Lucene search
K

356 matches found

CNNVD
CNNVD
added 2026/05/26 12:0 a.m.14 views

MaxKB 代码问题漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.9.1 contained code vulnerabilities. These vulnerabilities stemmed from the work-flowtemplate import feature, where authenticated users could provide...

6.3CVSS6AI score0.00207EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/20 8:47 p.m.11 views

Apache Neethi: Apache Neethi: Information disclosure and network access bypass via PolicyReference API

A flaw was found in Apache Neethi. When an application explicitly calls the PolicyReference API to retrieve a policy from a remote Uniform Resource Identifier URI, Apache Neethi does not impose restrictions on the URI. This allows a remote attacker to cause the application to make outbound reques...

7.2CVSS5.9AI score0.00497EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.10 views

FreeBSD : mail/mailpit -- multiple vulnerabilities (6e701ad2-4f61-11f1-af6d-10ffe07f9334)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 6e701ad2-4f61-11f1-af6d-10ffe07f9334 advisory. Mailpit author reports: Set a default 50MB per message limit to prevent DoS via unlimited SMTP...

6AI score0.00099EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/14 4:56 p.m.40 views

CVE-2026-44520 Docling-Graph: SSRF via Missing Internal IP Validation in URLInputHandler

Docling-Graph turns documents into validated Pydantic objects, then builds a directed knowledge graph with explicit semantic relationships. Prior to 1.5.1, the URLInputHandler class in doclinggraph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating whether the...

5.7CVSS0.00188EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:33 p.m.6 views

CVE-2026-42595

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint /forms/chromium/convert/url has no default protection against HTTP/HTTPS-based SSRF. The default deny-list regex only blocks file:// URIs. An unauthenticated attacker can point...

8.6CVSS5.8AI score0.00313EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.16 views

CVE-2026-42345

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...

7.7CVSS5.8AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/12 2:21 p.m.17 views

CVE-2026-0300

A buffer overflow vulnerability in the User-ID™ Authentication Portal aka Captive Portal service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. T...

9.8CVSS6.4AI score0.32074EPSS
Exploits6References1
OSV
OSV
added 2026/05/11 1:51 p.m.12 views

GHSA-CHWH-F6GM-R836 Gotenberg: Server-Side Request Forgery via Chromium URL Endpoint with Redirect-Based Deny-List Bypass

A review of 4 published Gotenberg security advisories exposed an SSRF issue. GHSA-pjrr-jgp4-v2fm covers SSRF via the downloadFrom endpoint. GHSA-pcrp-7g9h-7qhp covers SSRF via the webhook endpoint. Neither advisory addresses SSRF through the primary Chromium URL-to-PDF conversion endpoint...

8.6CVSS6AI score0.00313EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.21 views

PT-2026-41196

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description The validate url function in backend/open webui/retrieval/web/utils.py only validates the initial URL provided by the user. Downstream HTTP clients, including sync requests, async aiohttp, and...

8.5CVSS5.8AI score0.003EPSS
Exploits1References15
NVD
NVD
added 2026/05/08 11:16 p.m.14 views

CVE-2026-42345

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...

7.7CVSS0.00213EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/08 10:11 p.m.8 views

CVE-2026-42345 FastGPT: Cloud metadata endpoint SSRF protection bypass via port specification, IPv6 mapping, hex/decimal IP encoding, and trailing dot

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...

7.7CVSS5.8AI score0.00213EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 10:11 p.m.23 views

CVE-2026-42345

FastGPT (version 4.14.11 and earlier) exposes an SSRF risk in isInternalAddress() (packages/service/common/system/utils.ts) where a fullUrl.startsWith() hardcoded blocklist can be bypassed by at least 7 URL-encoding techniques that resolve to the cloud metadata endpoint. The broader private IP ch...

7.7CVSS5.8AI score0.00213EPSS
Exploits0References1
CVE
CVE
added 2026/05/07 3:1 a.m.31 views

CVE-2026-42194

CVE-2026-32812 affects Admidio’s SSO Metadata endpoint (modules/sso/fetch_metadata.php). Versions 5.0.0–5.0.6 allow SSRF and local file reads because the code passes an arbitrary URL directly to file_get_contents() after validating the URL with FILTER_VALIDATE_URL, enabling abuse via various sche...

6.8CVSS5.7AI score0.00428EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/07 3:1 a.m.10 views

EUVD-2026-28296

Admidio is an open-source user management solution. Prior to version 5.0.9, the incomplete SSRF fix in Admidio's fetchmetadata.php validates the resolved IP address but passes the original hostname-based URL to curlinit, leaving a DNS rebinding TOCTOU window that allows redirecting requests to...

6.8CVSS5.7AI score0.00236EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 3:1 a.m.5 views

CVE-2026-42194

Admidio is an open-source user management solution. Prior to version 5.0.9, the incomplete SSRF fix in Admidio's fetchmetadata.php validates the resolved IP address but passes the original hostname-based URL to curlinit, leaving a DNS rebinding TOCTOU window that allows redirecting requests to...

6.8CVSS5.7AI score0.00236EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Admidio 代码问题漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio prior to 5.0.9 had code vulnerabilities. These vulnerabilities stemmed fr...

6.8CVSS5.9AI score0.00236EPSS
Exploits1References1
NVD
NVD
added 2026/05/05 8:16 p.m.10 views

CVE-2026-33975

Twenty is an open source CRM built with NestJS Node.js. In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 addresses in URL IP literals. Node.js's URL parser normalizes IPv4-mapped IPv6 addresses to compressed hex...

8.3CVSS0.0024EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/05 8:3 p.m.14 views

Admidio has an incomplete fix for CVE-2026-32812 (SSRF)

Summary The incomplete SSRF fix in Admidio's fetchmetadata.php validates the resolved IP address but passes the original hostname-based URL to curlinit, leaving a DNS rebinding TOCTOU window that allows redirecting requests to internal IPs. Affected Package - Ecosystem: Other - Package: admidio -...

6.8CVSS5.9AI score0.00428EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/05/05 8:3 p.m.5 views

GHSA-HCJJ-CHVW-FMW9 Admidio has an incomplete fix for CVE-2026-32812 (SSRF)

Summary The incomplete SSRF fix in Admidio's fetchmetadata.php validates the resolved IP address but passes the original hostname-based URL to curlinit, leaving a DNS rebinding TOCTOU window that allows redirecting requests to internal IPs. Affected Package - Ecosystem: Other - Package: admidio -...

6.8CVSS5.8AI score0.00236EPSS
Exploits1References6
Snyk
Snyk
added 2026/05/05 7:52 p.m.10 views

Server-side Request Forgery (SSRF)

Overview requests-hardened is an A library that overrides the default behaviors of the requests library, and adds new security features. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URL filtering process. An attacker can access internal services and...

8.3CVSS5.8AI score0.00305EPSS
Exploits0References2
Rows per page
Query Builder