Lucene search
K

6 matches found

Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-15508 Helicone ai-gateway AWS Metadata Service service.rs build_target_url server-side request forgery

A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function buildtargeturl of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata Service. Executing a manipulation of the argument extractedpathandquery can lead to server-side request forgery...

6.5CVSS0.00333EPSS
Exploits0References5
CVE
CVE
added 4 days ago17 views

CVE-2026-15508

Helicone ai-gateway (up to 0.2.0-beta.30) is affected. The flaw is in the AWS Metadata Service component, specifically the build_target_url function in ai-gateway/src/dispatcher/service.rs, where manipulating extracted_path_and_query can trigger server-side request forgery. Exploitation is possib...

6.5CVSS6.3AI score0.00333EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-57575

A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function build target url of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata Service. Executing a manipulation of the argument extracted path and query can lead to server-side request...

6.5CVSS6.3AI score0.00333EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.10 views

CVE-2026-42141

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery SSRF vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests fr...

7.7CVSS5.9AI score0.00369EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/12 5:14 p.m.10 views

CVE-2026-42141 Xibo: Authenticated Server-Side Request Forgery (SSRF) in Library Upload via URL functionality

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery SSRF vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests fr...

7.7CVSS5.9AI score0.00369EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/07 9:28 p.m.15 views

Ech0 has Server-Side Request Forgery (SSRF) via Connect Handler fetchPeerConnectInfo

Summary The fetchPeerConnectInfo function in internal/service/connect/connect.go:214-239 uses httpUtil.SendRequest no SSRF protection instead of SendSafeRequest which has ValidatePublicHTTPURL with private IP blocking. This allows authenticated users to make the server request arbitrary URLs...

5.9AI score
Exploits0References3Affected Software1
Rows per page
Query Builder