Lucene search
K

89672 matches found

Cvelist
Cvelist
added 2026/05/08 10:11 p.m.34 views

CVE-2026-42345 FastGPT: Cloud metadata endpoint SSRF protection bypass via port specification, IPv6 mapping, hex/decimal IP encoding, and trailing dot

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...

7.7CVSS0.00213EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/08 10:10 p.m.6 views

CVE-2026-42344 FastGPT: DNS rebinding TOCTOU bypass in isInternalAddress allows SSRF on all protected endpoints

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts is vulnerable to DNS rebinding TOCTOU — Time-of-Check to Time-of-Use. The function resolves the hostname via dns.resolve4/dns.resolve6 and check...

6.3CVSS5.8AI score0.00148EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 10:10 p.m.22 views

CVE-2026-42344

FastGPT before 4.14.11 is vulnerable in isInternalAddress() (packages/service/common/system/utils.ts) to DNS rebinding TOCTOU, where DNS resolution for private-range checks occurs separately from the subsequent HTTP request. An attacker could exploit the window between validation and fetch to byp...

6.3CVSS5.8AI score0.00148EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 9:51 p.m.14 views

CVE-2026-42286

The CVE-2026-42286 entry concerns Emlog, an open source website building system. Affected versions prior to 2.6.11 lack CSRF protection in critical admin functions, enabling an attacker to coerce authenticated admins into actions such as system registration, plugin management, and configuration c...

8.4CVSS5.7AI score0.00165EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 9:51 p.m.34 views

CVE-2026-42286 Emlog: Cross-Site Request Forgery in Admin Functions

Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This...

8.4CVSS0.00165EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 9:51 p.m.7 views

CVE-2026-42286

Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This...

8.4CVSS5.7AI score0.00165EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/08 9:51 p.m.11 views

EUVD-2026-28841

Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This...

8.4CVSS5.7AI score0.00165EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/08 9:51 p.m.7 views

CVE-2026-42286 Emlog: Cross-Site Request Forgery in Admin Functions

Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This...

8.4CVSS5.7AI score0.00165EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 9:12 p.m.8 views

EUVD-2026-28832

Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or topic ARN, meaning anyone can forge a valid-looking webhoo...

9.1CVSS5.7AI score0.00127EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/08 9:12 p.m.31 views

CVE-2026-42193 Plunk: SNS webhook forgery

Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or topic ARN, meaning anyone can forge a valid-looking webhoo...

9.1CVSS0.00127EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/08 9:12 p.m.9 views

CVE-2026-42193 Plunk: SNS webhook forgery

Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or topic ARN, meaning anyone can forge a valid-looking webhoo...

9.1CVSS5.7AI score0.00127EPSS
Exploits0References2
CVE
CVE
added 2026/05/08 9:12 p.m.12 views

CVE-2026-42193

Plunk (open-source email platform built on AWS SES) fixes a prior vulnerability: before v0.9.0, /webhooks/sns accepted unauthenticated SNS payloads without signature/cert/topic ARN verification, enabling forged webhook requests. Attackers could spoof SNS events to trigger automations, unsubscribe...

9.1CVSS5.7AI score0.00127EPSS
Exploits0References2
NVD
NVD
added 2026/05/08 8:16 p.m.17 views

CVE-2026-44694

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API client N8NAPIURL, a...

9.1CVSS0.00235EPSS
Exploits0References3
CVE
CVE
added 2026/05/08 7:35 p.m.16 views

CVE-2026-42190

RedwoodSDK (rwsdk) server actions from version 1.0.0-beta.50 up to, but not including, 1.2.3, did not validate the Origin header, enabling same-site CSRF with the victim’s session cookie. The issue is fixed in version 1.2.3. Affected component: server actions (serverAction, RSC protocol); impact:...

5.3CVSS5.8AI score0.00111EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 7:29 p.m.9 views

CVE-2026-42180 Lemmy: SSRF in /api/v3/post via Webmention dispatch

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy allows an authenticated low-privileged user to create a link post through POST /api/v3/post. When a post is created in a public community, the backend asynchronously sends a Webmention to the attacker-controll...

6.3CVSS5.8AI score0.00184EPSS
Exploits0References2
CVE
CVE
added 2026/05/08 7:29 p.m.13 views

CVE-2026-42180

Lemmy prior to version 0.19.18 is affected by a server-side request forgery: an authenticated low-privilege user can create a link post via POST /api/v3/post, and when posted to public communities Lemmy dispatches a Webmention to the target. The code path only validates the URL’s syntax/scheme (h...

6.3CVSS5.8AI score0.00184EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/08 7:26 p.m.5 views

CVE-2026-42181 Lemmy: SSRF and internal image disclosure in post link metadata via unvalidated og:image

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP...

6.5CVSS5.7AI score0.00209EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/08 7:16 p.m.7 views

CVE-2026-42176

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.67.0, Scoold allows the admins configuration value to be modified through /api/config/set/admins with a forged Bearer token that is accepted as an admin API token. Once that setting is changed, the target email address...

6.7CVSS5.7AI score0.00247EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 7:12 p.m.5 views

CVE-2026-44694 n8n-MCP: Authenticated SSRF in n8n-mcp webhook and API client paths

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API client N8NAPIURL, a...

7.2CVSS5.8AI score0.00235EPSS
Exploits0References3
CVE
CVE
added 2026/05/08 7:12 p.m.21 views

CVE-2026-44694

CVE-2026-44694 affects n8n-MCP before 2.50.2. An authenticated SSRF vulnerability exists in the webhook trigger tools, the n8n API client (N8N_API_URL), and per-request URLs via the x-n8n-url header in multi-tenant HTTP mode. Exploitation allows a valid MCP session to cause the host to send HTTP ...

9.1CVSS5.8AI score0.00235EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder