CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

127 matches found

Astro Cloudflare Adapter - Server Side Request Forgery

Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...

7.2CVSS5.8AI score0.00773EPSS

Exploits1References3

CVE•added 2026/06/01 7:9 p.m.•15 views

CVE-2026-49136

Banana Slides (v0.4.0) contains a path traversal in ai service backend’s generate_image() that lets unauthenticated attackers read arbitrary image files outside the uploads directory. Root cause: incomplete path prefix check via os.path.startswith(), without a trailing separator, allowing crafted...

8.7CVSS5.9AI score0.00417EPSS

Exploits0References4

Positive Technologies•added 2026/06/01 12:0 a.m.•14 views

PT-2026-45559

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generate image function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplet...

8.7CVSS5.9AI score0.00417EPSS

Exploits0References5

vulnersOsv•added 2026/05/12 11:24 a.m.•3 views

@aaa-backend-stack/graphql-rest-bindings (>=1.16.0 <=1.16.9), @aaa-backend-stack/image-service (>=1.16.0 <=1.16.9) +589 more potentially affected by CVE-2026-8162 via multiparty (>=4.0.0 <=4.2.3)

multiparty NPM version =4.0.0, =1.16.0, =1.16.0, =1.16.0, =0.1.155, =1.0.0, =1.1.0, =0.0.1, =0.0.1, =0.1.0, =0.58.14, =0.1.0, =1.0.0, =0.1.1, =0.1.3 and more Source cves: CVE-2026-8162 Source advisory: SNYK:JS-MULTIPARTY-16787378...

7.5CVSS5.4AI score0.00279EPSS

Exploits0

VulnCheck KEV•added 2026/04/30 12:0 a.m.•5 views

VulnCheck KEV: CVE-2025-58179

7.2CVSS5.2AI score0.00773EPSS

In wildExploits1References2

Positive Technologies•added 2026/04/23 12:0 a.m.•2 views

PT-2026-34823

Summary The fetch call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transform.ts line 28 uses the default redirect: 'follow' behavior. This allows the Cloudflare Worker to follow HTTP redirects to arbitrary URLs, bypassing the isRemoteAllowed domain allowlist chec...

2.2CVSS5.9AI score0.00199EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•11 views

EUVD-2015-0036

Malware in sbrugna...

3.5CVSS6.1AI score0.01499EPSS

Exploits0References13

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2013-1565

Malware in sbrugna...

4.3CVSS6.4AI score0.00985EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2000-0838

Malware in sbrugna...

4.6CVSS6.4AI score0.08319EPSS

Exploits1References5

Veracode•added 2025/10/06 10:28 a.m.•6 views

Server-side Request Forgery

astrojs/cloudflare is vulnerable to Server-side Request Forgery. The vulnerability is due to insufficient URL validation in the generated image optimization endpoint when the adapter is used with output: 'server' and the default imageService: 'compile', an attacker can exploit this to have the...

7.2CVSS7.1AI score0.00773EPSS

Exploits1References2Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-26878

Malicious code in bioql PyPI...

7.2CVSS6.3AI score0.00773EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-4019

Malicious code in bioql PyPI...

6.8CVSS4.7AI score0.02376EPSS

Exploits0References12

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-4907

Malicious code in bioql PyPI...

5.5CVSS4.7AI score0.02035EPSS

Exploits0References11

EUVD•added 2025/10/03 8:7 p.m.•11 views

EUVD-2022-4293

Malicious code in bioql PyPI...

5.8CVSS5.8AI score0.02034EPSS

Exploits0References8

RedhatCVE•added 2025/09/07 12:45 a.m.•15 views

CVE-2025-58179

7.2CVSS6.8AI score0.00773EPSS

Exploits1References1

NVD•added 2025/09/05 12:15 a.m.•4 views

CVE-2025-58179

7.2CVSS0.00773EPSS

Exploits1References2

Cvelist•added 2025/09/04 11:36 p.m.•8 views

CVE-2025-58179 Astro Cloudflare adapter is vulnerable to Server-Side Request Forgery via /_image endpoint

7.2CVSS0.00773EPSS

Exploits1References2

OSV•added 2025/09/04 11:36 p.m.•3 views

CVE-2025-58179 Astro Cloudflare adapter is vulnerable to Server-Side Request Forgery via /_image endpoint

7.2CVSS6.4AI score0.00773EPSS

Exploits1References4

Positive Technologies•added 2025/09/04 12:0 a.m.•3 views

PT-2025-36102

Name of the Vulnerable Software and Affected Versions Astro versions 11.0.3 through 12.6.5 Description Astro, a web framework for content-driven websites, is susceptible to a Server-Side Request Forgery SSRF issue when utilizing the Cloudflare adapter. When configured with output: 'server' and th...

7.2CVSS6.5AI score0.00773EPSS

Exploits1References17