CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/04/10 7:49 p.m.•1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the validateWebhookURL function. An administrator can access internal network resources and cloud metadata endpoints by submitting webhook URLs that use hostnames resolving to private IP addresses,...

7CVSS5.8AI score

Snyk•added 2026/04/10 7:49 p.m.•1 views

Server-side Request Forgery (SSRF)

7CVSS5.8AI score

Snyk•added 2026/04/10 7:40 p.m.•1 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the dashboard log endpoints. An attacker can access sensitive operational log data by sending authenticated requests to the log endpoints without requiring elevated privileges. Remediation Upgrade...

5.3CVSS5.8AI score

RedhatCVE•added 2026/04/07 5:3 p.m.•1 views

CVE-2026-35037

Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, the GET /api/website/title endpoint accepts an arbitrary URL via the websiteurl query parameter and makes a server-side HTTP request to it without any validation of the target host or IP address. Th...

NVD•added 2026/04/06 5:17 p.m.•0 views

CVE-2026-35037

7.2CVSS0.00022EPSS

NVD•added 2026/04/06 5:17 p.m.•1 views

CVE-2026-35036

Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, Ech0 implements link preview editor fetches a page title through GET /api/website/title. That is legitimate product behavior, but the implementation is unsafe: the route is unauthenticated, accepts ...

7.5CVSS0.00065EPSS

CVE•added 2026/04/06 4:56 p.m.•4 views

CVE-2026-35037

Ech0 (GetWebsiteTitle endpoint) is affected by an unauthenticated SSRF vulnerability (CVE-2026-35037) prior to version 4.2.8. The GET /api/website/title endpoint accepts a user-supplied website_url, makes a server-side HTTP request without validating the target, and returns the HTML title content...

Exploits2References1Affected Software1

Vulnrichment•added 2026/04/06 4:56 p.m.•0 views

CVE-2026-35037 Ech0 affected by unauthenticated SSRF in GetWebsiteTitle allows access to internal services and cloud metadata

CVE•added 2026/04/06 4:55 p.m.•11 views

CVE-2026-35036

Ech0 is vulnerable to an unauthenticated server-side request forgery (SSRF) via GET /api/website/title. The endpoint accepts a fully attacker-controlled URL and performs a server-side HTTP(S) fetch from the Ech0 instance, reading the entire response into memory. No host allowlist or SSRF filterin...

7.5CVSS5.9AI score0.00065EPSS

Exploits1References1Affected Software1

Cvelist•added 2026/04/06 4:55 p.m.•17 views

CVE-2026-35036 Ech0 Affected by Unauthenticated Server-Side Request Forgery in Website Preview Feature

7.5CVSS0.00065EPSS

Vulnrichment•added 2026/04/06 4:55 p.m.•0 views

CVE-2026-35036 Ech0 Affected by Unauthenticated Server-Side Request Forgery in Website Preview Feature

7.5CVSS5.9AI score0.00065EPSS

CNNVD•added 2026/04/06 12:0 a.m.•3 views

Ech0 代码问题漏洞

Ech0 is a self-hosted personal microblogging platform developed by L1nSn0w. Versions of Ech0 prior to 4.2.8 had code vulnerabilities. These vulnerabilities stemmed from the use of the GET /api/website/title route for link previews. This route lacked authentication and accepted URLs that could be...

7.5CVSS5.9AI score0.00065EPSS

CNNVD•added 2026/04/06 12:0 a.m.•3 views

Ech0 代码问题漏洞

Ech0 is a self-hosted personal microblogging platform developed by L1nSn0w. Versions of Ech0 prior to 4.2.8 had code vulnerabilities. These vulnerabilities stemmed from the GET /api/website/title endpoint, which made server-side HTTP requests to arbitrary URLs without verification. This could all...