CVE-2026-39965

TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl to block private IPs and cloud metadata hostnames. However, the HTTP clients ky and fetch follow 3...

EUVD-2026-33497

A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file apidocs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has...

CVE-2026-39965 TypeBot: SSRF via Open Redirect Bypass in HTTP Request and Code Blocks

TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl to block private IPs and cloud metadata hostnames. However, the HTTP clients ky and fetch follow 3...

Linux Distros Unpatched Vulnerability : CVE-2026-40175

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in...

EUVD-2026-19869

OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the validateenrichmenturl function in src/handler/http/request/enrichmenttable/mod.rs fails to block IPv6 addresses because Rust's url crate returns them with surrounding brackets e.g. "::1" not "::1". An authenticated...

PT-2026-30984

OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the validate enrichment url function in src/handler/http/request/enrichment table/mod.rs fails to block IPv6 addresses because Rust's url crate returns them with surrounding brackets e.g. "::1" not "::1". An authenticate...

CVE-2024-12376

A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...

CVE-2024-51408

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...

CVE-2022-38298

Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery SSRF via redirecting incoming requests to the AWS internal metadata endpoint...

Appsmith 代码问题漏洞

Appsmith is an open source platform for building, deploying and maintaining on-premise applications from Appsmith Open Source. A security vulnerability exists in Appsmith version v1.7.11 that stems from a vulnerability that allows an attacker to perform authenticated server-side request forgery...

Palo Alto Networks GlobalProtect 安全漏洞

Palo Alto Networks GlobalProtect is a suite of network protection software from Palo Alto Networks, USA. The software provides firewall monitoring and threat prevention. A security vulnerability exists in Palo Alto Networks GlobalProtect that allows an attacker with authenticated access to the...

CVE-2017-16865

The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF. When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access...