360 matches found
PT-2026-33847
Name of the Vulnerable Software and Affected Versions LMDeploy versions prior to 0.12.3 Description A Server-Side Request Forgery SSRF issue exists in the vision-language module of LMDeploy, a toolkit for compressing, deploying, and serving large language models. The load image and encode image...
CVE-2026-22726 - Route Services Firewall Bypass | Cloud Foundry
Severity MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L/E:P/RL:O/RC:C/MAV:N/MAC:L/MPR:L/MUI:R/MS:C/MC:H Vendor CloudFoundry Foundation Versions Affected Routing release: v0.118.0 to v0.371.0 CF Deployment: v0.0.2 to v54.14.0 Description Route Services can be leveraged to send app traffic t...
CVE-2026-40346
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.37, NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any SSRF protection. An...
Nocobase 安全漏洞
Nocobase is an open-source low-code platform developed by NocoBase. Versions of NocoBase prior to 2.0.37 contained security vulnerabilities. These vulnerabilities stemmed from the lack of SSRF protection when the workflow HTTP request plugin and custom request operation plugins initiated...
CVE-2026-40346 NocoBase has SSRF in Workflow HTTP Request and Custom Request Plugins
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.37, NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any SSRF protection. An...
CVE-2026-40346 NocoBase has SSRF in Workflow HTTP Request and Custom Request Plugins
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.37, NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any SSRF protection. An...
CVE-2026-40500
...
CVE-2026-40500
...
CVE-2026-30232
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...
CVE-2026-34160
Chamilo LMS prior to 2.0.0-RC.3 is affected. The PENS plugin endpoint at public/plugin/Pens/pens.php allows unauthenticated access and accepts a user-controlled package-url that is fetched via curl without filtering private/internal IPs, enabling unauthenticated SSRF. Impact includes probing inte...
CVE-2026-5936
The CVE-2026-5936 entries describe a Server-Side Request Forgery (SSRF) in the Foxit PDF Services API, where an attacker can craft a URL to cause the server to initiate requests to arbitrary destinations. Affected component: Foxit PDF Services API (server-side URL handling). Reported impact inclu...
PYSEC-2026-61
GeoNode versions 4.4.5 and 5.0.2 and prior within their respective releases contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL durin...
CVE-2026-30232
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...
CVE-2026-30232
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...
CVE-2026-30232 Chartbrew has SSRF in API Data Connection - No IP Validation on User-Provided URLs
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...
EUVD-2026-21551
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...
CVE-2026-30232 Chartbrew has SSRF in API Data Connection - No IP Validation on User-Provided URLs
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...
CVE-2026-30232 Chartbrew has SSRF in API Data Connection - No IP Validation on User-Provided URLs
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...
PT-2026-32027
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...
CVE-2026-35461
Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, the Papra webhook system allows authenticated users to register arbitrary URLs as webhook endpoints with no validation of the destination address. The server makes outbound HTTP POST requests to registered URLs,...