Lucene search
K

143 matches found

CNNVD
CNNVD
added 2026/03/11 12:0 a.m.13 views

GitLab 注入漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. There is a vulnerability in GitLab, which stems from improper input...

5CVSS5.9AI score0.00187EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/10 8:38 p.m.3 views

EUVD-2026-10875

LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL LinkRepository::create calls HtmlMeta::getFromUrl. The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-si...

7.7CVSS5.8AI score0.00218EPSS
Exploits0References1
Veracode
Veracode
added 2026/03/06 6:32 a.m.6 views

Server-Side Request Forgery (SSRF)

Angular SSR is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to Angular’s request handling pipeline trusting user-controlled Host and X-Forwarded- HTTP headers without proper validation, which allows an attacker to manipulate URL reconstruction and perform arbitrary...

9.2CVSS5.9AI score0.00497EPSS
Exploits1References9Affected Software3
OSV
OSV
added 2026/03/05 9:59 p.m.6 views

CVE-2026-28451 OpenClaw < 2026.2.14 - SSRF via Feishu Extension Media Fetching

OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that allow attackers to fetch attacker-controlled remote URLs without SSRF protections via sendMediaFeishu function and markdown image processing. Attackers can influence tool calls...

6.3CVSS6AI score0.00275EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/25 10:42 p.m.16 views

Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline

A Server-Side Request Forgery SSRF vulnerability has been identified in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL reconstruction logic directly trusts and consumes user-controlled HTTP headers specifically the Host and X-Forwarded- family t...

9.2CVSS5.7AI score0.00497EPSS
Exploits1References6Affected Software3
Cvelist
Cvelist
added 2026/02/24 7:0 p.m.31 views

CVE-2026-27477 Mastodon has SSRF via unvalidated FASP Provider base_url

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, an unauthenticated attacker can register a FASP with an attacker-chosen baseurl that includes or...

8.2CVSS0.0027EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.60 views

Mastodon 代码问题漏洞

Mastodon is an open-source social networking server based on ActivityPub, developed by Mastodon. There are code vulnerabilities in versions 4.4.0 to 4.4.13 and 4.5.0 to 4.5.6 of Mastodon. These vulnerabilities allow unverified attackers to register a FASP with a baseurl pointing to a local intern...

8.2CVSS5.9AI score0.0027EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/12 9:42 p.m.4 views

CVE-2026-26075 Cross-Site Request Forgery (CSRF) in FastGPT

FastGPT is an AI Agent building platform. Due to the fact that FastGPT's web page acquisition nodes, HTTP nodes, etc. need to initiate data acquisition requests from the server, there are certain security issues. In addition to implementing internal network isolation in the deployment environment...

6.9CVSS5.5AI score0.00101EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/02 10:56 a.m.4 views

Server-side Request Forgery (SSRF)

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via insufficient validation of the backchannelclientnotificationendpoint,...

5.1CVSS5.9AI score0.00236EPSS
Exploits0References2
NVD
NVD
added 2026/01/28 7:16 p.m.9 views

CVE-2026-24775

OpenProject is an open-source, web-based project management software. In the new editor for collaborative documents based on BlockNote, OpenProject maintainers added a custom extension in OpenProject version 17.0.0 that allows to mention OpenProject work packages in the document. To show work...

7.3CVSS0.00105EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.6 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Form-Data vulnerability (USN-7976-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7976-1 advisory. Ben Shonaldmann discovered that Form-data incorrectly generated boundary values for multipart...

9.4CVSS6AI score0.01735EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/23 12:26 a.m.17 views

CVE-2025-56589

A Local File Inclusion LFI and a Server-Side Request Forgery SSRF vulnerability was found in the InsertFromHtmlString function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or...

7.5CVSS5.8AI score0.00404EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 12:0 a.m.4 views

CVE-2025-56589

A Local File Inclusion LFI and a Server-Side Request Forgery SSRF vulnerability was found in the InsertFromHtmlString function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or...

7.5CVSS5.6AI score0.00404EPSS
Exploits1References3
Veracode
Veracode
added 2026/01/21 11:23 a.m.6 views

Server-Side Request Forgery (SSRF)

SvelteKit is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of host and origin resolution during prerendered route processing, where crafted requests can trigger internal requests or cause excessive resource usage, leading to SSRF or service disrupti...

9.1CVSS5.9AI score0.00466EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2026/01/13 4:32 p.m.6 views

EUVD-2026-2215

A Server-Side Request Forgery SSRF vulnerability CWE-918 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versions, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to proxy internal requests limited to plaintext...

3.8CVSS6.3AI score0.00379EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/13 4:32 p.m.3 views

CVE-2025-67685

A Server-Side Request Forgery SSRF vulnerability CWE-918 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versions, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to proxy internal requests limited to plaintext...

3.8CVSS6.4AI score0.00379EPSS
Exploits0References1
Veracode
Veracode
added 2026/01/13 10:59 a.m.8 views

Server-Side Request Forgery (SSRF)

httparty is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied URLs, which allows an attacker to force the application to send unauthorized requests to internal servers and potentially leak sensitive information such as API keys...

8.8CVSS6.7AI score0.0026EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.5 views

Fortinet FortiSandbox 代码问题漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. A code issue vulnerability exists in Fortinet FortiSandbox versions 5.0.0...

3.8CVSS7.4AI score0.00379EPSS
Exploits0References2
NVD
NVD
added 2025/12/23 11:15 p.m.8 views

CVE-2025-68696

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd...

8.8CVSS0.0026EPSS
Exploits1References2
OSV
OSV
added 2025/12/23 11:15 p.m.5 views

UBUNTU-CVE-2025-68696

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd...

8.8CVSS5.7AI score0.0026EPSS
Exploits1References4
Rows per page
Query Builder