A security flaw has been discovered in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This affects an unknown part of the file /api/admin/common/download/templates of the component API. Performing a manipulation of the argument templateName results in path traversal. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. Upgrading to version 1.3.3-beta is able to mitigate this issue. The patch is named aefaabfd7527188bfba3c8c9eee17c316d094802. It is recommended to upgrade the affected component. The project was informed beforehand and acted very professional: "We have implemented path validity checks on parameters for the template download interface (...)"

CVE Database V5

Detailed information about CVE-2026-3188: Path Traversal in feiyuchuixue sz-boot-parent affecting feiyuchuixue sz-boot-parent. Get real-time updates, technical 

CVE-2026-3188: Path Traversal in feiyuchuixue sz-boot-parent - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-3188: Path Traversal in feiyuchuixue sz-boot-parent

An arbitrary file upload vulnerability in the subtitle loading function of asbplayer v1.13.0 allows attackers to execute arbitrary code via uploading a crafted subtitle file.

Detailed information about CVE-2025-69771: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-69771: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-69771: n/a

CVE-2025-50180 is a high-severity Server-Side Request Forgery (SSRF) vulnerability affecting esm. sh version 136, a no-build CDN for web development. This flaw allows unauthenticated attackers to make the esm. sh server send arbitrary HTTP requests and retrieve full responses from internal or protected network resources. The vulnerability does not require user interaction or privileges and can lead to sensitive internal information disclosure. Version 137 of esm. sh addresses and fixes this issue. Although no known exploits are reported in the wild, the potential impact is significant due to the ability to bypass network boundaries and access internal services. Organizations using esm. sh version 136 should upgrade immediately to mitigate risk.

CVE-2025-50180 is a Server-Side Request Forgery (SSRF) vulnerability classified under CWE-918, discovered in esm.sh version 136, a no-build CDN widely used in web development to serve JavaScript modules without requiring local builds. SSRF vulnerabilities allow attackers to abuse a vulnerable server to make HTTP requests to arbitrary URLs, including internal or protected network resources that are otherwise inaccessible externally. In this case, esm.sh version 136 permits an attacker to perform a full-response SSRF, meaning the attacker can not only trigger requests but also retrieve the full HTTP response content from internal endpoints. This can lead to unauthorized disclosure of sensitive information such as internal APIs, metadata services, or other protected resources. The vulnerability requires no authentication or user interaction, making it remotely exploitable over the network with low complexity. The CVSS 4.0 base score of 8.7 reflects these factors: network attack vector, no privileges or user interaction required, and high impact on confidentiality and integrity. The vulnerability was reserved in June 2025 and published in February 2026. Version 137 of esm.sh contains the fix, which likely involves input validation or request filtering to prevent SSRF exploitation. No known public exploits or active exploitation in the wild have been reported to date. However, given esm.sh's role as a CDN in modern web development, the vulnerability poses a serious risk to organizations relying on it for module delivery and internal resource protection.

Detailed information about CVE-2025-50180: CWE-918: Server-Side Request Forgery (SSRF) in esm-dev esm.sh affecting esm-dev esm.sh. Get real-time updates, techni

CVE-2025-50180: CWE-918: Server-Side Request Forgery (SSRF) in esm-dev esm.sh - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-50180: CWE-918: Server-Side Request Forgery (SSRF) in esm-dev esm.sh

A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the file /send_transaction. The manipulation results in cross-site request forgery. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit is now public and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".

Detailed information about CVE-2026-3193: Cross-Site Request Forgery in Chia Blockchain affecting Chia Blockchain. Get real-time updates, technical details, and

CVE-2026-3193: Cross-Site Request Forgery in Chia Blockchain - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-3193: Cross-Site Request Forgery in Chia Blockchain

Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for configuring devices inside the mesh network.
This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.

Detailed information about CVE-2026-27849: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Linksys MR9600 a

CVE-2026-27849: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Linksys MR9600 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-27849: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Linksys MR9600

Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /save_settings.php

Detailed information about CVE-2024-27559: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2024-27559: n/a

CVE-2024-27559: n/a

Description

Technical Details

Community Reviews

Related Threats

CVE-2026-3188: Path Traversal in feiyuchuixue sz-boot-parent

CVE-2025-69771: n/a

CVE-2025-50180: CWE-918: Server-Side Request Forgery (SSRF) in esm-dev esm.sh

CVE-2026-3193: Cross-Site Request Forgery in Chia Blockchain

CVE-2026-27849: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Linksys MR9600

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility