Lucene search
+L

212 matches found

nuclei
nuclei
added yesterday87 views

Imgproxy < 3.27.2 - Server-Side Request Forgery (SSRF)

imgproxy contains an issue caused by not blocking the 0.0.0.0 address even when IMGPROXYALLOWLOOPBACKSOURCEADDRESSES is set to false, letting local services be exposed, exploit requires network access. id: CVE-2025-24354 info: name: Imgproxy 3.27.2 - Server-Side Request Forgery SSRF author:...

5.3CVSS6.9AI score0.00844EPSS
Exploits0References2
snyk
snyk
added 2026/07/07 1:1 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the notification URL validation process. An attacker can access internal network resources and potentially expose sensitive internal data by configuring notification URLs to point to hostnames that...

7.7CVSS6AI score0.00437EPSS
Exploits0References2
nvd
nvd
added 2026/06/25 5:16 p.m.9 views

CVE-2026-54033

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation — no private IP check, no scheme...

7.7CVSS0.00207EPSS
Exploits1References1
osv
osv
added 2026/06/17 5:55 p.m.7 views

GHSA-JRFP-M64G-PCWV Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects

Summary The SafePlaywrightURLLoader implements a validateurl function to prevent SSRF attacks by checking the IP address of the user-provided URL. However, this validation is performed only on the initial URL. Since Playwright automatically follows HTTP redirects 301/302 by default, an attacker c...

7.7CVSS5.5AI score0.00287EPSS
Exploits1References2
github
github
added 2026/06/17 2:10 p.m.16 views

Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url` (incomplete-fix sibling of CVE-2026-45401)

Summary backend/openwebui/utils/oauth.py::processpictureurl v0.9.5, lines 1435-1470 calls validateurlpictureurl on the initial URL only, then invokes aiohttp.ClientSession.getpictureurl, ... without allowredirects=False. aiohttp's default is allowredirects=True, maxredirects=10; the function does...

8.5CVSS5.3AI score0.00381EPSS
Exploits4References2Affected Software1
snyk
snyk
added 2026/06/17 2:4 p.m.7 views

Insertion of Sensitive Information into Log File

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the error handling process for certain API and WebSocket routes, where unsanitized exception...

6.9CVSS5.8AI score0.00796EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/05/28 12:0 a.m.13 views

CodeWhale 代码问题漏洞

CodeWhale is a terminal coding intelligence tool developed by Hunter Bown. Versions of CodeWhale prior to 0.8.26 contained code vulnerabilities. These vulnerabilities stemmed from SSRF attacks that redirected hostname resolution to private IPv6 addresses. However, when IPv6 was provided in URLs...

7.4CVSS5.9AI score0.00239EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/05/20 12:0 a.m.16 views

WordPress plugin Decent Comments 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

5.8CVSS5.8AI score0.00271EPSS
Exploits0References1
snyk
snyk
added 2026/05/19 3:55 p.m.8 views

Insertion of Sensitive Information Into Sent Data

Overview strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the graphiql template. An attacker can obtain sensitive HTTP header values by enticing a user to enter confidential...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/05/18 1:58 p.m.11 views

CVE-2026-45401

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the validateurl function in backend/openwebui/retrieval/web/utils.py only validates the initial URL submitted by the caller. The HTTP clients used downstream sync requests, async...

8.5CVSS5.8AI score0.003EPSS
Exploits1References1
euvd
euvd
added 2026/05/15 8:37 p.m.18 views

EUVD-2026-30631

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the validateurl function in backend/openwebui/retrieval/web/utils.py only validates the initial URL submitted by the caller. The HTTP clients used downstream sync requests, async...

8.5CVSS5.8AI score0.003EPSS
Exploits1References1
nvd
nvd
added 2026/05/14 9:16 p.m.21 views

CVE-2026-44430

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verification POST /v0/auth/http, POST /v0.1/auth/http uses safeDialContext internal/api/handlers/v0/auth/http.go:67-110 to refuse dialling...

6.3CVSS0.00285EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/05/14 3:30 p.m.11 views

CVE-2026-42592

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when i...

5.3CVSS5.8AI score0.00186EPSS
Exploits1References2Affected Software1
cnnvd
cnnvd
added 2026/05/12 12:0 a.m.12 views

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions of Craft CMS from 4.0.0 to 4.17.12 and 5.9.18 contained security vulnerabilities. These vulnerabilities stemmed from the GraphQL address element parser’s failure to apply pattern-range filtering on top-level...

7.1CVSS5.8AI score0.00338EPSS
Exploits0References2
cve
cve
added 2026/05/11 3:0 p.m.22 views

CVE-2026-34092

CVE-2026-34092 affects Wikimedia Foundation MediaWiki. The information exposure arises from the includes/Skin/Skin.Php component, where UI elements in the tools sidebar reveal autoblocked IP presence. Affected versions are MediaWiki before 1.43.7, 1.44.4, and 1.45.2. Remediation is to upgrade to ...

7.5CVSS5.8AI score0.00237EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/05/11 12:0 a.m.18 views

PT-2026-39641

In Meari client applications embedding "com.meari.sdk" including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label = 1.8.x, the integrated call path to openapi-euce.mearicloud.com can be abused to retrieve WAN IP data for arbitrary devices. The root cause is a server-side...

7.5CVSS5.9AI score0.00241EPSS
Exploits0References3
euvd
euvd
added 2026/05/06 3:32 p.m.12 views

EUVD-2026-27823

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in version 1.54 uses the value of the UNIQUEID environment variable for the session id. The UNIQUEID variable is set by the Apache moduniqueid...

9.1CVSS5.8AI score0.00302EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/06 12:0 a.m.19 views

PT-2026-37627

Name of the Vulnerable Software and Affected Versions Apache::Session::Generate::ModUniqueId versions 1.54 through 1.94 Description Apache::Session::Generate::ModUniqueId uses the UNIQUE ID environment variable for session identifiers. This variable is generated by the Apache mod unique id plugin...

9.1CVSS5.8AI score0.00302EPSS
Exploits0References11
euvd
euvd
added 2026/04/07 3:14 p.m.7 views

EUVD-2026-19682

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services AWS IMDSv1, cloud metadata, internal APIs by creating a link with a publ...

5CVSS5.9AI score0.00274EPSS
Exploits1References1
cvelist
cvelist
added 2026/04/06 3:1 p.m.33 views

CVE-2026-33752 Redirect-based SSRF leading to internal network access in curl_cffi (with TLS impersonation bypass)

curlcffi is the a Python binding for curl. Prior to 0.15.0, curlcffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect requests to internal services such as cloud metadata...

8.6CVSS0.00463EPSS
Exploits1References1
Rows per page
Query Builder