Lucene search
K

50 matches found

Vulnrichment
Vulnrichment
added 2026/02/09 7:33 p.m.4 views

CVE-2026-25492 Craft has a save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host

Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveimagesAsset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...

5.3CVSS5.5AI score0.00419EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.9 views

PT-2026-7142

Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the save images Asset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...

5.3CVSS5.5AI score0.00419EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-53144

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00412EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-56164

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00471EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-23998

Malicious code in bioql PyPI...

7.5CVSS6.7AI score0.06929EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-23579

Malicious code in bioql PyPI...

7.5CVSS5.7AI score0.00499EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-31630

Malicious code in bioql PyPI...

6.9CVSS6.6AI score0.00495EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-53468

Malicious code in bioql PyPI...

9.6CVSS9.2AI score0.02706EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/09/30 8:56 p.m.9 views

CVE-2025-34230

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a blind server-side request forgery SSRF vulnerability reachable via the /var/www/app/consolerelease/hp/logoffsinglesignon.php script that can...

6.9CVSS7.2AI score0.00495EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/09/30 8:56 p.m.12 views

CVE-2025-34229

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a blind server-side request forgery SSRF vulnerability reachable via the /var/www/app/consolerelease/hp/installApp.php script that can be...

6.9CVSS7.2AI score0.00495EPSS
Exploits1References1
NVD
NVD
added 2025/09/29 9:15 p.m.6 views

CVE-2025-34229

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a blind server-side request forgery SSRF vulnerability reachable via the /var/www/app/consolerelease/hp/installApp.php script that can be...

6.9CVSS0.00495EPSS
Exploits1References4
OSV
OSV
added 2025/09/29 9:15 p.m.3 views

CVE-2025-34229

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a blind server-side request forgery SSRF vulnerability reachable via the /var/www/app/consolerelease/hp/installApp.php script that can be...

5.8CVSS5.7AI score0.00495EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/09/29 12:0 a.m.6 views

PT-2025-39895

Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 Vasion Print formerly PrinterLogic Application versions prior to 25.1.1413 Description The software contains a blind server-side request forgery SSRF issue...

6.9CVSS6.7AI score0.00514EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/05/23 9:53 a.m.4 views

CVE-2024-26309

Archer Platform 6.x before 6.14 P2 HF2 6.14.0.2.2 contains a sensitive information disclosure vulnerability. An unauthenticated attacker could potentially obtain access to sensitive information via an internal URL...

7.5CVSS6.4AI score0.00499EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:15 a.m.24 views

CVE-2019-14959

JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection...

5.9CVSS6.9AI score0.00656EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/21 12:0 a.m.7 views

CKAN 安全漏洞

CKAN is an open source DMS Data Management System from CKAN Open Source. It is used to power data centers and data portals. CKAN suffers from a security vulnerability that stems from the fact that if there is a connectivity problem with the Solr server, the internal Solr URL is leaked to the...

5.3CVSS6.4AI score0.00377EPSS
Exploits0References3
NVD
NVD
added 2024/03/08 2:15 a.m.18 views

CVE-2024-26309

Archer Platform 6.x before 6.14 P2 HF2 6.14.0.2.2 contains a sensitive information disclosure vulnerability. An unauthenticated attacker could potentially obtain access to sensitive information via an internal URL...

7.5CVSS5.1AI score0.00499EPSS
Exploits0References2
Prion
Prion
added 2024/03/08 2:15 a.m.21 views

Information disclosure

Archer Platform 6.x before 6.14 P2 HF2 6.14.0.2.2 contains a sensitive information disclosure vulnerability. An unauthenticated attacker could potentially obtain access to sensitive information via an internal URL...

5CVSS6.6AI score0.00499EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/08 12:0 a.m.15 views

CVE-2024-26309

Archer Platform 6.x before 6.14 P2 HF2 6.14.0.2.2 contains a sensitive information disclosure vulnerability. An unauthenticated attacker could potentially obtain access to sensitive information via an internal URL...

5.3CVSS5.4AI score0.00499EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/01/23 12:0 a.m.22 views

RHEL 8 : Red Hat OpenStack 16.1.9 (openstack-tripleo-heat-templates) (RHSA-2022:8796)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:8796 advisory. Heat templates for TripleO Security Fixes: data leak of internal URL through keystoneauthtoken CVE-2021-4180 Other fixes: Before this update, NTP...

4.3CVSS5.3AI score0.00754EPSS
Exploits0References36
Rows per page
Query Builder