CVE-2026-29925EXPLOITED

n/a · n/a

CVE-2026-29925: Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery (SSRF) in CheckDatabaseRequest.php.

Description

Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery (SSRF) in CheckDatabaseRequest.php.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a

References

Related News (1 articles)

Tier C

VulDB4h ago

CVE-2026-29925 | Invoice Ninja 5.12.46/5.12.48 CheckDatabaseRequest.php server-side request forgery

→ No new info (linked only)

CVSS 3.17.7 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CISA KEV❌ No

Actively exploited✅ Yes

PublishedMar 30, 2026

Last enriched3h agov2

Trending Score58

Source articles1

Independent1

Info Completeness7/14

Missing: epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-30562EXP

CVE-2026-30562: A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulner

Trending: 62

MEDIUMCVE-2026-29909EXP

CVE-2026-29909: MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/f

Trending: 60

HIGHCVE-2026-29954EXP

CVE-2026-29954: In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing th

Trending: 54

HIGHCVE-2026-29953EXP

CVE-2026-29953: SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins

Trending: 54

HIGHCVE-2026-33643EXP

CVE-2026-33643: SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file pl

Trending: 54

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Mar 30, 2026

Discovered by ZDM

Mar 30, 2026

Actively Exploited

Mar 30, 2026

Updated: severity, activelyExploited

Mar 30, 2026

Version History

Last enriched 3h ago

v2Tier C3h ago

Updated severity to CRITICAL, marked as actively exploited, and corrected exploit availability to false.

severityactivelyExploited

via VulDB

v13h ago

Initial creation