Lucene search
K

35 matches found

EUVD
EUVD
added yesterday8 views

EUVD-2026-33273

Mautic Focus component Vulnerable to SSRF...

6.4CVSS5.8AI score0.00138EPSS
Exploits0References2
EUVD
EUVD
added last week6 views

EUVD-2026-39638

The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated...

8.3CVSS5.9AI score0.00222EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52667

Name of the Vulnerable Software and Affected Versions WSO2 API Manager affected versions not specified Description The message flow component fails to sufficiently validate or restrict user-controlled input within WS-Addressing headers. This allows an unauthenticated attacker to manipulate these...

10CVSS5.9AI score0.00222EPSS
Exploits0References6
OSV
OSV
added 2026/06/12 3:4 p.m.7 views

GHSA-24FP-5V3P-RVPW Chisel has an ACL Bypass via Post-Handshake SSH Channel ExtraData Injection

Summary Authenticated chisel clients can bypass --authfile ACL restrictions and tunnel traffic to arbitrary destinations reachable from the server. The ACL is enforced only during the initial handshake against declared remotes, but never on subsequent SSH channels that carry actual traffic. A...

8.5CVSS5.6AI score0.00038EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-5936

An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints e.g., cloud metadata services, or bypass...

8.5CVSS5.6AI score0.00188EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.11 views

CVE-2026-44258

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the elfindercheckRisk function validates target and targets for path traversal and home containment, but does not validate the dst destination parameter used by elfinderpaste. An attacker can copy or move files from within the home...

9.3CVSS5.9AI score0.0029EPSS
Exploits0References1
NVD
NVD
added 2026/04/13 7:16 a.m.10 views

CVE-2026-5936

An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints e.g., cloud metadata services, or bypass...

8.5CVSS0.00188EPSS
Exploits0References1
CVE
CVE
added 2026/04/13 6:57 a.m.11 views

CVE-2026-5936

CVE-2026-5936 pertains to Foxit PDF Services API and describes a server-side request forgery (SSRF) where an attacker can influence a server to perform HTTP requests to arbitrary destinations by supplying a crafted URL. Affects the component handling URL parameters; this can enable probing intern...

8.5CVSS5.8AI score0.00188EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/13 6:57 a.m.3 views

CVE-2026-5936

An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints e.g., cloud metadata services, or bypass...

8.5CVSS5.8AI score0.00188EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.8 views

PT-2026-32283

An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints e.g., cloud metadata services, or bypass...

8.5CVSS5.8AI score0.00188EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/09 5:41 p.m.1 views

CVE-2026-40072

web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...

6.3CVSS6AI score0.00228EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2026/04/01 11:15 a.m.6 views

CVE-2026-0932

Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...

7.3CVSS0.00195EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/19 6:38 p.m.21 views

CVE-2026-27472 SPIP < 4.4.9 Blind Server-Side Request Forgery via Syndicated Sites

SPIP before 4.4.9 allows Blind Server-Side Request Forgery SSRF via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is a valid remote URL, allowing an authenticated attacker to make the server issue requests to arbitra...

5.3CVSS0.00262EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-27472

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 4.4.9 allows Blind Server-Side Request Forgery SSRF via syndicated sites in the private area. When editing a syndicated site, the application does n...

5.3CVSS6AI score0.00262EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.7 views

PT-2026-20845

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9 Description SPIP before version 4.4.9 contains a Blind Server-Side Request Forgery SSRF issue related to syndicated sites within the private area. The application does not validate the syndication URL when editing ...

4.3CVSS5.5AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.9 views

PT-2025-53337

Name of the Vulnerable Software and Affected Versions Teradek VidiU Pro version 3.0.3 Description The software contains a server-side request forgery issue in the management interface. Attackers can manipulate GET parameters url and xml url to bypass firewalls, perform network enumeration, and...

6.9CVSS6.7AI score0.00301EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2025/12/16 8:44 p.m.5 views

CVE-2023-53893

Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter that allows attackers to bypass network restrictions. Attackers can exploit the unvalidated parameter to initiate file, service, and network enumeration by forcing the...

6.5CVSS7AI score0.00237EPSS
Exploits1References1
NVD
NVD
added 2025/12/15 9:15 p.m.3 views

CVE-2023-53893

Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter that allows attackers to bypass network restrictions. Attackers can exploit the unvalidated parameter to initiate file, service, and network enumeration by forcing the...

6.5CVSS0.00237EPSS
Exploits1References4
OSV
OSV
added 2025/12/15 9:15 p.m.4 views

CVE-2023-53893

Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter that allows attackers to bypass network restrictions. Attackers can exploit the unvalidated parameter to initiate file, service, and network enumeration by forcing the...

6.5CVSS5.9AI score0.00237EPSS
Exploits1References4
Veracode
Veracode
added 2025/12/13 7:30 a.m.5 views

Server-Side Request Forgery (SSRF)

Open WebUI is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs, allowing authenticated users to force the server to send HTTP requests to arbitrary destinations, which may enable access to internal services, cloud metadata...

8.5CVSS5.9AI score0.03965EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder