Lucene search
K

89708 matches found

Vulnrichment
Vulnrichment
added 2026/05/08 1:26 p.m.8 views

CVE-2026-44335 SSRF bypass in PraisonAI

PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has been patched in version 1.6.32...

8.7CVSS5.7AI score0.00378EPSS
Exploits1References1
NCSC
NCSC
added 2026/05/08 1:8 p.m.9 views

vulnerabilities found in Cisco Unity Connection

Cisco has addressed several vulnerabilities in Cisco Unity Connection. These vulnerabilities reside in the web management interface and the Web Inbox web interface of Cisco Unity Connection. Authorized attackers with valid login credentials can execute arbitrary code with root privileges, thereby...

8.8CVSS6.2AI score0.00696EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/08 1:6 p.m.9 views

CVE-2026-41423 Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper...

8.7CVSS5.8AI score0.00256EPSS
Exploits0References3
OSV
OSV
added 2026/05/08 10:0 a.m.5 views

OPENSUSE-SU-2026:20733-1 Security update for cpp-httplib

This update for cpp-httplib fixes the following issues - CVE-2026-21428: server-side request forgery via header injection bsc1255835. - CVE-2026-22776: unsafe handling of compressed HTTP request can cause a denial of service bsc1256518. - CVE-2026-28434: default exception handler may leak e.what ...

8.7CVSS5.8AI score0.00602EPSS
Exploits5References10
Vulnrichment
Vulnrichment
added 2026/05/08 3:11 a.m.9 views

CVE-2026-42261 PromptHub: Authenticated SSRF via IPv6 filter bypass in `POST /api/skills/fetch-remote`

PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, apps/web/src/routes/skills.ts exposes an authenticated endpoint POST /api/skills/fetch-remote that fetches a user-supplied URL server-side and reflects the response body up t...

7.1CVSS5.7AI score0.00237EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/08 3:11 a.m.35 views

CVE-2026-42261 PromptHub: Authenticated SSRF via IPv6 filter bypass in `POST /api/skills/fetch-remote`

PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, apps/web/src/routes/skills.ts exposes an authenticated endpoint POST /api/skills/fetch-remote that fetches a user-supplied URL server-side and reflects the response body up t...

7.1CVSS0.00237EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/08 12:31 a.m.18 views

EUVD-2026-28457

Server-side request forgery ssrf in Azure Notification Service allows an authorized attacker to elevate privileges over a network...

8.1CVSS5.8AI score0.00827EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.8 views

emlog 跨站请求伪造漏洞

Emlog is an open-source CMS website building system based on PHP and MySQL. Versions of Emlog prior to 2.6.11 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of CSRF protection in critical management functions, which could allow attackers to trick...

8.4CVSS5.8AI score0.00165EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.12 views

PT-2026-39196

Name of the Vulnerable Software and Affected Versions Plunk versions prior to 0.9.0 Description The '/webhooks/sns' endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or topic ARN. This allows an unauthenticated attack...

9.1CVSS5.8AI score0.00127EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

zebra 数据伪造问题漏洞

Zebra is an open-source Zcash implementation built with Rust by the Zcash Foundation. Versions of Zebra prior to 4.4.0 had a data forgery vulnerability, which stemmed from insufficient error handling when sighash types were invalid, potentially leading to consensus splits...

9.3CVSS5.8AI score0.00188EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.14 views

PT-2026-39224

Name of the Vulnerable Software and Affected Versions Linkwarden versions prior to 2.13.0 Description Insufficient URL validation in the fetchTitleAndHeaders function allows authenticated users to perform Server-Side Request Forgery SSRF, a flaw where the server is tricked into making requests to...

9.1CVSS5.9AI score0.00285EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.6 views

i18next-http-middleware 路径遍历漏洞

i18next-http-middleware is an open-source HTTP internationalization middleware for Node.js and Deno by i18next. Versions of i18next-http-middleware prior to version 3.9.3 contained a path traversal vulnerability. This vulnerability stemmed from the lack of cleaning user-controlled lng and ns...

8.2CVSS5.8AI score0.00387EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.7 views

New API 数据伪造问题漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.12.10 had a data manipulation vulnerability. This vulnerability stems from defects in the Stripe webhook handler, which could allow unauthorized attackers to forge webhook events and arbitrarily...

8.2CVSS5.7AI score0.00259EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

n8n-MCP 安全漏洞

n8n-MCP is a model context protocol server developed by Romuald Członkowski, an individual developer. It serves as a connection between AI assistants and automated workflow platforms. Versions of n8n-MCP from 2.18.7 to 2.50.2 contained security vulnerabilities. These vulnerabilities were caused b...

9.1CVSS5.8AI score0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.9 views

FastGPT 代码问题漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.14.17 contained code vulnerabilities. These vulnerabilities stemmed from the fetchData function in the lafModule workflow node, which used axios t...

2.3CVSS5.9AI score0.00228EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/05/08 12:0 a.m.63 views

📄 ThingsBoard IoT Platform 4.2.0 Server-Side Request Forgery

ThingsBoard IoT Platform version 4.2.0 suffers from a server-side request forgery vulnerability. Exploit Title: ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery SSRF Date: 2026-03-25 Exploit Author: Tamil Mathi T. Vendor Homepage: https://thingsboard.io Software Link:...

9.1CVSS5.8AI score0.01658EPSS
Exploits2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.26 views

Angular 代码问题漏洞

Angular is an open-source development platform created by Angular. It is used to build mobile and desktop web applications using TypeScript/JavaScript and other languages. There were code-related vulnerabilities in versions prior to Angular 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8. These...

8.7CVSS5.8AI score0.00256EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.15 views

PT-2026-39210

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.14.17 Description An unauthenticated Server-Side Request Forgery SSRF allows attackers or authenticated users with App editing privileges to send arbitrary HTTP requests to internal or private network addresses. The...

2.3CVSS5.9AI score0.00228EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.6 views

RedwoodSDK 跨站请求伪造漏洞

RedwoodSDK is an open-source React-based server-first web application framework developed by RedwoodJS. Versions of RedwoodSDK from 1.0.0-beta.50 to 1.2.3 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the use of HTTP methods on the server without source...

5.3CVSS5.7AI score0.00111EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.14 views

Flarum 路径遍历漏洞

Flarum is an open-source forum software developed by Flarum for building communities. Versions of Flarum prior to 1.8.16 and 2.0.0-rc.1 contained a path traversal vulnerability. This vulnerability stemmed from the lack of restrictions on the values of LESS configuration variables, which could lea...

4.9CVSS5.9AI score0.00404EPSS
Exploits0References1
Rows per page
Query Builder