by Jonah Personal Developer. A code issue vulnerability exists in Jellysweep 0.12.1 and prior versions, which stems from an unvalidated URL parameter in the /api/images/cache endpoint that could result in the download of arbitrary content...

LinkAce 代码问题漏洞

LinkAce is a self-hosted archive of links to your favorite websites by Kevin Woblick Individual Developer. A code issue vulnerability exists in LinkAce 2.3.0 and prior versions that stems from a failure to validate that the target of a user-supplied URL is an internal or private network resource,...

GestioIP 安全漏洞

GestioIP is a web-based IPv4/IPv6 address management software from GestioIP. A security vulnerability exists in GestioIP 3.0 commit ac67be and prior versions, which stems from an unvalidated ip parameter that could lead to remote command execution...

PT-2024-24343 · Mealie · Mealie

Name of the Vulnerable Software and Affected Versions: Mealie versions prior to 1.4.0 Description: The issue concerns the scrape image function, which retrieves an image based on a user-provided URL without validating if the URL points to an external location and lacks enforced rate limiting. The...

SUSE CVE-2020-13253

sdwpaddr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhciwrite operations. A guest OS user can crash the QEMU process...

OESA-2022-1690 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: sdwpaddr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhciwrite operations. A guest OS user can crash the QEMU...

CVE-2022-0656

The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the...

sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.

...

DEBIAN-CVE-2020-13253

sdwpaddr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhciwrite operations. A guest OS user can crash the QEMU process...