CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

89463 matches found

CVE•added 2026/06/01 4:30 p.m.•16 views

CVE-2026-10274

Summary: CVE-2026-10274 concerns the indrasishbanerjee aem-mcp-server (up to commit b5f833aef9b5dfd17a5991b3b18a8a11edbdc583) and affects the function getAssetMetadata in file src/mcp-server.ts within the Axios Request Flow component. By manipulating the argument assetPath, a remote attacker can ...

6.5CVSS6.3AI score0.00209EPSS

Exploits0References6

RedhatCVE•added 2026/06/01 4:3 p.m.•12 views

CVE-2026-10177

A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file apidocs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has...

6.5CVSS5.4AI score0.00209EPSS

Exploits0References1

GithubExploit•added 2026/06/01 12:2 p.m.•97 views

Exploit for Reliance on Cookies without Validation and Integrity Checking in Paloaltonetworks Pan-Os

CVE-2026-0257 - Palo Alto Networks GlobalProtect Authenticatio...

9.1CVSS6AI score0.86678EPSS

Exploits9

OSV•added 2026/06/01 11:42 a.m.•5 views

BIT-KIBANA-2026-49093 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...

7.7CVSS5.8AI score0.00181EPSS

Exploits0References2

OSV•added 2026/06/01 11:42 a.m.•7 views

BIT-KIBANA-2026-42398 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery CWE-918 in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kibana to issue outbound requests to destinations...

7.7CVSS5.8AI score0.00272EPSS

Exploits0References2

OSV•added 2026/06/01 11:39 a.m.•5 views

BIT-ELK-2026-49093 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

7.7CVSS5.8AI score0.00181EPSS

Exploits0References2

OSV•added 2026/06/01 11:39 a.m.•8 views

BIT-ELK-2026-42398 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

7.7CVSS5.8AI score0.00272EPSS

Exploits0References2

NVD•added 2026/06/01 11:16 a.m.•11 views

CVE-2026-49328

Server-Side Request Forgery SSRF in the UrlImageConverter component of Apache Fesod Incubating fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal or otherwise restricted resources via a user-supplied image URL. Users are recommended to upgrade to...

5.3CVSS0.00502EPSS

Exploits0References5

CVE•added 2026/06/01 10:10 a.m.•31 views

CVE-2026-49328

CVE-2026-49328 describes a Server-Side Request Forgery (SSRF) in the UrlImageConverter component of Apache Fesod (Incubating) fesod-sheet prior to 2.0.2-incubating. The issue allows an attacker to cause outbound network requests to internal or otherwise restricted resources through a user-supplie...

5.3CVSS5.8AI score0.00502EPSS

Exploits0References5Affected Software1

Cvelist•added 2026/06/01 10:10 a.m.•31 views

CVE-2026-49328 Apache Fesod (Incubating): Improper validation of user-supplied URLs leading to SSRF

0.00502EPSS

Exploits0References4

EUVD•added 2026/06/01 10:10 a.m.•11 views

EUVD-2026-33622

5.3CVSS5.8AI score0.00502EPSS

Exploits0References4

Vulnrichment•added 2026/06/01 10:10 a.m.•10 views

CVE-2026-49328 Apache Fesod (Incubating): Improper validation of user-supplied URLs leading to SSRF

5.8AI score0.00502EPSS

Exploits0References4

NVD•added 2026/06/01 9:16 a.m.•21 views

CVE-2026-40549

SOPlanning is vulnerable to Cross‑Site Request Forgery CSRF in groupesave create, modify and delete endpoints. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged GET or POST request to the application. This issue affects SOPlanning...

5.1CVSS0.00182EPSS

Exploits0References2

NVD•added 2026/06/01 9:16 a.m.•15 views

CVE-2026-10517

A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...

5.8CVSS0.00281EPSS

Exploits0References2

NVD•added 2026/06/01 9:16 a.m.•12 views

CVE-2026-10239

A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be...

6.5CVSS0.0027EPSS

Exploits0References6

NVD•added 2026/06/01 9:16 a.m.•14 views

CVE-2026-10240

A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly...

6.5CVSS0.0027EPSS

Exploits0References6

NVD•added 2026/06/01 9:16 a.m.•12 views

CVE-2026-10241

A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. T...

6.5CVSS0.0027EPSS

Exploits0References6

EUVD•added 2026/06/01 9:4 a.m.•10 views

EUVD-2026-33615

8.8CVSS5.8AI score0.00273EPSS

Exploits0References2