Lucene search
+L

755 matches found

cnnvd
cnnvd
added 2026/05/09 12:0 a.m.13 views

Linkwarden 代码问题漏洞

Linkwarden is a self-hosted collaborative bookmark manager developed by Linkwarden OpenSource. Versions of Linkwarden prior to 2.13.0 had code vulnerabilities. These vulnerabilities stemmed from insufficient URL validation in the fetchTitleAndHeaders function, which only checked the http:// or...

9.1CVSS6AI score0.00285EPSS
Exploits0References1
osv
osv
added 2026/05/08 10:17 p.m.4 views

CVE-2026-44286 FastGPT: SSRF Vulnerability in Laf Workflow Node via Missing Internal Address Validation

FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery SSRF vulnerability allows attackers or authenticated users with App editing privileges to send arbitrary HTTP requests to internal/private network addresses. The fetchData function i...

2.3CVSS6AI score0.00228EPSS
Exploits0References4
cvelist
cvelist
added 2026/05/08 10:17 p.m.59 views

CVE-2026-44286 FastGPT: SSRF Vulnerability in Laf Workflow Node via Missing Internal Address Validation

FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery SSRF vulnerability allows attackers or authenticated users with App editing privileges to send arbitrary HTTP requests to internal/private network addresses. The fetchData function i...

2.3CVSS0.00228EPSS
Exploits0References2
cve
cve
added 2026/05/08 10:17 p.m.28 views

CVE-2026-44286

FastGPT (AI Agent platform) contains an SSRF in the lafModule workflow node: fetchData fetches user-controlled URLs with axios without checking the internal-address blocklist (isInternalAddress), allowing requests to internal/private networks. This affects versions before 4.14.17 and can be trigg...

2.3CVSS5.9AI score0.00228EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/08 12:0 a.m.18 views

PT-2026-39224

Name of the Vulnerable Software and Affected Versions Linkwarden versions prior to 2.13.0 Description Insufficient URL validation in the fetchTitleAndHeaders function allows authenticated users to perform Server-Side Request Forgery SSRF, a flaw where the server is tricked into making requests to...

9.1CVSS5.9AI score0.00285EPSS
Exploits0References11
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.11 views

FastGPT 代码问题漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.14.17 contained code vulnerabilities. These vulnerabilities stemmed from the fetchData function in the lafModule workflow node, which used axios t...

2.3CVSS5.9AI score0.00228EPSS
Exploits0References1
github
github
added 2026/05/07 9:30 p.m.14 views

Ech0's OAuth redirect URI validation ignores path component, enables exchange-code theft

Summary parseAndValidateClientRedirect at internal/service/auth/auth.go:448 validates OAuth client-redirect URIs by comparing only scheme and host against the admin-configured allowlist. Path, query, and fragment are ignored. The initiator at /oauth/:provider/login embeds the caller-supplied...

5.9AI score
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2026/05/07 6:54 p.m.7 views

CVE-2026-42259 Saltcorn: Open Redirect in `POST /auth/login` due to incomplete `is_relative_url` validation (backslash bypass)

Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compliant browsers normalise backslashes \ to forward...

5.1CVSS5.7AI score0.00339EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/07 1:48 p.m.32 views

CVE-2026-41687 Wallos: SSRF CGNAT Bypass in subscription/payments Logo URL — is_cgnat_ip() Not Used in Inline Checks

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTERFLAGNOPRIVRANGE | FILTERFLAGNORESRANGE that does not block...

4.3CVSS0.00204EPSS
Exploits0References3
github
github
added 2026/05/07 3:15 a.m.20 views

docling-graph has SSRF via Missing Internal IP Validation in URLInputHandler

Impact The URLInputHandler class in doclinggraph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating whether the target resolves to a private, loopback, or link-local IP address. The URLValidator only checks for a valid scheme and non-empty netloc, performing no...

5.7CVSS5.8AI score0.00188EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2026/05/07 2:16 a.m.11 views

CVE-2026-40003

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow,...

6.8CVSS0.00296EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/05/07 12:0 a.m.16 views

PT-2026-38322

Name of the Vulnerable Software and Affected Versions ZTE ZX297520V3 affected versions not specified Description The BootROM contains an issue allowing arbitrary memory writes via USB. Due to a lack of target address validation in the USB download mode, it is possible to write data to any locatio...

6.8CVSS6.1AI score0.00296EPSS
Exploits1References13
osv
osv
added 2026/05/06 9:31 p.m.11 views

GHSA-R747-33R4-RMJW Duplicate Advisory: OpenClaw: QQBot direct media upload skipped URL SSRF validation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c4qg-j8jg-42q5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skip...

6.3CVSS5.7AI score0.00236EPSS
Exploits0References4
cvelist
cvelist
added 2026/05/06 6:22 a.m.38 views

CVE-2026-35253

Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Macaron Tool. Successful attacks of this...

4.7CVSS0.00147EPSS
Exploits0References1
cve
cve
added 2026/05/06 6:22 a.m.13 views

CVE-2026-35253

CVE-2026-35253 concerns the Oracle Macoron Tool in Oracle Open Source Projects, affected in v0.22.0. The vulnerability is exploitable over HTTP with network access and unauthenticated, potentially causing the tool to fail host address validation. The connected records provide the same description...

4.7CVSS5.8AI score0.00147EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2026/05/06 6:22 a.m.8 views

EUVD-2026-27532

Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Macaron Tool. Successful attacks of this...

4.7CVSS5.8AI score0.00147EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/06 6:22 a.m.7 views

CVE-2026-35253

Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Macaron Tool. Successful attacks of this...

4.7CVSS5.8AI score0.00147EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2026/05/06 12:0 a.m.14 views

PT-2026-37347

Name of the Vulnerable Software and Affected Versions Oracle Macaron Tool version 0.22.0 Description An unauthenticated attacker with network access via HTTP can compromise the Oracle Macaron Tool. This issue allows the attacker to bypass host address validation, which is the process of verifying...

4.7CVSS5.8AI score0.00147EPSS
Exploits0References6
snyk
snyk
added 2026/05/05 8:13 p.m.13 views

Server-side Request Forgery (SSRF)

Overview link-preview-js is a Javascript module to extract and fetch HTTP link information from blocks of text. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper validation of IPv6 and internal addresses during the DNS resolution process. An attacke...

8.7CVSS5.8AI score0.00432EPSS
Exploits0References2
osv
osv
added 2026/05/04 8:29 a.m.8 views

CLSA-2026-1777883384 python3.11: Fix of CVE-2026-4786

CVE-2026-4786: fix webbrowser %action substitution bypass of dash-prefix check by validating url after %action expansion and reordering replace calls so the dash-prefix check sees the final argument...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References1
Rows per page
Query Builder