Lucene search
K

27 matches found

CVE
CVE
added last week9 views

CVE-2026-13163

CVE-2026-13163 describes an open redirect in Mailerup (<1.0.0) via the _safe_redirect function in the click-tracking endpoint /c// on all platforms. The vulnerability allows remote, unauthenticated attackers to redirect victims to arbitrary external sites by crafting the u parameter. The schem...

5.3CVSS6.1AI score0.00329EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 9:28 p.m.5 views

MGASA-2026-0226 Updated ruby-rack packages fix security vulnerabilities

CVE-2026-26961 Greedy multipart boundary parsing can cause parser differentials and WAF bypass. Forwarded header semicolon injection enables Host and Scheme spoofing. CVE-2026-34230 Quadratic complexity in Rack::Utils.selectbestencoding via wildcard Accept-Encoding header. CVE-2026-34763 Root...

7.5CVSS5.2AI score0.00475EPSS
Exploits1References14
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 4:51 p.m.4 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex

Summary Multiple vulnerabilities were addressed in IBM Aspera Faspex 5.0.15.4 Vulnerability Details CVEID:CVE-2026-6322 DESCRIPTION: fast-uri normalize decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host th...

7.5CVSS5.3AI score0.00781EPSS
Exploits0Affected Software6
OSV
OSV
added 2026/06/15 4:39 p.m.13 views

GHSA-XRXM-CP7J-8XF6 @angular/platform-server: URL Parser Differential leading to SSRF Allowlist Bypass

An issue in the @angular/platform-server package allows remote attackers to bypass host allowlist constraints and direct server-side outgoing requests to arbitrary external endpoints. This occurs due to a parser differential between the strict WHATWG URL parser used for allowlist validation and t...

8.8CVSS5.7AI score0.00279EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.11 views

CVE-2026-33458

Server-Side Request Forgery CWE-918 in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data...

7.7CVSS5.7AI score0.00226EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 8:29 p.m.7 views

GHSA-RFH7-FXQC-Q52V @angular/platform-server: SSRF via Hostname Hijacking

Impact A Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server. The issue stems from how the server-side rendering SSR engine processes the request URL provided to the rendering entry points. When an absolute-form URL e.g., http://evil.com is passed to the rendering...

8.8CVSS5.8AI score0.0021EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.12 views

PT-2026-42031

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.33.3 Coder versions prior to 2.32.2 Coder versions prior to 2.31.12 Coder versions prior to 2.30.8 Coder versions prior to 2.29.13 Coder versions prior to 2.24.5 Description An unauthenticated semi-blind Server-Side...

6.5CVSS6AI score0.00071EPSS
Exploits0References12
RustSec
RustSec
added 2026/05/12 12:0 p.m.17 views

DNS rebinding and cross-origin CSRF in dynoxide's MCP HTTP transport

dynoxide's MCP HTTP transport was vulnerable to DNS rebinding via its transitive rmcp dependency, plus a related cross-origin CSRF gap. A malicious web page could make the user's browser send requests to a local dynoxide mcp --http or dynoxide serve --mcp server with a non-loopback Host header,...

8.8CVSS5.8AI score0.00213EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.14 views

PT-2026-36996

Name of the Vulnerable Software and Affected Versions fast-uri versions prior to 3.1.2 Description The normalize function decoded percent-encoded authority delimiters within the host component and re-emitted them as raw delimiters during serialization. This allows a host combining an allowed...

7.5CVSS5.8AI score0.00611EPSS
Exploits2References215
OSV
OSV
added 2026/04/13 5:41 a.m.4 views

BIT-KIBANA-2026-33458 Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure

Server-Side Request Forgery CWE-918 in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data...

7.7CVSS6AI score0.00226EPSS
Exploits0References2
OSV
OSV
added 2026/04/13 5:38 a.m.3 views

BIT-ELK-2026-33458 Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure

Server-Side Request Forgery CWE-918 in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data...

7.7CVSS6AI score0.00226EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.3 views

PT-2026-32429

Server-Side Request Forgery CWE-918 in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data...

7.7CVSS5.9AI score0.00226EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.8 views

PT-2026-32405

Server-Side Request Forgery CWE-918 in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data...

7.7CVSS5.9AI score0.00226EPSS
Exploits0References3
NVD
NVD
added 2026/04/08 6:26 p.m.4 views

CVE-2026-33458

Server-Side Request Forgery CWE-918 in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data...

7.7CVSS0.00226EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 4:47 p.m.12 views

CVE-2026-33458

Summary : CVE-2026-33458 describes a Server-Side Request Forgery (SSRF) in Kibana One Workflow that can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially expos...

7.7CVSS6AI score0.00226EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/08 4:47 p.m.4 views

CVE-2026-33458 Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure

Server-Side Request Forgery CWE-918 in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data...

6.3CVSS6AI score0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 4:47 p.m.19 views

CVE-2026-33458 Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure

Server-Side Request Forgery CWE-918 in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data...

6.3CVSS0.00226EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.6 views

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from server-side request forgery in the Kibana One workflow. This vulnerability could allow authenticated users with permission to create and...

7.7CVSS5.9AI score0.00226EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.7 views

PT-2026-31344

Name of the Vulnerable Software and Affected Versions Kibana versions affected versions not specified Description Kibana One Workflow contains a Server-Side Request Forgery CWE-918 issue that can lead to information disclosure. An authenticated user with workflow creation and execution privileges...

7.7CVSS5.9AI score0.00226EPSS
Exploits0References5
NVD
NVD
added 2026/04/06 5:17 p.m.16 views

CVE-2026-35036

Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, Ech0 implements link preview editor fetches a page title through GET /api/website/title. That is legitimate product behavior, but the implementation is unsafe: the route is unauthenticated, accepts ...

7.5CVSS0.00327EPSS
Exploits1References1
Rows per page
Query Builder