Lucene search
K

9 matches found

Snyk
Snyk
added 2026/07/02 10:17 p.m.7 views

Server-side Request Forgery (SSRF)

Overview @lobehub/lobehub is a LobeHub - an open-source,comprehensive AI Agent framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application. Affected versions of this package are...

8.3CVSS6AI score0.00235EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 8:17 p.m.7 views

CVE-2026-59095

LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service importFromUrl and topic cover update fetchImageFromUrl...

8.3CVSS0.00235EPSS
Exploits0References3
CVE
CVE
added 2026/07/02 7:41 p.m.14 views

CVE-2026-59095

CVE-2026-59095 affects LobeChat prior to 2.2.10-canary.18. It is a server-side request forgery (SSRF) vulnerability where authenticated attackers can supply input to the skill import service (importFromUrl) and topic cover update (fetchImageFromUrl) endpoints that use the global fetch without the...

8.3CVSS5.9AI score0.00235EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:41 p.m.7 views

CVE-2026-59095

LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service importFromUrl and topic cover update fetchImageFromUrl...

8.3CVSS5.9AI score0.00235EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/02 7:41 p.m.9 views

EUVD-2026-41426

LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service importFromUrl and topic cover update fetchImageFromUrl...

8.3CVSS5.9AI score0.00235EPSS
Exploits0References3
OSV
OSV
added 2026/07/02 7:41 p.m.4 views

CVE-2026-59095 LobeChat < 2.2.10-canary.18 - SSRF via importFromUrl and fetchImageFromUrl

LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service importFromUrl and topic cover update fetchImageFromUrl...

8.3CVSS6AI score0.00235EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-55296

Name of the Vulnerable Software and Affected Versions LobeChat versions prior to 2.2.10-canary.18 Description Authenticated attackers can perform server-side request forgery SSRF, a flaw where the server is tricked into making requests to an unintended location. By providing malicious input to th...

8.3CVSS6.1AI score0.00235EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/09/11 7:16 a.m.9 views

CVE-2025-9539

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the automatorwpajaximportautomationfromurl function in all versions up to, and...

8CVSS5.9AI score0.00416EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/06/27 12:0 a.m.6 views

PT-2022-14230 · WordPress · Import Export All Wordpress Images

Name of the Vulnerable Software and Affected Versions: Import Export All WordPress Images, Users & Post Types WordPress plugin versions prior to 6.5.3 Description: The issue concerns the lack of full validation for files to be imported via URL, which could allow high-privilege users, such as...

7.2CVSS6.9AI score0.01291EPSS
Exploits2References4
Rows per page
Query Builder