Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
πŸ”₯ Daily Hot!
πŸ’ͺ🏽 CPE Enhanced Advisories
πŸ•Ά Shadow Exploits
πŸ•΅πŸΌ Vulners CPE
πŸ” Security news
πŸ’» Exploit updates
πŸ“‘ Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
πŸ€– AI High Score
πŸ“° CVE Feed
show all

89539 matches found

Snyk
Snykβ€’added 2026/05/28 10:45 p.m.β€’5 views

Server-side Request Forgery (SSRF)

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Webhook connector. An attacker can access internal network resources by configuring a...

7.7CVSS5.3AI score0.00272EPSS
Exploits0References2
Snyk
Snykβ€’added 2026/05/28 10:44 p.m.β€’6 views

Server-side Request Forgery (SSRF)

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the connector management. An attacker can access internal network resources by bypassing...

7.7CVSS5.3AI score0.00181EPSS
Exploits0References2
Debian
Debianβ€’added 2026/05/28 8:53 p.m.β€’13 views

[SECURITY] [DSA 6308-1] nagios4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6308-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 28, 2026 https://www.debian.org/security/faq -...

5.7AI score
Exploits0
Cvelist
Cvelistβ€’added 2026/05/28 8:38 p.m.β€’30 views

CVE-2026-45366 typescript-utcp: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol

typescript-utcp is a typescript implementation of UTCP. Prior to 1.1.2, the @utcp/http package is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registerManual validates the discovery URL against an HTT...

4.7CVSS0.00122EPSS
Exploits0References1
Vulnrichment
Vulnrichmentβ€’added 2026/05/28 8:38 p.m.β€’8 views

CVE-2026-45366 typescript-utcp: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol

typescript-utcp is a typescript implementation of UTCP. Prior to 1.1.2, the @utcp/http package is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registerManual validates the discovery URL against an HTT...

4.7CVSS5.8AI score0.00122EPSS
Exploits0References1
EUVD
EUVDβ€’added 2026/05/28 8:38 p.m.β€’11 views

EUVD-2026-33053

typescript-utcp is a typescript implementation of UTCP. Prior to 1.1.2, the @utcp/http package is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registerManual validates the discovery URL against an HTT...

4.7CVSS5.8AI score0.00122EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBβ€’added 2026/05/28 8:25 p.m.β€’7 views

CVE-2026-44657

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, using showinline=1 parameter and a valid fileshowinlinetoken CSRF token on filedownload.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. This vulnerability i...

7.5CVSS6AI score0.00349EPSS
Exploits0References5Affected Software1
CVE
CVEβ€’added 2026/05/28 8:25 p.m.β€’17 views

CVE-2026-44657

CVE-2026-44657 – MantisBT : Before version 2.28.2, an attacker can execute code by exploiting a stored XSS vector in file_download.php. When the request uses show_inline=1 together with a valid file_show_inline CSRF token and the uploader references a crafted XHTML attachment that points to a Jav...

7.5CVSS6AI score0.00349EPSS
Exploits0References4
OSV
OSVβ€’added 2026/05/28 8:16 p.m.β€’7 views

DEBIAN-CVE-2026-49129

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...

6.9CVSS5.8AI score0.00281EPSS
Exploits0References1
NVD
NVDβ€’added 2026/05/28 8:16 p.m.β€’12 views

CVE-2026-49129

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...

6.9CVSS0.00281EPSS
Exploits0References7
OSV
OSVβ€’added 2026/05/28 8:16 p.m.β€’6 views

UBUNTU-CVE-2026-49129

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...

6.9CVSS5.8AI score0.00281EPSS
Exploits0References9
RedhatCVE
RedhatCVEβ€’added 2026/05/28 8:13 p.m.β€’8 views

CVE-2026-9464

A vulnerability has been found in YunaiV yudao-cloud 2026.03. This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint. Such manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit h...

5.8CVSS5.4AI score0.0036EPSS
Exploits0References1
RedhatCVE
RedhatCVEβ€’added 2026/05/28 8:12 p.m.β€’11 views

CVE-2026-45061

Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint POST /api/plugin validates the submitted URL with a single substring check: url.includes".tar.gz". Any URL containing .tar.gz anywhere in the string β€” in the path, query string, or fragment β€” passes thi...

7.7CVSS5.8AI score0.00263EPSS
Exploits0References1
EUVD
EUVDβ€’added 2026/05/28 7:51 p.m.β€’8 views

EUVD-2026-33035

Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...

6.3CVSS5.8AI score0.00181EPSS
Exploits0References1
Cvelist
Cvelistβ€’added 2026/05/28 7:51 p.m.β€’27 views

CVE-2026-49093 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...

6.3CVSS0.00181EPSS
Exploits0References1
Vulnrichment
Vulnrichmentβ€’added 2026/05/28 7:51 p.m.β€’8 views

CVE-2026-49093 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...

6.3CVSS5.8AI score0.00181EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBβ€’added 2026/05/28 7:47 p.m.β€’7 views

CVE-2026-42398

Server-Side Request Forgery CWE-918 in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kibana to issue outbound requests to destinations...

7.7CVSS5.8AI score0.00272EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentβ€’added 2026/05/28 7:47 p.m.β€’11 views

CVE-2026-42398 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery CWE-918 in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kibana to issue outbound requests to destinations...

7.7CVSS5.8AI score0.00272EPSS
Exploits0References1
EUVD
EUVDβ€’added 2026/05/28 7:47 p.m.β€’9 views

EUVD-2026-33032

Server-Side Request Forgery CWE-918 in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kibana to issue outbound requests to destinations...

7.7CVSS5.8AI score0.00272EPSS
Exploits0References1
Cvelist
Cvelistβ€’added 2026/05/28 7:47 p.m.β€’29 views

CVE-2026-42398 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery CWE-918 in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kibana to issue outbound requests to destinations...

7.7CVSS0.00272EPSS
Exploits0References1
Rows per page
Query Builder