Lucene search
K

89699 matches found

NVD
NVD
added 2026/05/08 4:16 p.m.17 views

CVE-2026-42353

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled lng and ns values from getResourcesHandler directly into...

8.2CVSS0.00387EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 3:50 p.m.33 views

CVE-2026-41887 Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)

Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for exampl...

4.9CVSS0.00404EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/08 3:36 p.m.63 views

CVE-Disclosures

🛡️ CVE Disclosures 🛡️ Welcome to my CVE disclosures repositor...

8.1CVSS5.9AI score0.00495EPSS
Exploits1
Cvelist
Cvelist
added 2026/05/08 3:29 p.m.34 views

CVE-2026-42353 Path traversal / SSRF in i18next-http-middleware via user-controlled language and namespace parameters

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled lng and ns values from getResourcesHandler directly into...

8.2CVSS0.00387EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:29 p.m.6 views

CVE-2026-42353

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled lng and ns values from getResourcesHandler directly into...

8.2CVSS5.7AI score0.00387EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 3:29 p.m.7 views

CVE-2026-42353 Path traversal / SSRF in i18next-http-middleware via user-controlled language and namespace parameters

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled lng and ns values from getResourcesHandler directly into...

8.2CVSS5.7AI score0.00387EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 3:29 p.m.17 views

CVE-2026-42353

CVE-2026-42353 affects i18next-http-middleware prior to 3.9.3. User-controlled lng and ns values flow from getResourcesHandler directly into i18next.services.backendConnector.load, and depending on the configured backend this can enable path traversal or SSRF. Public advisories (GHSA-jfgf-83c5-2c...

8.2CVSS5.7AI score0.00387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/08 2:21 p.m.15 views

CVE-2026-34428

Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly to getUrl via curl without scheme or destination validation. Authenticated backend users can supply file:// URLs to read...

8.3CVSS5.9AI score0.00256EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 2:16 p.m.13 views

CVE-2026-44335

PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has been patched in version 1.6.32...

9.8CVSS0.00378EPSS
Exploits1References1
NVD
NVD
added 2026/05/08 2:16 p.m.8 views

CVE-2026-41423

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper...

8.7CVSS0.00256EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 1:26 p.m.33 views

CVE-2026-44335 SSRF bypass in PraisonAI

PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has been patched in version 1.6.32...

8.7CVSS0.00378EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/08 1:26 p.m.8 views

CVE-2026-44335 SSRF bypass in PraisonAI

PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has been patched in version 1.6.32...

8.7CVSS5.7AI score0.00378EPSS
Exploits1References1
CVE
CVE
added 2026/05/08 1:26 p.m.18 views

CVE-2026-44335

CVE-2026-44335 concerns PraisonAI prior to 1.6.32 with an SSRF bypass in the URL validation logic. The vulnerability arises from a discrepancy between Python urlparse() parsing and the requests library when handling certain URLs (e.g., http://127.0.0.1:[email protected]). urlparse() may extract a publ...

9.8CVSS5.7AI score0.00378EPSS
Exploits1References1Affected Software1
NCSC
NCSC
added 2026/05/08 1:8 p.m.9 views

vulnerabilities found in Cisco Unity Connection

Cisco has addressed several vulnerabilities in Cisco Unity Connection. These vulnerabilities reside in the web management interface and the Web Inbox web interface of Cisco Unity Connection. Authorized attackers with valid login credentials can execute arbitrary code with root privileges, thereby...

8.8CVSS6.2AI score0.00696EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/08 1:6 p.m.9 views

CVE-2026-41423 Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper...

8.7CVSS5.8AI score0.00256EPSS
Exploits0References3
OSV
OSV
added 2026/05/08 10:0 a.m.5 views

OPENSUSE-SU-2026:20733-1 Security update for cpp-httplib

This update for cpp-httplib fixes the following issues - CVE-2026-21428: server-side request forgery via header injection bsc1255835. - CVE-2026-22776: unsafe handling of compressed HTTP request can cause a denial of service bsc1256518. - CVE-2026-28434: default exception handler may leak e.what ...

8.7CVSS5.8AI score0.00602EPSS
Exploits5References10
Vulnrichment
Vulnrichment
added 2026/05/08 3:11 a.m.9 views

CVE-2026-42261 PromptHub: Authenticated SSRF via IPv6 filter bypass in `POST /api/skills/fetch-remote`

PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, apps/web/src/routes/skills.ts exposes an authenticated endpoint POST /api/skills/fetch-remote that fetches a user-supplied URL server-side and reflects the response body up t...

7.1CVSS5.7AI score0.00237EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/08 3:11 a.m.35 views

CVE-2026-42261 PromptHub: Authenticated SSRF via IPv6 filter bypass in `POST /api/skills/fetch-remote`

PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, apps/web/src/routes/skills.ts exposes an authenticated endpoint POST /api/skills/fetch-remote that fetches a user-supplied URL server-side and reflects the response body up t...

7.1CVSS0.00237EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/08 12:31 a.m.18 views

EUVD-2026-28457

Server-side request forgery ssrf in Azure Notification Service allows an authorized attacker to elevate privileges over a network...

8.1CVSS5.8AI score0.00827EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.8 views

emlog 跨站请求伪造漏洞

Emlog is an open-source CMS website building system based on PHP and MySQL. Versions of Emlog prior to 2.6.11 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of CSRF protection in critical management functions, which could allow attackers to trick...

8.4CVSS5.8AI score0.00165EPSS
Exploits0References2
Rows per page
Query Builder