85 matches found
CVE-2026-27796 Homarr: Unauthenticated Information Disclosure (Integration Metadata Leak)
Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service...
CVE-2026-27796
Summary: Vulnerability in Homarr prior to v1.54.0 where the integration.all tRPC endpoint was exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations (internal URLs, names, service types). This information disclosure impact is stated as ...
GHSA-3C45-4PJ5-CH7M changedetection.io is Vulnerable to SSRF via Watch URLs
Summary Changedetection.io is vulnerable to Server-Side Request Forgery SSRF because the URL validation function issafevalidurl does not validate the resolved IP address of watch URLs against private, loopback, or link-local address ranges. An authenticated user or any user when no password is...
PT-2026-21762
Name of the Vulnerable Software and Affected Versions AVideo versions prior to 22.0 Description AVideo is an open source video platform. The aVideoEncoder.json.php API endpoint accepts a downloadURL parameter and fetches the referenced resource server-side without proper validation or an...
CVE-2026-25084
Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs...
CVE-2026-25084
Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs...
PT-2026-7621
Name of the Vulnerable Software and Affected Versions ZLAN5143D affected versions not specified Description Authentication for the device can be bypassed by directly accessing internal URLs. Recommendations At the moment, there is no information about a newer version that contains a fix for this...
CVE-2026-25492
Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveimagesAsset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...
CVE-2026-25492
Craft CMS versions 3.5.0–4.16.17 and 5.0.0-RC1–5.8.21 are affected. The save_images_Asset GraphQL mutation can be abused to fetch internal URLs by supplying a domain resolving to an internal IP, bypassing hostname validation. If a non-image file extension (e.g., .txt) is allowed, downstream image...
CVE-2026-24048
Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the FetchUrlReader component, used by the catalog and other...
EUVD-2025-199888
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...
CVE-2025-12376 Icon List Block – Add Icon-Based Lists with Custom Styles <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery
The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fsapirequest function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-11128
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.1.0 via the 'feedzysanitizefeeds' function. This makes it possible for authenticated attackers...
CVE-2025-12136 Real Cookie Banner: GDPR & ePrivacy Cookie Consent <= 5.2.4 - Authenticated (Admin+) Server-Side Request Forgery via scan-without-login Endpoint
The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the user-supplied URL in the '/scanner/scan-without-login' REST API endpoint. This makes ...
EUVD-2021-16413
Malware in sbrugna...
EUVD-2022-0778
Malicious code in bioql PyPI...
EUVD-2022-2680
Malicious code in bioql PyPI...
CVE-2025-59346 Dragonfly server-side request forgery vulnerability
Dragonfly is an open source P2P-based file distribution and image acceleration system. Versions prior to 2.1.0 contain a server-side request forgery SSRF vulnerability that enables users to force DragonFly2’s components to make requests to internal services that are otherwise not accessible to...
CVE-2025-50110
An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS...
CVE-2025-50110
An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS...