Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: languages Tag: cwe-918 Clear
ID Title
CVE-2026-10564 SSRF (Server-Side Request Forgery) in c (CVE-2026-10564)
SSRF in c (CVE-2026-10564). Confidential information can be exposed externally.
CVE-2026-13773 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-13773)
SSRF in ssrf (CVE-2026-13773). Risk of unauthorized operations or information disclosure.
CVE-2026-49869 OS Command Injection in kestra (CVE-2026-49869)
OS command injection in kestra (CVE-2026-49869). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.45` or later.
CVE-2026-57940 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-57940)
SSRF in ssrf (CVE-2026-57940). Risk of unauthorized operations or information disclosure.
CVE-2026-8661 Cross-Site Scripting (XSS) in CVE-2026-8661 (CVE-2026-8661)
cross-site scripting in CVE-2026-8661 (CVE-2026-8661). Risk of unauthorized operations or information disclosure.
CVE-2026-47389 Vulnerability in c (CVE-2026-47389)
vulnerability in c (CVE-2026-47389). Confidential information can be exposed externally. Mitigation: upgrade to `4.5.10` or later.
CVE-2026-53946 SSRF (Server-Side Request Forgery) in CVE-2026-53946 (CVE-2026-53946)
SSRF in CVE-2026-53946 (CVE-2026-53946). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.21.1` or later.
CVE-2026-53945 Vulnerability in CVE-2026-53945 (CVE-2026-53945)
vulnerability in CVE-2026-53945 (CVE-2026-53945). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.21.1` or later.
CVE-2026-53944 Vulnerability in CVE-2026-53944 (CVE-2026-53944)
vulnerability in CVE-2026-53944 (CVE-2026-53944). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.21.1` or later.
CVE-2026-50221 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50221)
SSRF in ssrf (CVE-2026-50221). Risk of unauthorized operations or information disclosure.
CVE-2026-55599 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-55599)
SSRF in ssrf (CVE-2026-55599). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.30` or later.
CVE-2026-56342 SSRF (Server-Side Request Forgery) in CVE-2026-56342 (CVE-2026-56342)
SSRF in CVE-2026-56342 (CVE-2026-56342). Confidential information can be exposed externally.
CVE-2026-55791 Cross-Site Scripting (XSS) in craftcms/cms (CVE-2026-55791)
cross-site scripting in craftcms/cms (CVE-2026-55791). Risk of unauthorized operations or information disclosure. Exploitable via ``trustedHosts``. Mitigation: upgrade to `4.18` or later.
CVE-2026-49359 SSRF (Server-Side Request Forgery) in pontedilana/php-weasyprint (CVE-2026-49359)
SSRF in pontedilana/php-weasyprint (CVE-2026-49359). Confidential information can be exposed externally. Exploitable via ``attachment``. Mitigation: upgrade to `2.6.0` or later.
CVE-2026-48782 SSRF (Server-Side Request Forgery) in pydantic-ai-slim (CVE-2026-48782)
SSRF in pydantic-ai-slim (CVE-2026-48782). Confidential information can be exposed externally. Exploitable via ``FileUrl``. Mitigation: upgrade to `2.0.0b3` or later.
CVE-2026-49860 SSRF (Server-Side Request Forgery) in deno (CVE-2026-49860)
SSRF in deno (CVE-2026-49860). Risk of unauthorized operations or information disclosure. Exploitable via ``localhost``. Mitigation: upgrade to `2.8.1` or later.
CVE-2026-49859 Vulnerability in deno (CVE-2026-49859)
vulnerability in deno (CVE-2026-49859). Risk of unauthorized operations or information disclosure. Exploitable via ``localhost``. Mitigation: upgrade to `2.8.1` or later.
CVE-2026-50168 Vulnerability in @angular/platform-server (CVE-2026-50168)
vulnerability in @angular/platform-server (CVE-2026-50168). Confidential information can be exposed externally. Exploitable via `Host header`. Mitigation: upgrade to `21.2.15` or later.
CVE-2026-12210 SSRF (Server-Side Request Forgery) in CVE-2026-12210 (CVE-2026-12210)
SSRF in CVE-2026-12210 (CVE-2026-12210). Risk of unauthorized operations or information disclosure.
CVE-2026-53607 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-53607)
SSRF in ssrf (CVE-2026-53607). Risk of unauthorized operations or information disclosure. Exploitable via ``Host``.
CVE-2026-53782 Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows...
Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows...
CVE-2026-46698 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-46698)
SSRF in wordpress (CVE-2026-46698). Risk of unauthorized operations or information disclosure.
CVE-2026-46697 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-46697)
SSRF in wordpress (CVE-2026-46697). Confidential information can be exposed externally.
CVE-2026-48998 Vulnerability in guzzlehttp/psr7 (CVE-2026-48998)
vulnerability in guzzlehttp/psr7 (CVE-2026-48998). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`. Mitigation: upgrade to `2.10.2` or later.
CVE-2026-11469 SSRF (Server-Side Request Forgery) in CVE-2026-11469 (CVE-2026-11469)
SSRF in CVE-2026-11469 (CVE-2026-11469). Risk of unauthorized operations or information disclosure.
CVE-2026-43986 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-43986)
SSRF in ssrf (CVE-2026-43986). Confidential information can be exposed externally. Exploitable via ``image_hash_lookup``.
CVE-2026-10771 A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate...
A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate...
CVE-2026-44016 Code Injection in docling (CVE-2026-44016)
code injection in docling (CVE-2026-44016). Confidential information can be exposed externally. Exploitable via ``enable_remote_fetch``. Mitigation: upgrade to `2.91.0` or later.
CVE-2026-10581 SSRF (Server-Side Request Forgery) in CVE-2026-10581 (CVE-2026-10581)
SSRF in CVE-2026-10581 (CVE-2026-10581). Risk of unauthorized operations or information disclosure.
CVE-2026-10287 SSRF (Server-Side Request Forgery) in CVE-2026-10287 (CVE-2026-10287)
SSRF in CVE-2026-10287 (CVE-2026-10287). Risk of unauthorized operations or information disclosure.
CVE-2026-10517 SSRF (Server-Side Request Forgery) in github.com/quay/claircore (CVE-2026-10517)
SSRF in github.com/quay/claircore (CVE-2026-10517). Risk of unauthorized operations or information disclosure.
CVE-2026-48555 SSRF (Server-Side Request Forgery) in spatie/laravel-medialibrary (CVE-2026-48555)
SSRF in spatie/laravel-medialibrary (CVE-2026-48555). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.23.0` or later.
CVE-2026-44492 Vulnerability in axios (CVE-2026-44492)
vulnerability in axios (CVE-2026-44492). Confidential information can be exposed externally. Mitigation: upgrade to `1.16.0` or later.
CVE-2026-48522 Vulnerability in pyjwt (CVE-2026-48522)
vulnerability in pyjwt (CVE-2026-48522). Risk of unauthorized operations or information disclosure. Exploitable via ``uri``. Mitigation: upgrade to `2.13.0` or later.
CVE-2026-5737 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-5737)
SSRF in wordpress (CVE-2026-5737). Risk of unauthorized operations or information disclosure.
CVE-2026-47157 SSRF (Server-Side Request Forgery) in aiograpi (CVE-2026-47157)
SSRF in aiograpi (CVE-2026-47157). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.10` or later.
CVE-2026-46683 SSRF (Server-Side Request Forgery) in knplabs/knp-snappy (CVE-2026-46683)
SSRF in knplabs/knp-snappy (CVE-2026-46683). Risk of unauthorized operations or information disclosure. Exploitable via ``http``. Mitigation: upgrade to `1.7.0` or later.
CVE-2026-46561 SSRF (Server-Side Request Forgery) in pyload-ng (CVE-2026-46561)
SSRF in pyload-ng (CVE-2026-46561). Risk of unauthorized operations or information disclosure. Exploitable via ``PREREQFUNCTION``. Mitigation: upgrade to `0.5.0b3.dev100` or later.
CVE-2026-46417 SSRF (Server-Side Request Forgery) in @angular/platform-server (CVE-2026-46417)
SSRF in @angular/platform-server (CVE-2026-46417). Risk of unauthorized operations or information disclosure. Exploitable via ``ServerPlatformLocation``.
CVE-2026-46391 Vulnerability in @haxtheweb/open-apis (CVE-2026-46391)
vulnerability in @haxtheweb/open-apis (CVE-2026-46391). Risk of unauthorized operations or information disclosure. Exploitable via ``cloudflared``. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-46393 SSRF (Server-Side Request Forgery) in @haxtheweb/haxcms-nodejs (CVE-2026-46393)
SSRF in @haxtheweb/haxcms-nodejs (CVE-2026-46393). Risk of unauthorized operations or information disclosure. Exploitable via `POST /createSite`. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-33234 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-33234)
SSRF in ssrf (CVE-2026-33234). Risk of unauthorized operations or information disclosure.
CVE-2026-45660 SSRF (Server-Side Request Forgery) in statamic/cms (CVE-2026-45660)
SSRF in statamic/cms (CVE-2026-45660). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.73.22` or later.
CVE-2021-47958 SSRF (Server-Side Request Forgery) in CVE-2021-47958 (CVE-2021-47958)
SSRF in CVE-2021-47958 (CVE-2021-47958). Risk of unauthorized operations or information disclosure.
CVE-2026-45619 Vulnerability in WWBN/AVideo (CVE-2026-45619)
vulnerability in WWBN/AVideo (CVE-2026-45619). Confidential information can be exposed externally. Exploitable via ``EpgParser.php``.
CVE-2026-44661 SSRF (Server-Side Request Forgery) in utcp-http (CVE-2026-44661)
SSRF in utcp-http (CVE-2026-44661). Risk of unauthorized operations or information disclosure. Exploitable via ``tool_call_template.url``. Mitigation: upgrade to `1.1.2` or later.
CVE-2026-45012 SSRF (Server-Side Request Forgery) in apostrophe (CVE-2026-45012)
SSRF in apostrophe (CVE-2026-45012). Confidential information can be exposed externally. Exploitable via `POST /api/v1/`.
CVE-2026-44520 Open Redirect in docling-graph (CVE-2026-44520)
vulnerability in docling-graph (CVE-2026-44520). Confidential information can be exposed externally. Exploitable via ``URLInputHandler``. Mitigation: upgrade to `1.5.1` or later.
CVE-2026-43929 Vulnerability in ssrfcheck (CVE-2026-43929)
vulnerability in ssrfcheck (CVE-2026-43929). Confidential information can be exposed externally. Exploitable via ``ssrfcheck``.
CVE-2026-43897 SSRF (Server-Side Request Forgery) in link-preview-js (CVE-2026-43897)
SSRF in link-preview-js (CVE-2026-43897). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.0.1` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →