Lucene search
K

355 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/09 7:47 p.m.7 views

CVE-2025-13926

An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T...

9.8CVSS6AI score0.00443EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/09 7:43 p.m.23 views

CVE-2026-40089

Sonicverse (Self-hosted Docker Compose stack) contains an SSRF in the dashboard API client (apps/dashboard/lib/api.ts). User-controlled URLs are passed from the dashboard to a server-side HTTP client without sufficient validation, allowing an authenticated operator to trigger arbitrary HTTP reque...

9.9CVSS6AI score0.00232EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/04/09 3:7 a.m.11 views

Server-side Request Forgery (SSRF)

Overview api-lab-mcp is a MCP server for API testing and experimentation - Your API Laboratory Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the testhttpendpoint function in the HTTP interface. An attacker can cause the server to initiate arbitrary...

7.5CVSS7.2AI score0.00288EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

Contemporary Controls BASControl20 安全漏洞

Contemporary Controls BASControl20 is a building automation control and BACnet communication controller developed by the American company Contemporary Controls. The Contemporary Controls BASC 20T has a security vulnerability that stems from network traffic sniffing, which may allow for the...

9.8CVSS5.9AI score0.00443EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.6 views

PT-2026-31718

Name of the Vulnerable Software and Affected Versions Sonicverse versions prior to commit cb1ddbacafcb441549fe87d3eeabdb6a085325e4 Description The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery SSRF vulnerability in its API client apps/dashboard/lib/api.ts...

9.9CVSS5.9AI score0.00232EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/06 3:36 p.m.3 views

EUVD-2026-19349

vLLM is an inference and serving engine for large language models LLMs. From 0.16.0 to before 0.19.0, a server-side request forgery SSRF vulnerability in downloadbytesfromurl allows any actor who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests from t...

5.4CVSS6AI score0.00246EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/02 4:56 p.m.4 views

CVE-2026-20041

A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attack...

6.1CVSS6.2AI score0.00242EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

WordPress plugin Webmention 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.2CVSS6AI score0.00302EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/01 7:43 p.m.5 views

CVE-2026-34746

Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery SSRF vulnerability exists in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the serve...

7.7CVSS5.9AI score0.00296EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/04/01 5:28 p.m.6 views

CVE-2026-20041

A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attack...

6.1CVSS0.00242EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/01 4:27 p.m.1 views

CVE-2026-20041 Cisco Nexus Dashboard Server Side Request Forgery Vulnerability

A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attack...

6.1CVSS6.2AI score0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/01 4:27 p.m.21 views

CVE-2026-20041 Cisco Nexus Dashboard Server Side Request Forgery Vulnerability

A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attack...

6.1CVSS0.00242EPSS
Exploits0References1
NVD
NVD
added 2026/03/21 4:16 a.m.6 views

CVE-2026-1648

The Performance Monitor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.6. This is due to insufficient validation of the 'url' parameter in the '/wp-json/performance-monitor/v1/curldata' REST API endpoint. This makes it possible for...

7.2CVSS0.00374EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/21 3:27 a.m.6 views

CVE-2026-3478 Content Syndication Toolkit <= 1.3 - Unauthenticated Server-Side Request Forgery via 'url' Parameter

The Content Syndication Toolkit plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3 via the reduxp AJAX action in the bundled ReduxFramework library. The plugin registers a proxy endpoint wpajaxnoprivreduxp that is accessible to...

7.2CVSS5.9AI score0.00272EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.10 views

WordPress plugin Post Affiliate Pro 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS6AI score0.00259EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/20 7:21 a.m.3 views

CVE-2026-33060

CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to...

5.3CVSS5.9AI score0.00289EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/03/19 7:13 p.m.5 views

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webSiteRootURL parameter in the saveDVR.json.php endpoint. An attacker can cause the server to make arbitrary HTTP request...

9.1CVSS5.9AI score0.00431EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.8 views

PT-2026-24836

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.0 Description SiYuan is a personal knowledge management system. The /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a...

9.9CVSS7.2AI score0.22162EPSS
Exploits70References137
RedhatCVE
RedhatCVE
added 2026/02/21 1:28 a.m.7 views

CVE-2026-26286

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior to 1.16.0, a Server-Side Request Forgery SSRF vulnerability in the asset download endpoint allow...

8.5CVSS5.8AI score0.00282EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

SillyTavern 代码问题漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.16.0 had code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing in the asset download endpoint, which could allow authenticated users to make...

8.5CVSS6AI score0.00282EPSS
Exploits1References1
Rows per page
Query Builder