| CVE-2026-10586 |
2026-06-05 |
The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the `sav… |
| CVE-2026-43986 |
2026-06-04 |
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public `/image/<hash>` route that resolves attacker-controlled entries from `image_hash… |
| CVE-2026-10771 |
2026-06-03 |
A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the componen… |
| CVE-2026-26379 |
2026-06-03 |
Koha versions up to 25.11 contain a Server-Side Request Forgery (SSRF) vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scanning a… |
| CVE-2026-20230 |
2026-06-03 |
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacke… |
| CVE-2026-10690 |
2026-06-03 |
A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read_file. Such manipulation o… |
| CVE-2026-10662 |
2026-06-02 |
A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blender_mcp/server.py of the compone… |
| CVE-2026-49120 |
2026-06-02 |
Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHIR… |
| CVE-2026-10583 |
2026-06-02 |
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts_config.go of the component TTS Configura… |
| CVE-2026-10581 |
2026-06-02 |
A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64_decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side r… |
| CVE-2026-49139 |
2026-06-01 |
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by sup… |
| CVE-2026-49138 |
2026-06-01 |
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the web_fetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL tha… |
| CVE-2026-10287 |
2026-06-01 |
A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function get_headers of the file /index.php. This manipulation of the argument url causes se… |
| CVE-2026-10280 |
2026-06-01 |
A security flaw has been discovered in horizon921 mcpilot 0.1.0. The impacted element is an unknown function of the file client/src/app/api/mcp/call/route.ts of the component MCP API Call Endpoint. Th… |
| CVE-2026-10276 |
2026-06-01 |
A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component get_build_status/get_build_log/trigger_bui… |
| CVE-2026-10274 |
2026-06-01 |
A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of the file src/mcp-server.ts of the compo… |
| CVE-2026-49328 |
2026-06-01 |
Server-Side Request Forgery (SSRF) in the UrlImageConverter component of Apache Fesod (Incubating) fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal o… |
| CVE-2026-10517 |
2026-06-01 |
A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not c… |
| CVE-2026-10241 |
2026-06-01 |
A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the compo… |
| CVE-2026-10240 |
2026-06-01 |
A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side r… |