Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

89559 matches found

Snyk
Snykadded 2026/05/19 8:9 p.m.9 views

Server-side Request Forgery (SSRF)

Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in SearXNG search proxy via unvalidated baseUrl. An authenticated low-privilege user can point baseUrl at an internal or loopback HTTP service and receive th...

8.5CVSS5.8AI score0.00866EPSS
Exploits0References2
OSV
OSVadded 2026/05/19 7:53 p.m.3 views

GHSA-686C-7VGV-V3FX Coder: Unauthenticated SSRF via Azure Instance Identity Endpoint

Summary Unauthenticated semi-blind Server-Side Request Forgery SSRF via the Azure instance identity endpoint POST /api/v2/workspaceagents/azure-instance-identity. An external attacker can force the Coder server to issue HTTP GET requests to arbitrary internal or external hosts by submitting a...

6.5CVSS6.1AI score0.00071EPSS
Exploits0References10
Github Security Blog
Github Security Blogadded 2026/05/19 7:53 p.m.17 views

Coder: Unauthenticated SSRF via Azure Instance Identity Endpoint

Summary Unauthenticated semi-blind Server-Side Request Forgery SSRF via the Azure instance identity endpoint POST /api/v2/workspaceagents/azure-instance-identity. An external attacker can force the Coder server to issue HTTP GET requests to arbitrary internal or external hosts by submitting a...

6.1AI score0.00071EPSS
Exploits0References10Affected Software2
Patchstack
Patchstackadded 2026/05/19 7:49 p.m.6 views

NPM: Trubo: Login callback CSRF/session fixation

NPM: Trubo: Login callback CSRF/session fixation vulnerability discovered by ? in WordPress Npm turbo versions = 2.9.13...

6.5CVSS5.8AI score0.00124EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2026/05/19 7:16 p.m.25 views

CVE-2026-33637

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

6.5CVSS0.00272EPSS
Exploits1References2
OSV
OSVadded 2026/05/19 7:16 p.m.6 views

DEBIAN-CVE-2026-33637

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

6.5CVSS5.7AI score0.00272EPSS
Exploits1References1
UbuntuCve
UbuntuCveadded 2026/05/19 7:16 p.m.6 views

CVE-2026-33637

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

6.5CVSS5.7AI score0.00272EPSS
Exploits1References3
OSV
OSVadded 2026/05/19 7:16 p.m.6 views

UBUNTU-CVE-2026-33637

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

6.5CVSS5.7AI score0.00272EPSS
Exploits1References4
NVD
NVDadded 2026/05/19 6:16 p.m.26 views

CVE-2026-8604

In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage...

8.8CVSS0.00178EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/19 6:5 p.m.9 views

Malicious code in @bonsai-ai/claude-code (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad3b5646cf88b8eb5a7dbbec9fc2f1cfefcdf3a241d9604992e72c2f629889b9 Package published as @bonsai-ai/claude-code impersonates Anthropic's official @anthropic-ai/claude-code CLI. package.json sets author to 'Anthropic '...

5.9AI score
Exploits0References2
Debian CVE
Debian CVEadded 2026/05/19 5:44 p.m.9 views

CVE-2026-33637

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

6.5CVSS5.7AI score0.00272EPSS
Exploits1
ATTACKERKB
ATTACKERKBadded 2026/05/19 5:44 p.m.8 views

CVE-2026-33637

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

5.7AI score0.00272EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/19 5:44 p.m.7 views

CVE-2026-33637 Faraday: Protocol-relative URI objects still bypass host scoping (possible incomplete fix for GHSA-33mh-2634-fwr2)

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

5.7AI score0.00272EPSS
Exploits1References2
EUVD
EUVDadded 2026/05/19 5:44 p.m.14 views

EUVD-2026-30966

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

5.7AI score0.00272EPSS
Exploits1References2
CVE
CVEadded 2026/05/19 5:44 p.m.15 views

CVE-2026-33637

Faraday (HTTP client library) vulnerability CVE-2026-33637 affects versions 2.0.0–2.14.1, where protocol-relative host override is still possible when the request target is passed as a URI object to Faraday::Connection#build_exclusive_url. This can enable off-host request forgery by redirecting a...

6.5CVSS5.7AI score0.00272EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/05/19 5:44 p.m.37 views

CVE-2026-33637 Faraday: Protocol-relative URI objects still bypass host scoping (possible incomplete fix for GHSA-33mh-2634-fwr2)

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

0.00272EPSS
Exploits1References2
Patchstack
Patchstackadded 2026/05/19 5:36 p.m.8 views

WordPress Anomify AI – Anomaly Detection and Alerting plugin <= 0.3.6 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Anomify AI – Anomaly Detection and Alerting versions = 0.3.6...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2026/05/19 5:16 p.m.14 views

CVE-2026-47358

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...

9.2CVSS0.00479EPSS
Exploits0References1
NVD
NVDadded 2026/05/19 5:16 p.m.26 views

CVE-2026-47356

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the webhookurl parameter in the file scan endpoint POST /v1/iac/iacVersion/cloud/local/file/scan when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhookurl multipa...

8.7CVSS0.00499EPSS
Exploits0References1
NVD
NVDadded 2026/05/19 5:16 p.m.14 views

CVE-2026-47357

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the remoteurl parameter in the remote directory scan endpoint POST /v1/iac/iacVersion/cloud/remote/dir/scan when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL...

9.2CVSS0.00482EPSS
Exploits0References1
Rows per page
Query Builder