Lucene search
K

144 matches found

RedhatCVE
RedhatCVE
added 2026/01/14 5:22 p.m.5 views

CVE-2025-58411

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources reference counting creating a potential use after free scenario. Improper resource management and reference counting on an internal resource caused scenario where potentia...

8.8CVSS6.9AI score0.00148EPSS
Exploits0References1
OSV
OSV
added 2026/01/13 6:16 p.m.5 views

CVE-2025-10865

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free. Improper reference counting on an internal resource caused scenario where potential for use after free was present...

7.8CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2026/01/13 5:15 p.m.3 views

CVE-2025-58411

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources reference counting creating a potential use after free scenario. Improper resource management and reference counting on an internal resource caused scenario where potentia...

8.8CVSS5.8AI score0.00148EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.6 views

PT-2025-53754

Name of the Vulnerable Software and Affected Versions Hemmelig versions prior to 7.3.3 Description A Server-Side Request Forgery SSRF filter bypass exists in the webhook URL validation of the Secret Requests feature in Hemmelig, a messaging app with client-side encryption and self-destructing...

4.3CVSS6.4AI score0.0019EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/22 9:35 p.m.25 views

CVE-2021-47715 Hasura GraphQL 1.3.3 Server-Side Request Forgery via Remote Schema Injection

Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers to inject arbitrary remote schema URLs through the addremoteschema endpoint. Attackers can exploit the vulnerability by sending crafted POST requests to the /v1/query endpoint with malicious URL...

6.9CVSS0.00323EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/12/20 5:12 p.m.15 views

CVE-2025-68477

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, an...

7.7CVSS6.6AI score0.0576EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/12/10 12:30 a.m.11 views

Fetch MCP Server has a Server-Side Request Forgery (SSRF) vulnerability

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...

7.5CVSS7AI score0.00388EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/04 12:0 a.m.12 views

Adobe Experience Manager (AEM) CRX Search Endpoint Exposure

The remote Adobe Experience Manager AEM CRX search endpoint is accessible. These endpoints provide potential attackers with access to search functionalities, which could be exploited to discover sensitive internal resources. No source data...

6.8AI score
Exploits0
Cvelist
Cvelist
added 2025/11/07 2:58 a.m.27 views

CVE-2025-64180 Manager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)

Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...

10CVSS0.00315EPSS
Exploits0References1
CVE
CVE
added 2025/11/07 2:58 a.m.28 views

CVE-2025-64180

The vulnerability CVE-2025-64180 affects Manager-io/Manager Desktop and Server (versions 25.11.1.3085 and earlier). The issue stems from a TOCTOU race condition in the DNS validation mechanism, allowing an attacker to bypass network isolation and access internal resources, cloud metadata endpoint...

10CVSS6.3AI score0.00315EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 12:19 a.m.14 views

CVE-2025-60541

A Server-Side Request Forgery SSRF in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request...

7.3CVSS6.8AI score0.00227EPSS
Exploits1References1
NVD
NVD
added 2025/11/06 7:15 p.m.4 views

CVE-2025-60541

A Server-Side Request Forgery SSRF in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request...

7.3CVSS0.00227EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/06 12:0 a.m.3 views

CVE-2025-60541

A Server-Side Request Forgery SSRF in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request...

6.4AI score0.00227EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.5 views

Prompt Optimizer 安全漏洞

Prompt Optimizer is a prompt word optimizer by and Alchemy Time Personal Developer. A security vulnerability exists in Prompt Optimizer versions 1.3.0 through 1.4.2, which stems from a server-side request forgery in the /api/proxy component, which could allow an attacker to scan internal resource...

7.3CVSS6.7AI score0.00227EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/11/06 12:0 a.m.14 views

CVE-2025-60541

A Server-Side Request Forgery SSRF in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request...

0.00227EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/10/08 8:19 p.m.17 views

CVE-2025-61784

LLaMA-Factory is a tuning library for large language models. Prior to version 0.9.4, a Server-Side Request Forgery SSRF vulnerability in the chat API allows any authenticated user to force the server to make arbitrary HTTP requests to internal and external networks. This can lead to the exposure ...

7.6CVSS6.4AI score0.0035EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-1856

Malware in sbrugna...

9.1CVSS9.3AI score0.01599EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-49313

Malicious code in bioql PyPI...

7.7CVSS6.3AI score0.00555EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2023-2052

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00949EPSS
Exploits0References4
Snyk
Snyk
added 2025/10/02 12:31 p.m.3 views

Server-side Request Forgery (SSRF)

Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. An attacker can access internal resources, exfiltrate sensitive information, or perform unauthorized actions by sending crafted...

7.3CVSS6.9AI score0.00499EPSS
Exploits0References2
Rows per page
Query Builder