464 matches found
MagicMirror <= 2.35.0 - Server-Side Request Forgery
An unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment...
CVE-2026-44578
A flaw was found in Next.js. Self-hosted applications utilizing the built-in Node.js server are vulnerable to Server-Side Request Forgery SSRF through specially crafted WebSocket upgrade requests. A remote attacker can exploit this by causing the server to proxy requests to arbitrary internal or...
PT-2026-45353
A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...
Clair code issue vulnerabilities
Clair is a project open source by QUAY. It is used for static analysis of vulnerabilities in application containers currently including OCI and Docker. Clair has code-related vulnerabilities. These vulnerabilities arise from the fetcher component, which allows unauthenticated attackers to perform...
CVE-2026-10177
A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file apidocs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has...
CVE-2026-42965
A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN Fully Qualified Domain Name EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud...
CVE-2026-42965
CVE-2026-42965 affects the OpenShift Router. The issue arises when a user with EndpointSlice write access creates a Service backed by an FQDN EndpointSlice that resolves to a cloud metadata endpoint, allowing the router to proxy requests to that endpoint and disclose instance credentials and othe...
CVE-2026-42965
A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN Fully Qualified Domain Name EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud...
CVE-2026-42965 Openshift/router: openshift/router: cloud metadata ssrf via fqdn-typed endpointslice bypasses destination validation
A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN Fully Qualified Domain Name EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud...
CVE-2026-42965 Openshift/router: openshift/router: cloud metadata ssrf via fqdn-typed endpointslice bypasses destination validation
A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN Fully Qualified Domain Name EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud...
Red Hat OpenShift 代码问题漏洞
Red Hat OpenShift is a Platform as a Service PaaS cloud computing platform provided by Red Hat Inc. It supports the construction, testing, deployment, and running of applications. There is a code vulnerability in Red Hat OpenShift. This vulnerability arises from users with write permissions for...
PT-2026-44798
A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN Fully Qualified Domain Name EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud...
compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem
A source code audit led to the discovery of three significant security vulnerabilities in the trestle/core/remote/cache.py module. Finding 1 Critical: SSRF CWE-918 The HTTPSFetcher.dofetch method passes a user-supplied URL directly to requests.get without validation. This allows an attacker to...
EUVD-2026-32862
FlowIntel up to version 3.3.0 contains a server-side request forgery SSRF vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specifi...
BIT-MLFLOW-2026-2393 Server-Side Request Forgery (SSRF) in mlflow/mlflow
A Server-Side Request Forgery SSRF vulnerability exists in MLflow versions prior to 3.9.0. The createwebhook function in mlflow/server/handlers.py accepts a user-controlled url parameter without validation, and the sendwebhookrequest function in mlflow/webhooks/delivery.py sends HTTP POST request...
CVE-2026-48148
Budibase is an open-source low-code platform. Prior to 3.35.3, the VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reserved hostnames, or URL schemes. Any authenticated user with builder-level access can supply an...
CVE-2026-48146
Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses raw fetchconfig.url with no SSRF protection. The safe wrapper fetchWithBlacklist exists in the same codebase and is used in every other outbound...
CVE-2026-48148 Budibase: Unvalidated VectorDB Host Parameter Enables SSRF
Budibase is an open-source low-code platform. Prior to 3.35.3, the VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reserved hostnames, or URL schemes. Any authenticated user with builder-level access can supply an...
CVE-2026-48153
Budibase: CVE-2026-48153 affects Budibase before 3.39.0. The OAuth2 SDK’s fetchToken makes a POST to a builder-supplied URL using plain node-fetch and bypasses the isBlacklisted outbound-fetch path check, and the OAuth2 URL Joi schema has no scheme/host restrictions. This enables SSRF to reach in...
EUVD-2025-203462
Weblate has a Server-Side Request Forgery issue...