Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

89541 matches found

NVD
NVDadded 2026/05/28 6:16 p.m.20 views

CVE-2026-45373

CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as http://::1, the SSRF defenses do not work. This vulnerability is fixed in 0.8.26...

7.4CVSS0.00239EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/28 5:59 p.m.8 views

EUVD-2026-32978

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService.markdowntohtml constructs an HTML document by interpolating user-controlled values — specifically title sourced from research.title or research.query and metadata key-value pairs —...

5CVSS5.9AI score0.00263EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/28 5:59 p.m.9 views

CVE-2026-43979

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService.markdowntohtml constructs an HTML document by interpolating user-controlled values — specifically title sourced from research.title or research.query and metadata key-value pairs —...

5CVSS5.9AI score0.00263EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2026/05/28 5:59 p.m.26 views

CVE-2026-43979 Local Deep Research: HTML Injection via Unescaped User Input in PDF Export (`pdf_service.py:_markdown_to_html`)

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService.markdowntohtml constructs an HTML document by interpolating user-controlled values — specifically title sourced from research.title or research.query and metadata key-value pairs —...

5CVSS0.00263EPSS
Exploits0References3
CVE
CVEadded 2026/05/28 5:59 p.m.12 views

CVE-2026-43979

CVE-2026-43979 affects Local Deep Research. Before 1.6.0, PDFService._markdown_to_html() embeds user-supplied title and metadata into HTML without escaping, allowing HTML injection in the PDF export flow. This can chain into SSRF via WeasyPrint when rendering the PDF, bypassing existing SSRF defe...

5CVSS5.9AI score0.00263EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/28 5:59 p.m.8 views

CVE-2026-43979 Local Deep Research: HTML Injection via Unescaped User Input in PDF Export (`pdf_service.py:_markdown_to_html`)

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService.markdowntohtml constructs an HTML document by interpolating user-controlled values — specifically title sourced from research.title or research.query and metadata key-value pairs —...

5CVSS5.9AI score0.00263EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/28 5:58 p.m.10 views

CVE-2026-46526 Local Deep Research: SSRF bypass in `safe_get`

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. The current project uses validateurl to validate the input URL. The...

5CVSS5.8AI score0.00247EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/05/28 5:58 p.m.9 views

CVE-2026-46526

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. The current project uses validateurl to validate the input URL. The...

5CVSS5.8AI score0.00247EPSS
Exploits0References7Affected Software1
EUVD
EUVDadded 2026/05/28 5:58 p.m.10 views

EUVD-2026-32977

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. The current project uses validateurl to validate the input URL. The...

5CVSS5.8AI score0.00247EPSS
Exploits0References6
CVE
CVEadded 2026/05/28 5:58 p.m.29 views

CVE-2026-46526

CVE-2026-46526 concerns Local Deep Research. Before version 1.6.10, the URL validation flow had a logical flaw that could bypass SSRF protections because parsing differed between urlparse and the HTTP request library. The code first runs SSRF checks via validate_url and then uses requests.get to ...

5CVSS5.8AI score0.00247EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/05/28 5:30 p.m.30 views

CVE-2026-45310 CodeWhale: SSRF via HTTP Redirect Bypass in fetch_url Tool

CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetchurl tool validates the initial URL's resolved IP address against a restricted-IP blocklist isrestrictedip to prevent SSRF attacks against internal services cloud metadata endpoints, localhost, private networks...

7.4CVSS0.00226EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/28 5:30 p.m.6 views

CVE-2026-45310

CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetchurl tool validates the initial URL's resolved IP address against a restricted-IP blocklist isrestrictedip to prevent SSRF attacks against internal services cloud metadata endpoints, localhost, private networks...

7.4CVSS5.8AI score0.00226EPSS
Exploits0References3Affected Software1
EUVD
EUVDadded 2026/05/28 5:30 p.m.10 views

EUVD-2026-32964

CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetchurl tool validates the initial URL's resolved IP address against a restricted-IP blocklist isrestrictedip to prevent SSRF attacks against internal services cloud metadata endpoints, localhost, private networks...

7.4CVSS5.7AI score0.00226EPSS
Exploits0References2
CVE
CVEadded 2026/05/28 5:30 p.m.17 views

CVE-2026-45310

CVE-2026-45310 describes an SSRF via HTTP redirect bypass in CodeWhale’s fetch_url tool (DeepSeek TUI). Before version 0.8.22, fetch_url validates the initial URL against a restricted-IP blocklist, but the HTTP client follows up to 5 redirects without re-validating the redirect targets, potential...

7.4CVSS5.8AI score0.00226EPSS
Exploits0References2
CVE
CVEadded 2026/05/28 5:27 p.m.28 views

CVE-2026-45373

CodeWhale: SSRF bypass in DeepSeek-TUI (CodeWhale via DeepSeek + MiMo) allows http://[::1] to bypass hostname validation prior to 0.8.26. The vulnerability stems from SSRF defenses not handling IPv6 literals correctly, enabling access to internal resources. Affected version is before 0.8.26; reme...

7.4CVSS5.8AI score0.00239EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/28 5:27 p.m.30 views

CVE-2026-45373 CodeWhale: SSRF‌ IPV6 bypass

CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as http://::1, the SSRF defenses do not work. This vulnerability is fixed in 0.8.26...

7.4CVSS0.00239EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/28 5:27 p.m.12 views

EUVD-2026-32963

CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as http://::1, the SSRF defenses do not work. This vulnerability is fixed in 0.8.26...

7.4CVSS5.8AI score0.00239EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/28 4:59 p.m.14 views

EUVD-2026-32974

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowi...

8.5CVSS5.8AI score0.00235EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/05/28 4:59 p.m.8 views

CVE-2026-44797 Nautobot: Webhook definitions could be used for server-side request forgery (SSRF)

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowi...

8.5CVSS5.8AI score0.00235EPSS
Exploits0References5
CVE
CVEadded 2026/05/28 4:59 p.m.16 views

CVE-2026-44797

Nautobot fixes CVE-2026-44797: the Webhook data model could be configured by users with sufficient access to issue requests to internal hosts/IPs, enabling SSRF-like behavior. Affected versions prior to 2.4.33 and 3.1.2 are impacted; remediation is to upgrade Nautobot to 2.4.33 or 3.1.2 or newer....

8.5CVSS5.8AI score0.00235EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder