Lucene search
K

60 matches found

EUVD
EUVD
added 4 hours ago4 views

EUVD-2026-43555

CrewAI before 1.15.1 contains a server-side request forgery vulnerability in the validateurl function that performs one-shot DNS resolution and blocklist checks before returning the original URL unchanged. Attackers can bypass the security filter by supplying URLs that redirect to internal...

8.3CVSS6.1AI score
Exploits0References6
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-56261 Crawl4AI - Server-Side Request Forgery via Webhook URLs

Crawl4AI before 0.8.7 contains a server-side request forgery SSRF vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation. An attacker can supply webhook URLs pointing to private or internal IP ranges, Docker networks, o...

9.2CVSS0.00371EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42726

Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by supplying a spoofed X-Forwarded-For header with a loopback address. Attackers can exploit this bypass to...

9.3CVSS6AI score0.00293EPSS
Exploits0References5
NVD
NVD
added 2026/06/26 9:16 p.m.10 views

CVE-2026-54353

Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypass Budibase's SSRF blacklist through DNS rebinding. The outbound fetch flow validates a hostname against the blacklist before the request is sent, but the actual socket connectio...

8.5CVSS0.00202EPSS
Exploits1References1
NVD
NVD
added 2026/06/25 7:16 p.m.10 views

CVE-2026-56771

NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the addurl endpoint that allows authenticated users to make arbitrary server requests to internal networks by failing to filter private IP addresses. Attackers can exploit this to access localhost services and...

8.5CVSS0.00204EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.34 views

CVE-2026-12095 Kargo Takip <= 1.2 - Unauthenticated Server-Side Request Forgery via 'api_url' Parameter

The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'apiurl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

7.2CVSS0.0029EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:33 a.m.6 views

CVE-2026-12095

The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'apiurl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

7.2CVSS6AI score0.0029EPSS
Exploits0References5
NVD
NVD
added 2026/06/20 7:16 p.m.14 views

CVE-2026-56342

AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenticated administrators to read arbitrary URLs via the statsURL parameter, which lacks isSSRFSafeURL validation and accepts requests to private IP ranges and cloud metadata...

6.8CVSS0.00236EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 1:1 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the processing of user-supplied URLs in outgoing HTTP components, including notification channels, OIDC backchannel logout, and SAML metadata fetches. An attacker can access internal network resources...

4.2CVSS6AI score0.00252EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 1:1 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the processing of user-supplied URLs in outgoing HTTP components, including notification channels, OIDC backchannel logout, and SAML metadata fetches. An attacker can access internal network resources...

4.2CVSS6AI score0.00252EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 1:1 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the processing of user-supplied URLs in outgoing HTTP components, including notification channels, OIDC backchannel logout, and SAML metadata fetches. An attacker can access internal network resources...

4.2CVSS6AI score0.00252EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-50166

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.9 Description The Docker API server fails to apply Server-Side Request Forgery SSRF destination checks to proxy addresses, only validating the crawl target URL. Because the Docker API is unauthenticated by defaul...

8.6CVSS5.8AI score0.00289EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.10 views

CVE-2026-2393

A flaw was found in MLflow. An authenticated attacker can exploit a Server-Side Request Forgery SSRF vulnerability by providing an unvalidated URL parameter to the createwebhook function. This allows the MLflow backend to be forced into sending HTTP requests to internal services, cloud metadata...

8.5CVSS7AI score0.00288EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/28 12:30 p.m.18 views

EUVD-2026-32862

FlowIntel up to version 3.3.0 contains a server-side request forgery SSRF vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specifi...

6.2CVSS5.8AI score0.00232EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 6:16 p.m.25 views

CVE-2026-48148

Budibase is an open-source low-code platform. Prior to 3.35.3, the VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reserved hostnames, or URL schemes. Any authenticated user with builder-level access can supply an...

5.3CVSS0.00226EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 6:31 p.m.5 views

GHSA-65H7-C7C4-MGHX MLflow Has a Server-Side Request Forgery (SSRF) Vulnerability

A Server-Side Request Forgery SSRF vulnerability exists in MLflow versions prior to 3.9.0. The createwebhook function in mlflow/server/handlers.py accepts a user-controlled url parameter without validation, and the sendwebhookrequest function in mlflow/webhooks/delivery.py sends HTTP POST request...

7.1CVSS6AI score0.00288EPSS
Exploits1References4
NVD
NVD
added 2026/05/11 6:16 p.m.10 views

CVE-2026-2393

A Server-Side Request Forgery SSRF vulnerability exists in MLflow versions prior to 3.9.0. The createwebhook function in mlflow/server/handlers.py accepts a user-controlled url parameter without validation, and the sendwebhookrequest function in mlflow/webhooks/delivery.py sends HTTP POST request...

7.1CVSS0.00288EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/07 8:46 p.m.8 views

CVE-2026-42449 n8n-MCP: IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRF for SDK embedders

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the SDK embedder path N8NDocumentationMCPServer constructor, getN8nApiClient, and validateInstanceContext, the synchronous URL validator in...

8.5CVSS5.8AI score0.00206EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.24 views

PT-2026-38638

Name of the Vulnerable Software and Affected Versions Next.js versions 13.4.13 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description Self-hosted applications using the built-in Node.js server are subject to server-side request forgery SSRF, a condition where an attacker forces a serv...

8.6CVSS6AI score0.38811EPSS
Exploits9References73
Cvelist
Cvelist
added 2026/04/20 4:4 p.m.33 views

CVE-2026-25883 Vexa Webhook Feature has a SSRF Vulnerability

Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa webhook feature allows authenticated users to configure an arbitrary URL that receives HTTP POST requests when meetings complete. The application performs no validation on th...

5.8CVSS0.00203EPSS
Exploits0References1
Rows per page
Query Builder