Lucene search
K

89765 matches found

CNNVD
CNNVD
added 2026/05/06 12:0 a.m.7 views

HCL BigFix Service Management 跨站请求伪造漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management has a cross-site request forgery vulnerability. This vulnerability stems from cross-site request forgery attacks, which may lead to unauthoriz...

5.7CVSS5.7AI score0.00095EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.9 views

PT-2026-38231

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.5 Description A server-side request forgery SSRF issue exists in the CDP "/json/version" WebSocket endpoint. The webSocketDebuggerUrl response field is not properly validated, which allows attackers to redirec...

7.7CVSS5.9AI score0.00265EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-38317

Name of the Vulnerable Software and Affected Versions Playwright Capture affected versions not specified Description Playwright Capture fails to sufficiently restrict navigations and resource requests initiated by rendered pages. An attacker-controlled page can abuse browser-side redirection...

8.7CVSS5.8AI score0.00319EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-38309

Name of the Vulnerable Software and Affected Versions MISP modules versions 3.0.7 and earlier Description A Cross-Site Request Forgery CSRF issue in the MISP Modules website allows an attacker to trick an authenticated user into submitting unintended requests to the "/home" endpoint. This occurs...

9.3CVSS5.8AI score0.00185EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.6 views

Cisco Unity Connection Web Inbox 代码问题漏洞

Cisco Unity Connection Web Inbox is a voicemail access and management interface provided by the American company Cisco. There is a code vulnerability in Cisco Unity Connection Web Inbox, which stems from improper input validation for specific HTTP requests. This vulnerability could allow...

7.2CVSS6AI score0.00427EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.10 views

RHCOS 4 : OpenShift Container Platform 4.3.25 openshift (RHSA-2020:2440)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2440 advisory. - kubernetes: Server side request forgery SSRF in kube-controller-manager allows users to leak secret information CVE-2020-8555 Note that...

6.3CVSS7.3AI score0.03679EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.21 views

PT-2026-38305

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.6.32 Description A logical flaw in the URL checking logic allows attackers to bypass security filters, leading to Server-Side Request Forgery SSRF. The system uses the validate url function to perform security...

9.8CVSS5.8AI score0.00378EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.10 views

RHCOS 3 : OpenShift Container Platform 3.11 jenkins (RHSA-2019:2503)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2503 advisory. - jenkins: Arbitrary file write vulnerability using file parameter definitions SECURITY-1424 CVE-2019-10352 - jenkins: CSRF protecti...

7.5CVSS5.8AI score0.10225EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.7 views

RHCOS 4 : OpenShift Container Platform 4.4.8 openshift (RHSA-2020:2448)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2448 advisory. - kubernetes: Server side request forgery SSRF in kube-controller-manager allows users to leak secret information CVE-2020-8555 Note that...

6.3CVSS7.3AI score0.03679EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.13 views

RHCOS 4 : OpenShift Container Platform 4.8.31 (RHSA-2022:0483)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0483 advisory. - jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF CVE-2022-20612 -...

8.8CVSS6AI score0.02277EPSS
Exploits0References6
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/06 12:0 a.m.18 views

Nginx-UI Settings API Exposes Protected Secrets

The GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag is only enforced during writes via ProtectedFill in SaveSettings and is completely...

6.5CVSS5.8AI score0.00295EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.13 views

PT-2026-37649

Name of the Vulnerable Software and Affected Versions Cisco Unity Connection Web Inbox affected versions not specified Description Improper input validation for specific HTTP requests in the web UI allows an unauthenticated remote attacker to perform Server-Side Request Forgery SSRF, a technique...

7.2CVSS6AI score0.00427EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/05 10:16 p.m.10 views

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isSSRFSafeURL process. An attacker can access sensitive internal resources and exfiltrate data by supplying a crafted URL...

7.7CVSS5.8AI score0.00348EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 9:49 p.m.5 views

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the afterDonation process due to insufficient validation of user-supplied webhook URLs and improper handling of HTTP redirects...

5.4CVSS5.8AI score0.00165EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 9:49 p.m.5 views

GHSA-WP38-WHX3-XFFH AVideo has Blind SSRF in YPTWallet Donation Webhook via Missing isSSRFSafeURL() Check and CURLOPT_FOLLOWLOCATION Redirect Bypass

Summary An authenticated user can configure their own donation-notification webhook URL to point at internal/loopback/metadata hosts e.g. http://127.0.0.1:8080/..., http://169.254.169.254/latest/..., RFC1918 addresses. When any other user including a second account owned by the same attacker...

5.4CVSS6AI score0.00165EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/05 9:49 p.m.9 views

AVideo has Blind SSRF in YPTWallet Donation Webhook via Missing isSSRFSafeURL() Check and CURLOPT_FOLLOWLOCATION Redirect Bypass

Summary An authenticated user can configure their own donation-notification webhook URL to point at internal/loopback/metadata hosts e.g. http://127.0.0.1:8080/..., http://169.254.169.254/latest/..., RFC1918 addresses. When any other user including a second account owned by the same attacker...

5.4CVSS6AI score0.00165EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/05/05 8:53 p.m.9 views

Server-side Request Forgery (SSRF)

Overview magicmirror is a The open source modular smart mirror platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the cors endpoint, which acts as an open HTTP proxy without authentication or URL validation. An attacker can force the server to make...

9.2CVSS5.9AI score0.01623EPSS
Exploits1References2
OSV
OSV
added 2026/05/05 8:53 p.m.6 views

GHSA-PH6F-2CVQ-79HQ MagicMirror vulnerable to unauthenticated SSRF via /cors endpoint

Summary An unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environme...

9.2CVSS6AI score0.01623EPSS
Exploits1References4
Snyk
Snyk
added 2026/05/05 8:51 p.m.8 views

Server-side Request Forgery (SSRF)

Overview open-websearch is a web search the internet Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchWebContent process. An attacker can access internal network resources and retrieve sensitive information by supplying specially crafted URLs that...

8.8CVSS5.8AI score0.00215EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 8:51 p.m.4 views

GHSA-V228-72C7-FX8J open-websearch has SSRF in `fetchWebContent` MCP tool: bracketed IPv6 literals and non-resolving hostname check bypass `isPrivateOrLocalHostname`

Summary src/utils/urlSafety.ts exposes isPublicHttpUrl / assertPublicHttpUrl, used to gate the MCP fetchWebContent tool against private-network targets. The check has two defects that together allow non-blind SSRF with the response body returned to the caller: 1. Bracketed IPv6 literals are never...

8.2CVSS6AI score0.00215EPSS
Exploits0References3
Rows per page
Query Builder