Lucene search
K

49 matches found

Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-10129 SSRF via HTTP Redirect Following in Langflow API Request Component

IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery SSRF protection bypass vulnerability in the API Request component. An authenticated attacker with low-level privileges flow author role can bypass SSRF protections by enabling the followredirects parameter and supplying a...

8.5CVSS0.00195EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 8:22 p.m.21 views

CVE-2026-52805 Gogs: Migration Redirect Bypass Leads to Internal Repository Theft

Gogs is an open source self-hosted Git service. Prior to 0.14.3, a Server-Side Request Forgery SSRF vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but git clone --mirror follows HTTP redirects. An authenticated...

8.7CVSS0.00384EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/16 12:0 a.m.7 views

Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)

The Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach internal services and cloud metadata endpoints e.g. 169.254.169.254 despite the...

7.5CVSS5.3AI score0.00267EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.9 views

CVE-2026-25058

Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint GET /internal/transcripts/meetingid that returns transcript data for any meeting without any authentication or...

7.5CVSS5.5AI score0.00402EPSS
Exploits1References1
NVD
NVD
added 2026/05/28 8:16 p.m.13 views

CVE-2026-33462

A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through the Kibana...

7.3CVSS0.00223EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 7:33 p.m.6 views

CVE-2026-33462

A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through the Kibana...

4.6CVSS5.8AI score0.00223EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/28 7:33 p.m.9 views

CVE-2026-33462 Path Traversal in Kibana Leading to Unauthorized Deletion of User Accounts

A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through the Kibana...

4.6CVSS5.8AI score0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 7:33 p.m.9 views

EUVD-2026-33009

A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through the Kibana...

4.6CVSS5.8AI score0.00223EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.8 views

PT-2026-44489

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description A path traversal issue exists in the dashboard management functionality. An authenticated user with limited permissions can create a dashboard using a specially crafted identifier. If an...

7.3CVSS5.8AI score0.00223EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/26 4:41 p.m.14 views

Weblate has a Server-Side Request Forgery issue

Impact The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, the repository URL field is not validated or sanitized, allowing an attacker to supply...

5CVSS5.9AI score0.00182EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/20 4:42 a.m.11 views

MAL-2026-4459 Malicious code in @touchvue/chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0921a05dced95d8d0bb5d99de362f67e4e67832874fb0b4391629f5dfe6e926d The published tarball's chat components AiChat/Chat/useSSE.js and AiChat/ChatInput.vue2.js ship with hardcoded defaults that point the chat backend a...

5.7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/13 3:29 p.m.14 views

Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false

Summary There is a medium severity vulnerability in Traefik's Kubernetes Gateway API provider that allows a tenant with HTTPRoute creation permissions to expose the REST provider handler, bypassing the providers.rest.insecure=false setting. The Gateway provider accepts any TraefikService backend...

9.9CVSS5.9AI score0.00457EPSS
Exploits1References6Affected Software3
NVD
NVD
added 2026/05/08 11:16 p.m.19 views

CVE-2026-44284

FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected internal/private network URLs, but the MCP tool create/update endpoints could still save an internal...

6.3CVSS0.00235EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/08 10:12 p.m.9 views

CVE-2026-44284

FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected internal/private network URLs, but the MCP tool create/update endpoints could still save an internal...

6.3CVSS5.8AI score0.00235EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/08 10:12 p.m.33 views

CVE-2026-44284 FastGPT: Stored MCP tool URL SSRF in FastGPT workflow execution

FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected internal/private network URLs, but the MCP tool create/update endpoints could still save an internal...

6.3CVSS0.00235EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/08 10:12 p.m.6 views

CVE-2026-44284 FastGPT: Stored MCP tool URL SSRF in FastGPT workflow execution

FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected internal/private network URLs, but the MCP tool create/update endpoints could still save an internal...

6.3CVSS5.8AI score0.00235EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

FastGPT 代码问题漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.14.17 contained code vulnerabilities. These vulnerabilities stemmed from inconsistent SSRF protections in the handling of MCP tool URLs, which...

6.3CVSS5.9AI score0.00235EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.8 views

PT-2026-37221

Twenty is an open source CRM built with NestJS Node.js. In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 addresses in URL IP literals. Node.js's URL parser normalizes IPv4-mapped IPv6 addresses to compressed hex...

8.3CVSS5.8AI score0.0024EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-34564

Squidex is an open source headless content management system and content management hub. Versions prior to 7.23.0 have a Server-Side Request Forgery SSRF vulnerability due to missing SSRF protection on the Jint HTTP client used by scripting engine functions getJSON, request, etc.. An authenticate...

8.6CVSS5.9AI score0.00215EPSS
Exploits0References4
OSV
OSV
added 2026/04/16 10:53 p.m.5 views

GHSA-FV5P-P927-QMXR LangChain Text Splitters: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass

Summary HTMLHeaderTextSplitter.splittextfromurl validated the initial URL using validatesafeurl but then performed the fetch with requests.get with redirects enabled the default. Because redirect targets were not revalidated, a URL pointing to an attacker-controlled server could redirect to...

6.5CVSS5.7AI score0.0026EPSS
Exploits0References4
Rows per page
Query Builder