Lucene search
K

89749 matches found

Github Security Blog
Github Security Blog
added 2026/05/07 9:8 p.m.12 views

Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery

Summary No minimum length or entropy is enforced on the JWTSECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. HS256 secrets below 32 bytes are brute-forceable offline, allowing attackers to recover the signing...

10CVSS5.9AI score0.00124EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/07 8:58 p.m.6 views

CVE-2026-41105

Server-side request forgery ssrf in Azure Notification Service allows an authorized attacker to elevate privileges over a network...

8.1CVSS5.8AI score0.00827EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/07 8:52 p.m.7 views

Server-side Request Forgery (SSRF)

Overview nuxt-og-image is an Enlightened OG Image generation for Nuxt. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to inadequate validation of user-supplied URLs in the isBlockedUrl process. An attacker can access internal network resources or sensitiv...

6.3CVSS5.8AI score0.00171EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 8:52 p.m.4 views

GHSA-C2RM-G55X-8HR5 nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect)

Summary The isBlockedUrl denylist introduced in [email protected] to remediate GHSA-pqhr-mp3f-hrpp Dmitry Prokhorov / Positive Technologies, March 2026 is incomplete. The patch advisory states "Decimal/hexadecimal IP encoding bypasses are also handled" — that part is true Node's WHATWG URL pars...

3.7CVSS6AI score0.00171EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/07 8:21 p.m.10 views

CVE-2026-40174

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...

7.1CVSS5.7AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/07 8:21 p.m.8 views

CVE-2026-40309

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.empty function does not validate anti-CSRF tokens for trash management requests. An attacker can induce a logged-in administrator to submit a forged request that empties the trash and permanent...

7.2CVSS5.7AI score0.00165EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 6:40 p.m.14 views

Security Bulletin: IBM MQ is affected by a server-side request forgery vulnerability in IBM WebSphere Application Server Liberty (CVE-2026-1561)

Summary IBM WebSphere Application Server Liberty is used by IBM MQ as part of the IBM MQ Console and IBM MQ REST API functionality CVE-2026-1561 Vulnerability Details CVEID:CVE-2026-1561 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application...

5.4CVSS6.1AI score0.00284EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/05/07 6:16 p.m.13 views

CVE-2026-8081

A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/apitools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote...

6.5CVSS0.00215EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/07 6:8 p.m.6 views

CVE-2026-41905 FreeScout vulnerable to SSRF via Helper::sanitizeRemoteUrl: redirect destination not re-validated, allowing internal HTTP / cloud-metadata access

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl but then re-validates the original URL instead of the final redirect destination. An...

7.7CVSS5.8AI score0.00209EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 6:0 p.m.12 views

CVE-2026-8081 router-for-me CLIProxyAPI api_tools.go server-side request forgery

A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/apitools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote...

6.5CVSS5.3AI score0.00215EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/07 6:0 p.m.38 views

CVE-2026-8081 router-for-me CLIProxyAPI api_tools.go server-side request forgery

A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/apitools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote...

6.5CVSS0.00215EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/07 6:0 p.m.7 views

CVE-2026-8081

A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/apitools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote...

6.5CVSS5.3AI score0.00215EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/07 6:0 p.m.22 views

CVE-2026-8081

CVE-2026-8081 affects router-for-me CLIProxyAPI 6.9.29. The vulnerability is a server-side request forgery in the API Tools handler (internal/api/handlers/management/api_tools.go) caused by manipulating the url argument. This enables remote exploitation as disclosed publicly. Remediation details ...

6.5CVSS6.1AI score0.00215EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/07 3:38 p.m.15 views

EUVD-2026-28359

Cross-Site request forgery CSRF vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...

9.6CVSS5.8AI score0.0015EPSS
Exploits0References2
NVD
NVD
added 2026/05/07 3:16 p.m.15 views

CVE-2026-41687

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTERFLAGNOPRIVRANGE | FILTERFLAGNORESRANGE that does not block...

4.3CVSS0.00204EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/05/07 2:0 p.m.12 views

Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability

Server-side request forgery ssrf in Azure Notification Service allows an authorized attacker to elevate privileges over a network...

8.1CVSS5.8AI score0.00827EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/07 1:52 p.m.8 views

CVE-2026-41688

Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname but passes the original hostname to cURL without CURLOPTRESOLVE pinning on 10 of 11 outbound HTTP endpoints, leaving a DNS...

7.7CVSS5.8AI score0.00227EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/07 1:52 p.m.7 views

CVE-2026-41688 Incomplete fix for CVE-2026-33399: SSRF in Wallos

Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname but passes the original hostname to cURL without CURLOPTRESOLVE pinning on 10 of 11 outbound HTTP endpoints, leaving a DNS...

7.7CVSS7.3AI score0.00227EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/07 1:48 p.m.13 views

EUVD-2026-28383

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTERFLAGNOPRIVRANGE | FILTERFLAGNORESRANGE that does not block...

4.3CVSS5.7AI score0.00204EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/07 1:48 p.m.12 views

CVE-2026-41687 Wallos: SSRF CGNAT Bypass in subscription/payments Logo URL — is_cgnat_ip() Not Used in Inline Checks

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTERFLAGNOPRIVRANGE | FILTERFLAGNORESRANGE that does not block...

4.3CVSS5.7AI score0.00204EPSS
Exploits0References3
Rows per page
Query Builder