GeoServer Demo Request Endpoint - Server Side Request Forgery

It is possible to achieve Server Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. An unauthenticated user can supply a request that will be issued by the server, allowing enumeration of internal networks and, in the case of cloud instances, access to...

GO-2026-5409 Grafana: SQL Expressions Read File From Disk in github.com/grafana/grafana

Grafana: SQL Expressions Read File From Disk in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 15, 2026 to June 21, 2026)

Last week, there were 146 vulnerabilities disclosed in 127 WordPress Plugins and 1 WordPress Theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 85 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities ...

UBUNTU-CVE-2026-2050

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

CVE-2026-2050

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

CVE-2026-53689

creationtimestamp| type| source ---|---|--- 2026-06-24 13:20:08+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mozyxzm7v72z...

CVE-2026-12321 vulnerabilities

Vulnerabilities for packages: firefox...

CVE-2026-46785

creationtimestamp| type| source ---|---|--- 2026-06-17 05:31:59+00:00| seen| https://www.acn.gov.it/portale/w/critical-patch-update-di-oracle-8 2026-06-18 12:37:13+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3moktrm6nvw2z...

CVE-2026-35319

...

CVE-2026-11676 vulnerabilities

Vulnerabilities for packages: chromium...

PT-2026-48873

Name of the Vulnerable Software and Affected Versions Ghost versions prior to 6.37.0 Description Ghost is a Node.js content management system. When deployed behind a shared caching layer that shares content between different visitors, an unauthenticated user can send an x-ghost-preview header to...

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 1, 2026 to June 7, 2026)

Last week, there were 160 vulnerabilities disclosed in 143 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 97 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

CVE-2026-2049

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

CVE-2026-9716

creationtimestamp| type| source ---|---|--- 2026-06-10 01:56:40+00:00| seen| https://www.acn.gov.it/portale/w/vulnerabilita-in-prodotti-schneider-electric-12 2026-06-25 17:15:24+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-07...

CVE-2026-9650

creationtimestamp| type| source ---|---|--- 2026-06-10 01:56:40+00:00| seen| https://www.acn.gov.it/portale/w/vulnerabilita-in-prodotti-schneider-electric-12...

CVE-2026-11283

A policy bypass flaw was found in the Shortcuts component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502069297...

CVE-2026-11184

An insufficient policy enforcement flaw was found in the Actor component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502777516...

WordPress plugin EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Some...

GHSA-88C6-WRWV-4CJQ vulnerabilities

Vulnerabilities for packages: chromium...

CVE-2026-37336

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/viewmusic.php...