Lucene search
K

9 matches found

Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.4 views

PT-2026-31997

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, web crawl's httpx fallback path passes user-supplied URLs directly to httpx.AsyncClient.get with follow redirects=True and no host validation. An LLM agent tricked into crawling an internal URL can reach cloud metadata endpoints...

7.1CVSS5.8AI score0.00281EPSS
Exploits1References2
NVD
NVD
added 2026/04/06 5:17 p.m.3 views

CVE-2026-35037

Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, the GET /api/website/title endpoint accepts an arbitrary URL via the websiteurl query parameter and makes a server-side HTTP request to it without any validation of the target host or IP address. Th...

7.2CVSS0.00289EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.4 views

CVE-2026-32828

Kargo manages and automates the promotion of software artifacts. In versions 1.4.0 through 1.6.3, 1.7.0-rc.1 through 1.7.8, 1.8.0-rc.1 through 1.8.11, and 1.9.0-rc.1 through 1.9.4, the http and http-download promotion steps allow Server-Side Request Forgery SSRF against link-local addresses, most...

5.1CVSS5.8AI score0.00328EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/20 7:21 a.m.3 views

CVE-2026-33060 CKAN MCP Server: SSRF via base_url allows access to internal networks

CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to...

5.3CVSS5.9AI score0.00289EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.4 views

PT-2026-26462

Name of the Vulnerable Software and Affected Versions Kargo versions 1.4.0 through 1.6.3 Kargo versions 1.7.0-rc.1 through 1.7.8 Kargo versions 1.8.0-rc.1 through 1.8.11 Kargo versions 1.9.0-rc.1 through 1.9.4 Description Kargo's built-in http and http-download promotion steps allow Server-Side...

5.1CVSS5.9AI score0.00328EPSS
Exploits0References7
NVD
NVD
added 2024/11/04 2:15 p.m.18 views

CVE-2024-51408

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...

8.5CVSS0.00472EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/11/04 12:0 a.m.10 views

CVE-2024-51408

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...

8.5CVSS7.2AI score0.00472EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/11/04 12:0 a.m.19 views

CVE-2024-51408

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...

8.5CVSS0.00472EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/11/04 12:0 a.m.6 views

PT-2024-34622 · Appsmith · Appsmith

Name of the Vulnerable Software and Affected Versions: AppSmith Community versions 1.8.3 through 1.46 Description: The issue allows for Server-Side Request Forgery SSRF via the New DataSource feature for application/json requests to the IP address 169.254.169.254, which is used to retrieve AWS...

8.5CVSS6.9AI score0.00472EPSS
Exploits1References13
Rows per page
Query Builder