Lucene search
K

2897 matches found

snyk
snyk
added 2026/04/20 6:14 a.m.9 views

Server-side Request Forgery (SSRF)

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the processaudioblock function. An attacker can make unauthorized requests to internal or external systems by supplying crafte...

7.5CVSS7.3AI score0.00284EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/04/19 12:0 a.m.10 views

kodcloud KodExplorer 安全漏洞

KodCloud KodExplorer is a web file manager provided by the Chinese company KodCloud. Versions of KodCloud KodExplorer 4.52 and earlier contained security vulnerabilities. These vulnerabilities stemmed from improper handling of the parameter fileUrl in files/app/controller/share.class.php, which...

7.5CVSS7.1AI score0.00414EPSS
Exploits0References2
githubexploit
githubexploit
added 2026/04/18 11:6 a.m.183 views

Exploit for Incorrect Resource Transfer Between Spheres in Openclaw

CVE-2026-25253: One-Click RCE in OpenClaw via Auth Token Theft...

8.8CVSS5.9AI score0.08016EPSS
Exploits5
nvd
nvd
added 2026/04/17 7:16 a.m.8 views

CVE-2026-4659

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter in versions up to, and including, 2.0.6. This is due to insufficient path traversal sanitization in the URLtoRelative and urlToPath functions, combined with the...

7.5CVSS0.00901EPSS
Exploits0References12
attackerkb
attackerkb
added 2026/04/17 6:44 a.m.3 views

CVE-2026-4659

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter in versions up to, and including, 2.0.6. This is due to insufficient path traversal sanitization in the URLtoRelative and urlToPath functions, combined with the...

7.5CVSS5.8AI score0.00901EPSS
Exploits0References13
snyk
snyk
added 2026/04/16 9:25 p.m.9 views

Command Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Command Injection in the cloneServer.json.php endpoint of the CloneSite plugin, where user-controlled input is concatenated into a shell command without proper...

9.8CVSS6AI score0.02221EPSS
Exploits1References2
github
github
added 2026/04/14 10:33 p.m.9 views

XWiki has Reflected Cross-Site Scripting (XSS) in page history compare

Impact A reflected cross-site scripting vulnerability XSS in the compare view between revisions of a page allows executing JavaScript code in the user's browser. If the current user is an admin, this can not only affect the current user but also the confidentiality, integrity and availability of...

6.5CVSS5.7AI score0.00549EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2026/04/14 9:16 p.m.8 views

CVE-2026-34160

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS Package Exchange Notification Services plugin endpoint at public/plugin/Pens/pens.php is accessible without authentication and accepts a user-controlled package-url parameter that the server fetche...

8.6CVSS0.00344EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/04/14 7:23 p.m.8 views

CVE-2026-31262

Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform SB2 v.2.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the URL parameter...

6.1CVSS6.1AI score0.00229EPSS
Exploits1References1
cnvd
cnvd
added 2026/04/14 12:0 a.m.8 views

Totolink A3002MU formWlanSetup file wan-url parameter stack buffer overflow vulnerability

Totolink A3002MU is a wireless router product that provides network connectivity and wireless access. A stack buffer overflow vulnerability exists in the Totolink A3002MU. The vulnerability stems from a failure to properly handle the wan-url parameter in the HTTP request handling component, which...

9CVSS8.3AI score0.00472EPSS
Exploits0
nvd
nvd
added 2026/04/13 10:16 p.m.2 views

CVE-2026-4786

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7.1CVSS0.0029EPSS
Exploits0References57
cvelist
cvelist
added 2026/04/13 9:52 p.m.55 views

CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7CVSS0.0029EPSS
Exploits0References8
osv
osv
added 2026/04/13 9:52 p.m.10 views

PSF-2026-17

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References8
cve
cve
added 2026/04/13 6:57 a.m.14 views

CVE-2026-5936

The CVE-2026-5936 entries describe a Server-Side Request Forgery (SSRF) in the Foxit PDF Services API, where an attacker can craft a URL to cause the server to initiate requests to arbitrary destinations. Affected component: Foxit PDF Services API (server-side URL handling). Reported impact inclu...

9.8CVSS5.8AI score0.00195EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2026/04/10 9:31 p.m.4 views

EUVD-2026-21579

GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability that allows authenticated users with document upload permissions to trigger arbitrary outbound HTTP requests by providing a malicious URL via the docurl parameter during document upload...

5.3CVSS5.9AI score0.00222EPSS
Exploits0References4
osv
osv
added 2026/04/10 8:59 p.m.6 views

GHSA-FF24-4PRJ-GPMJ Arcane has Unauthenticated SSRF with Conditional Response Reflection in Template Fetch Endpoint

Summary The /api/templates/fetch endpoint accepts a caller-supplied url parameter and performs a server-side HTTP GET request to that URL without authentication and without URL scheme or host validation. The server's response is returned directly to the caller. type. This constitutes an...

7.2CVSS5.8AI score0.00621EPSS
Exploits1References4
github
github
added 2026/04/10 8:59 p.m.10 views

Arcane has Unauthenticated SSRF with Conditional Response Reflection in Template Fetch Endpoint

Summary The /api/templates/fetch endpoint accepts a caller-supplied url parameter and performs a server-side HTTP GET request to that URL without authentication and without URL scheme or host validation. The server's response is returned directly to the caller. type. This constitutes an...

7.2CVSS5.8AI score0.00621EPSS
Exploits1References4Affected Software1
github
github
added 2026/04/10 5:32 p.m.29 views

Beszel has an IDOR in hub API endpoints that read system ID from URL parameter

Summary Some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they know the system's ID. System IDs are random 15...

3.5CVSS5.8AI score0.00219EPSS
Exploits1References4Affected Software1
vulnrichment
vulnrichment
added 2026/04/09 7:27 p.m.5 views

CVE-2026-40077 Beszel has an IDOR in hub API endpoints that read system ID from URL parameter

Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...

3.5CVSS5.8AI score0.00219EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/04/09 12:0 a.m.3 views

CVE-2025-70797

Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the Boxtitle and boxurl parameters...

6.3AI score0.00279EPSS
Exploits1References3
Rows per page
Query Builder