Lucene search
+L

360 matches found

Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.19 views

PT-2026-33847

Name of the Vulnerable Software and Affected Versions LMDeploy versions prior to 0.12.3 Description A Server-Side Request Forgery SSRF issue exists in the vision-language module of LMDeploy, a toolkit for compressing, deploying, and serving large language models. The load image and encode image...

7.5CVSS6.3AI score0.4525EPSS
Exploits2References79
Cloud Foundry
Cloud Foundry
added 2026/04/20 12:0 a.m.6 views

CVE-2026-22726 - Route Services Firewall Bypass | Cloud Foundry

Severity MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L/E:P/RL:O/RC:C/MAV:N/MAC:L/MPR:L/MUI:R/MS:C/MC:H Vendor CloudFoundry Foundation Versions Affected Routing release: v0.118.0 to v​​0.371.0 CF Deployment: v0.0.2 to v54.14.0 Description Route Services can be leveraged to send app traffic t...

5CVSS5.4AI score0.00199EPSS
Exploits0
NVD
NVD
added 2026/04/18 12:16 a.m.5 views

CVE-2026-40346

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.37, NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any SSRF protection. An...

6.5CVSS0.00384EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/18 12:0 a.m.12 views

Nocobase 安全漏洞

Nocobase is an open-source low-code platform developed by NocoBase. Versions of NocoBase prior to 2.0.37 contained security vulnerabilities. These vulnerabilities stemmed from the lack of SSRF protection when the workflow HTTP request plugin and custom request operation plugins initiated...

6.5CVSS5.8AI score0.00384EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/17 11:54 p.m.4 views

CVE-2026-40346 NocoBase has SSRF in Workflow HTTP Request and Custom Request Plugins

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.37, NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any SSRF protection. An...

6.4CVSS5.8AI score0.00384EPSS
Exploits1References4
OSV
OSV
added 2026/04/17 11:54 p.m.2 views

CVE-2026-40346 NocoBase has SSRF in Workflow HTTP Request and Custom Request Plugins

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.37, NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any SSRF protection. An...

6.4CVSS6AI score0.00384EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/04/15 9:25 p.m.4 views

CVE-2026-40500

...

5.9AI score0.00385EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/15 9:25 p.m.25 views

CVE-2026-40500

...

0.00385EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/15 7:23 p.m.7 views

CVE-2026-30232

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...

9.6CVSS5.9AI score0.00242EPSS
Exploits0References1
CVE
CVE
added 2026/04/14 9:9 p.m.21 views

CVE-2026-34160

Chamilo LMS prior to 2.0.0-RC.3 is affected. The PENS plugin endpoint at public/plugin/Pens/pens.php allows unauthenticated access and accepts a user-controlled package-url that is fetched via curl without filtering private/internal IPs, enabling unauthenticated SSRF. Impact includes probing inte...

8.6CVSS5.7AI score0.00344EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/13 6:57 a.m.15 views

CVE-2026-5936

The CVE-2026-5936 entries describe a Server-Side Request Forgery (SSRF) in the Foxit PDF Services API, where an attacker can craft a URL to cause the server to initiate requests to arbitrary destinations. Affected component: Foxit PDF Services API (server-side URL handling). Reported impact inclu...

9.8CVSS5.8AI score0.00195EPSS
Exploits0References1Affected Software1
PyPA
PyPA
added 2026/04/10 8:16 p.m.23 views

PYSEC-2026-61

GeoNode versions 4.4.5 and 5.0.2 and prior within their respective releases contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL durin...

6.3CVSS5.9AI score0.00172EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/04/10 8:16 p.m.5 views

CVE-2026-30232

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...

9.6CVSS0.00242EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/10 7:15 p.m.3 views

CVE-2026-30232

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...

7.8CVSS5.9AI score0.00242EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/10 7:15 p.m.4 views

CVE-2026-30232 Chartbrew has SSRF in API Data Connection - No IP Validation on User-Provided URLs

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...

7.8CVSS5.9AI score0.00242EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/10 7:15 p.m.7 views

EUVD-2026-21551

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...

7.8CVSS5.9AI score0.00242EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/10 7:15 p.m.23 views

CVE-2026-30232 Chartbrew has SSRF in API Data Connection - No IP Validation on User-Provided URLs

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...

7.8CVSS0.00242EPSS
Exploits0References2
OSV
OSV
added 2026/04/10 7:15 p.m.3 views

CVE-2026-30232 Chartbrew has SSRF in API Data Connection - No IP Validation on User-Provided URLs

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...

7.8CVSS6.1AI score0.00242EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.13 views

PT-2026-32027

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...

7.8CVSS5.9AI score0.00242EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.5 views

CVE-2026-35461

Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, the Papra webhook system allows authenticated users to register arbitrary URLs as webhook endpoints with no validation of the destination address. The server makes outbound HTTP POST requests to registered URLs,...

5CVSS6.1AI score0.00213EPSS
Exploits1References1
Rows per page
Query Builder