Lucene search
K

184 matches found

RedhatCVE
RedhatCVE
added 2026/06/26 9:31 p.m.9 views

CVE-2026-57234

A flaw was found in Nokogiri, an XML and HTML library for Ruby. The NONET parse option, intended to prevent external resource fetching, was not correctly enforced in the JRuby implementation of Nokogiri::XML::Schema. This oversight could allow a specially crafted XML schema to fetch external...

4.8CVSS5.6AI score0.00166EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 2:30 p.m.34 views

CVE-2026-57234 Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

2.6CVSS0.00166EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:30 p.m.5 views

EUVD-2026-39421

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

4.3CVSS6.6AI score0.01109EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/18 1:4 p.m.8 views

Gotenberg: SSRF via LibreOffice document processing

Summary Server-Side Request Forgery SSRF vulnerability affecting the /forms/libreoffice/convert endpoint in Gotenberg v8.33.0 running with the default configuration. By uploading a specially crafted DOCX document, an attacker can cause LibreOffice to automatically retrieve external resources duri...

7.5CVSS5.5AI score0.00355EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/18 1:4 p.m.5 views

GHSA-2MRG-35HW-X3X9 Gotenberg: SSRF via LibreOffice document processing

Summary Server-Side Request Forgery SSRF vulnerability affecting the /forms/libreoffice/convert endpoint in Gotenberg v8.33.0 running with the default configuration. By uploading a specially crafted DOCX document, an attacker can cause LibreOffice to automatically retrieve external resources duri...

7.5CVSS5.5AI score0.00355EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/02 4:1 p.m.13 views

CVE-2026-40564

Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...

6.5CVSS5.8AI score0.0049EPSS
Exploits3References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Batik

A Server-Side Request Forgery SSRF vulnerability exists in the Batik of Apache XML Graphics, allowing attackers to retrieve external resources. This issue affects Apache XML Graphics Batik version 1.14...

5.3CVSS6.6AI score0.01954EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Batik

A server-side request forgery SSRF vulnerability exists in Apache Software Foundation Apache XML Graphics Batik. This issue affects Apache XML Graphics Batik version 1.16. In version 1.16, a malicious SVG file may trigger the loading of external resources by default, leading to resource consumpti...

7.1CVSS6.6AI score0.00786EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 5:14 p.m.57 views

CVE-2026-42141 Xibo: Authenticated Server-Side Request Forgery (SSRF) in Library Upload via URL functionality

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery SSRF vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests fr...

7.7CVSS0.00369EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/12 5:14 p.m.11 views

EUVD-2026-29701

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery SSRF vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests fr...

7.7CVSS5.9AI score0.00369EPSS
Exploits1References1
CVE
CVE
added 2026/05/12 5:14 p.m.18 views

CVE-2026-42141

CVE-2026-42141 affects Xibo CMS prior to 4.4.1, where an authenticated user with Library upload permissions can trigger SSRF via the /library/uploadUrl endpoint by supplying a URL parameter. The vulnerability allows the CMS server to perform arbitrary HTTP requests to internal or external resourc...

7.7CVSS5.9AI score0.00369EPSS
Exploits1References1
NVD
NVD
added 2026/05/11 10:22 p.m.23 views

CVE-2026-42188

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an...

2.4CVSS0.00158EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/24 12:14 a.m.8 views

EUVD-2026-25366

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...

4.9CVSS5.8AI score0.00282EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

Xibo 代码问题漏洞

Xibo is a digital signage content management tool developed by Dan Garner personally. Versions of Xibo prior to 4.4.1 contained code vulnerabilities. These vulnerabilities stemmed from server-side request forgery attacks, which could allow users with DSData permissions to make arbitrary HTTP...

4.9CVSS6AI score0.00282EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/22 9:13 p.m.5 views

CVE-2026-41170 Squidex has SSRF via Backup Restore Endpoint — Admin-Controlled URL Download Allows Internal and External Requests

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the RestoreController.PostRestoreJob endpoint allows an administrator to supply an arbitrary URL for downloading backup archives. This URL is fetched using the "Backup" HttpClient...

8.5CVSS5.9AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.11 views

PT-2026-33864

OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows attackers to access internal resources by following unvalidated redirects. The marketplace.ts module fails to restrict redirect destinations during archive...

7.6CVSS6AI score0.00236EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/16 8:12 a.m.32 views

CVE-2024-2374 XML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of Service

The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. This omission allows malicious actors to craft XML payloads that exploit the parser's behavior, leading to the inclusion of external resources. ...

7.5CVSS0.00377EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/10 1:23 a.m.7 views

CVE-2026-31017

A Server-Side Request Forgery SSRF vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before being rendered into PDF. When generating PDFs from user-controlled HTML content, the application...

9.1CVSS6.1AI score0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 12:0 a.m.20 views

CVE-2026-31017

A Server-Side Request Forgery SSRF vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before being rendered into PDF. When generating PDFs from user-controlled HTML content, the application...

0.00236EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 12:0 a.m.10 views

CVE-2026-31017

A Server-Side Request Forgery SSRF vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before being rendered into PDF. When generating PDFs from user-controlled HTML content, the application...

6.1AI score0.00236EPSS
Exploits0References3
Rows per page
Query Builder