Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Vulnrichment
Vulnrichmentadded 2026/04/24 12:14 a.m.1 views

CVE-2026-31955 Xibo CMS has Authenticated Server-Side Request Forgery (SSRF) in Remote DataSet Functionality

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...

4.9CVSS5.6AI score0.00071EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/03/27 5:27 a.m.1 views

CVE-2026-22742 Server-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL Fetching

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery SSRF vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests...

8.6CVSS5.9AI score0.00085EPSS
Exploits0References1
Veracode
Veracodeadded 2025/12/08 10:9 a.m.9 views

XML External Entity (XXE) Injection

Apache Tika is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of XFA content in PDFs within the tika-parser-pdf-module, where crafted XFA files can trigger XXE, allowing attackers to read sensitive files or make malicious internal or external reques...

9.8CVSS8.4AI score0.01579EPSS
Exploits6References5Affected Software3
OSV
OSVadded 2024/10/30 9:15 p.m.2 views

CVE-2024-48346

xtreme1 = v0.9.1 contains a Server-Side Request Forgery SSRF vulnerability in the /api/data/upload path. The vulnerability is triggered through the fileUrl parameter, which allows an attacker to make arbitrary requests to internal or external systems...

6.1CVSS5.9AI score
Exploits0References1
CNNVD
CNNVDadded 2024/10/30 12:0 a.m.2 views

Xtreme1 安全漏洞

Xtreme1 is an all-in-one open source platform for multimodal training data open-sourced by Xtreme1. A security vulnerability exists in Xtreme1 v0.9.1 and earlier versions that stems from vulnerability to a server-side request forgery attack that allows an attacker to make arbitrary requests to...

6.1CVSS6.8AI score0.0029EPSS
Exploits0References1
OSV
OSVadded 2021/09/15 7:15 p.m.1 views

CVE-2021-33705

The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery SSRF vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of request e.g. POST, G...

8.1CVSS7.3AI score0.00691EPSS
Exploits0References4
CNNVD
CNNVDadded 2020/11/30 12:0 a.m.4 views

WordPress Canto plugin 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A server-side request forgery vulnerability exists in WordPress Canto plugin 1.3.0. An attacker can...

5.3CVSS6AI score0.10409EPSS
Exploits3References8
Rows per page
Query Builder