Lucene search
K

89763 matches found

CNVD
CNVD
added 2026/05/07 12:0 a.m.10 views

OpenClaw server-side request forgery vulnerability (CNVD-2026-19639)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a server-side request forgery vulnerability that can be exploited by an attacker to gain unauthorized access to internal resources by providing a malicious photo URL to the Zalo Bot API to bypass SSRF...

8.6CVSS5.8AI score0.00291EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.12 views

PT-2026-38584

Name of the Vulnerable Software and Affected Versions Azure Notification Service affected versions not specified Description Server-side request forgery SSRF, a flaw where an attacker can induce the server to make requests to an unintended location, in the Azure Notification Service allows an...

8.5CVSS5.8AI score0.00827EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.15 views

PT-2026-38625

Name of the Vulnerable Software and Affected Versions python-utcp versions prior to 1.1.3 Description The utcp-http plugin is subject to a blind Server-Side Request Forgery SSRF, a flaw where an attacker can induce the server to make requests to an unintended location. This occurs due to a...

4.7CVSS5.8AI score0.00168EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

DivvyDrive 跨站请求伪造漏洞

DivvyDrive is a file storage and sharing management platform developed by DivvyDrive Inc. in Turkey. Versions of DivvyDrive from 4.8.2.9 to 4.8.3.2 contained a cross-site request forgeing vulnerability. This vulnerability was caused by cross-site request forgeing, and it could lead to cross-site...

6.5CVSS5.7AI score0.0015EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.8 views

Microsoft Azure Notification Service 代码问题漏洞

Microsoft Azure Notification Service is a notification delivery service provided by Microsoft Corporation in the United States. There is a code vulnerability in Microsoft Azure Notification Service, which stems from server-side request forgery. This vulnerability could allow authorized attackers ...

8.1CVSS5.9AI score0.00827EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.14 views

PT-2026-38426

Name of the Vulnerable Software and Affected Versions DivvyDrive versions 4.8.2.9 through 4.8.3.1 Description DivvyDrive contains a Cross-Site Request Forgery CSRF flaw, which is a type of attack that tricks a victim into submitting a malicious request. This allows an attacker to perform actions ...

6.5CVSS5.8AI score0.0015EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

Admidio 跨站请求伪造漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a cross-site request forgeing vulnerability. This...

3.5CVSS5.7AI score0.00117EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38545

A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/api tools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote...

6.5CVSS6.1AI score0.00215EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.7 views

monetr 安全漏洞

Monetr is an open-source personal budget management application developed by Monetr. Versions of Monetr prior to 1.12.5 contained a security vulnerability. This vulnerability stemmed from server-side request forgeing in the Lunch Flow integration, which could allow authenticated users to send HTT...

8.3CVSS5.9AI score0.00331EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.12 views

PT-2026-38623

Name of the Vulnerable Software and Affected Versions nuxt-og-image versions 6.2.5 through 6.4.8 @nuxtjs/og-image versions 6.2.5 through 6.4.8 Description An issue exists in the isBlockedUrl function where the denylist used to prevent Server-Side Request Forgery SSRF is incomplete. This allows...

3.7CVSS5.9AI score0.00171EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

Wallos 代码问题漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos 4.8.4 and earlier contained code vulnerabilities due to incomplete SSRF protections. The vulnerability arises from the use of gethostbyname to verify the Webhook URL without utilizing the...

7.7CVSS5.9AI score0.00227EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

Wallos 代码问题漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.8.1 contained code vulnerabilities. These vulnerabilities stemmed from the SSRF protection mechanism not preventing the CGNAT address range, which could allow authenticated users to...

4.3CVSS5.9AI score0.00204EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.8 views

Admidio 路径遍历漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a path traversal vulnerability. This vulnerability stemmed...

4.5CVSS5.9AI score0.00362EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.6 views

WordPress plugin WPGraphQL 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.4CVSS5.8AI score0.00092EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.6 views

Weblate 输入验证错误漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17.1 had a vulnerability related to input validation errors. This vulnerability stemmed from the lack of validation of the repository URL in the component JSON during...

8.1CVSS5.8AI score0.00371EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.17 views

PT-2026-38382

Name of the Vulnerable Software and Affected Versions Gotenberg versions 8.31.0 and earlier Description A Server-Side Request Forgery SSRF issue exists in the LibreOffice conversion endpoint "/forms/libreoffice/convert". While some SSRF hardening is present in the Go code, the application passes...

8.2CVSS5.8AI score0.00245EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.16 views

PT-2026-38416

Cross-Site Request Forgery CSRF vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery. This issue affects BEAR: from n/a through 1.1.5...

4.3CVSS5.8AI score0.00095EPSS
Exploits0References2
CNVD
CNVD
added 2026/05/07 12:0 a.m.9 views

OpenClaw Server-Side Request Forgery Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a server-side request forgery vulnerability that stems from a server-side request forgery vulnerability in QQBot direct media uploads that skips URL authentication. An attacker can exploit this...

6.3CVSS5.8AI score0.00236EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.14 views

PT-2026-38354

Cross-Site Request Forgery CSRF vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3...

5.4CVSS5.8AI score0.00092EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.8 views

VINCE 安全漏洞

VINCE is an open-source CERT coordination center developed and used by the U.S. CERT Coordination Center. It serves as a platform for improving vulnerability disclosure efforts. Versions of VINCE prior to 3.0.38 contained security vulnerabilities. These vulnerabilities were caused by code...

6.5CVSS5.9AI score0.00115EPSS
Exploits0References1
Rows per page
Query Builder