Apache Solr <=8.8.1 - Server-Side Request Forgery

Apache Solr versions 8.8.1 and prior contain a server-side request forgery vulnerability. The ReplicationHandler normally registered at "/replication" under a Solr core in Apache Solr has a "masterUrl" also "leaderUrl" alias parameter that is used to designate another ReplicationHandler on anothe...

Oracle Weblogic - Server-Side Request Forgery

An unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services. id: CVE-2014-4210 info: name: Oracle Weblogic - Server-Side Request Forgery author:...

XStream <1.4.15 - Server-Side Request Forgery

XStream before 1.4.15 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorize...

EUVD-2026-38199

A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the component File URL Handler. The manipulation results in server-side request forgery. The attack can be...

CVE-2026-12813

A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the component File URL Handler. The manipulation results in server-side request forgery. The attack can be...

CVE-2026-12813 activepieces File URL file.ts handleUrlFile server-side request forgery

A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the component File URL Handler. The manipulation results in server-side request forgery. The attack can be...

CVE-2026-12813

A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the component File URL Handler. The manipulation results in server-side request forgery. The attack can be...

CVE-2026-12813

Affected software: activepieces (

CVE-2026-56265

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protected...

CVE-2026-12798

A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function loadopenapispecasync of the file litellm/proxy/experimental/mcpserver/openapitomcpgenerator.py of the component MCP OpenAPI Spec Loader. This manipulation of the argument specpath causes...

CVE-2026-12798 BerriAI litellm MCP OpenAPI Spec Loader openapi_to_mcp_generator.py load_openapi_spec_async server-side request forgery

A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function loadopenapispecasync of the file litellm/proxy/experimental/mcpserver/openapitomcpgenerator.py of the component MCP OpenAPI Spec Loader. This manipulation of the argument specpath causes...

EUVD-2026-38157

A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function loadopenapispecasync of the file litellm/proxy/experimental/mcpserver/openapitomcpgenerator.py of the component MCP OpenAPI Spec Loader. This manipulation of the argument specpath causes...

CVE-2026-12798

CVE-2026-12798 affects BerriAI litellm up to 1.82.2, specifically the MCP OpenAPI Spec Loader’s load_openapi_spec_async function. The root cause is manipulation of the spec_path argument allowing server-side request forgery, which can be triggered remotely. The description notes that the exploit ...

CVE-2026-12774

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function executewithmcpclient of the file litellm/proxy/experimental/mcpserver/restendpoints.py of the component MCP Server Connection Testing. The manipulation leads to server-side...

CVE-2026-12774 BerriAI litellm MCP Server Connection Testing rest_endpoints.py _execute_with_mcp_client server-side request forgery

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function executewithmcpclient of the file litellm/proxy/experimental/mcpserver/restendpoints.py of the component MCP Server Connection Testing. The manipulation leads to server-side...

CVE-2026-12774

CVE-2026-12774 affects BerriAI litellm up to 1.82.2. The vulnerability targets the function _execute_with_mcp_client in litellm/proxy/_experimental/mcp_server/rest_endpoints.py (MCP Server Connection Testing). It enables server‑side request forgery through manipulation of this component, with rem...

EUVD-2026-38140

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function executewithmcpclient of the file litellm/proxy/experimental/mcpserver/restendpoints.py of the component MCP Server Connection Testing. The manipulation leads to server-side...

Apache OFBiz < 18.12.11 - Server Side Request Forgery

Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes th...

PT-2026-51198

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description An issue in the MCP Server Connection Testing component allows for server-side request forgery SSRF, which is a flaw that enables an attacker to induce the server-side application to make...

PT-2026-51260

Name of the Vulnerable Software and Affected Versions activepieces versions prior to 0.83.1 Description An issue exists in the File URL Handler component within the handleUrlFile function located in the packages/server/engine/src/lib/variables/processors/file.ts library. This flaw allows for remo...