Lucene search
K

58 matches found

Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-58122 Hermes WebUI < 0.51.307 Authentication Bypass via X-Forwarded-For Header Spoofing

Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by supplying a spoofed X-Forwarded-For header with a loopback address. Attackers can exploit this bypass to...

9.3CVSS0.00293EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 3 days ago10 views

PT-2026-56988

Name of the Vulnerable Software and Affected Versions Hermes WebUI versions prior to 0.51.307 Description An authentication bypass exists that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints. This is achieved by supplying a spoofed...

9.3CVSS6.2AI score0.00293EPSS
Exploits0References8
NVD
NVD
added 2026/06/29 6:16 p.m.11 views

CVE-2026-56285

Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, allowing unauthenticated attackers to compute valid HMACs for arbitrary URLs. Attackers can retrieve HTTP responses from any host reachable by the server, including...

8.6CVSS0.0036EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/29 5:13 p.m.6 views

EUVD-2026-40154

Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, allowing unauthenticated attackers to compute valid HMACs for arbitrary URLs. Attackers can retrieve HTTP responses from any host reachable by the server, including...

8.6CVSS5.9AI score0.0036EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:5 p.m.5 views

CVE-2026-53927

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-fetch endpoint axiosRequestMake accepted URLs whose path contained a permitted extension anywhere in the string, and applied a hand-rolled regex blocklist that omitted 127.0.0.0/8 and 169.254.0.0/16,...

5.1CVSS5.8AI score0.00282EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/25 3:16 p.m.24 views

CVE-2026-47076

Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackneyurl:normalize/2 URL-decodes the host component after the URL has been parsed into a hackneyurl record. OTP's uristring:parse/1 and inet:parseaddress/1 do not decode percent-escapes in the host, so ...

6.9CVSS0.00201EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/12 4:29 p.m.38 views

CVE-2026-43993 JunoClaw: SSRF in WAVS computeDataVerify allows cloud-metadata and internal-service access

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1...

8.2CVSS0.0023EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/12 4:29 p.m.8 views

CVE-2026-43993 JunoClaw: SSRF in WAVS computeDataVerify allows cloud-metadata and internal-service access

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1...

8.2CVSS5.8AI score0.0023EPSS
Exploits0References3
CVE
CVE
added 2026/05/11 4:30 p.m.27 views

CVE-2026-2393

CVE-2026-2393: MLflow prior to 3.9.0 is vulnerable to SSRF via a user-controlled webhook URL. The _create_webhook() handler stores the URL without validation, and _send_webhook_request() POSTs to that URL, enabling an authenticated attacker to cause the MLflow backend to reach internal services, ...

7.1CVSS7.3AI score0.00288EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 8:53 p.m.15 views

MagicMirror vulnerable to unauthenticated SSRF via /cors endpoint

Summary An unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environme...

9.2CVSS6AI score0.01623EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/05/05 7:19 p.m.9 views

EUVD-2026-27452

Twenty is an open source CRM built with NestJS Node.js. In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 addresses in URL IP literals. Node.js's URL parser normalizes IPv4-mapped IPv6 addresses to compressed hex...

8.3CVSS5.8AI score0.0024EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/30 6:12 p.m.5 views

Server-side Request Forgery (SSRF)

Overview n8n-mcp is an Integration between n8n workflow automation and Model Context Protocol MCP Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the SSRFProtection.validateUrlSync function in the src/utils/ssrf-protection.ts component. An attacker can rea...

8.5CVSS5.8AI score0.00206EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/30 5:24 p.m.9 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the FilterDeadline function. An attacker can force the application to make arbitrary outbound HTTP POST requests to internal or external destinations by supplying a crafted URL in the...

7.2CVSS6AI score0.00236EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/29 8:54 p.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Proxy process. An attacker can access internal services, retrieve sensitive cloud metadata, port-scan internal networks, or trigger internal-only endpoints by creating a cluster node with an...

9.9CVSS5.8AI score0.00318EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2026/04/24 7:24 a.m.12 views

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving large language models LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure. The vulnerability, tracked as CVE-2026-33626 CVSS score: 7.5, relate...

9.8CVSS8.6AI score0.54254EPSS
Exploits17
Snyk
Snyk
added 2026/04/20 12:30 a.m.6 views

Server-side Request Forgery (SSRF)

Overview ragas is an Evaluation framework for RAG and LLM applications Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper validation of URLs in the retrievedcontexts parameter when processing multimodal inputs. An attacker can access arbitrary files,...

8.1CVSS6.5AI score0.00534EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/17 11:54 p.m.34 views

CVE-2026-40346 NocoBase has SSRF in Workflow HTTP Request and Custom Request Plugins

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.37, NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any SSRF protection. An...

6.4CVSS0.00384EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/16 12:54 a.m.5 views

EUVD-2026-23121

ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...

6.8CVSS5.9AI score0.00385EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/15 9:25 p.m.4 views

CVE-2026-40500

...

5.9AI score0.00385EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.7 views

PT-2026-33211

Name of the Vulnerable Software and Affected Versions NocoBase versions prior to 2.0.37 Description The workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without protection against Server-Side Request Forgery SSRF, a flaw where an...

6.5CVSS5.8AI score0.00384EPSS
Exploits1References10
Rows per page
Query Builder