Lucene search
K

49 matches found

CVE
CVE
added yesterday9 views

CVE-2026-52840

Affected software: Easy!Appointments (self-hosted) prior to 1.6.0. Vulnerability: Server-Side Request Forgery (SSRF) in the CalDAV connection test. In Caldav::connect_to_server (application/controllers/Caldav.php:60), the request’s caldav_url is handed to a Guzzle REPORT call without proper schem...

2.7CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added yesterday27 views

CVE-2026-52840 Easy!Appointments has server-side request forgery in CalDAV connection test that exposes the deployment's internal network

Easy!Appointments is a self hosted appointment scheduler. In versions prior to 1.6.0, Caldav::connecttoserver at application/controllers/Caldav.php:60 hands the request's caldavurl to a Guzzle REPORT call without scheme or host validation. A logged-in backend user admin, provider, or secretary...

2.7CVSS
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:1 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the notification URL validation process. An attacker can access internal network resources and potentially expose sensitive internal data by configuring notification URLs to point to hostnames that...

7.7CVSS6AI score0.00437EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/03 2:25 a.m.11 views

CVE-2026-54430

A flaw was found in liboauth2 in the oauth2josejwksawsalbresolve function. The AWS ALB JWT verifier reads the signer and kid fields from the unverified JWT header. When signer matches the configured ARN, kid is appended to the ALB base URL without path sanitization, and an HTTP GET request is...

5.8CVSS5.8AI score0.00121EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 7:17 p.m.10 views

CVE-2026-53946

Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, when re-rendering posts, Ghost would refetch missing image dimensions by issuing an outbound HTTP request to the URL stored on an image card — without restricting that URL to trusted image hosts. An authenticated staff user...

5.4CVSS0.00122EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 7:10 p.m.13 views

CVE-2026-49129 Music Player Daemon < 0.24.11 SSRF via CurlInputPlugin

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...

6.9CVSS5.8AI score0.00281EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/19 12:51 a.m.52 views

CVE-2026-33234 AutoGPT: SendEmailBlock's IP blocklist bypass allows SSRF via user-controlled SMTP server

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogptplatform/backend/backend/blocks/emailblock.py accepts a user-supplied smtpserver string and smtpport integer as...

5CVSS0.00304EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/07 10:32 p.m.13 views

utcp-http vulnerable to SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol

Summary The utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS / loopback allowlist, but calltool and calltoolstreaming reuse...

4.7CVSS5.9AI score0.00168EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.19 views

PT-2026-38625

Name of the Vulnerable Software and Affected Versions python-utcp versions prior to 1.1.3 Description The utcp-http plugin is subject to a blind Server-Side Request Forgery SSRF, a flaw where an attacker can induce the server to make requests to an unintended location. This occurs due to a...

4.7CVSS5.8AI score0.00168EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:19 p.m.8 views

CVE-2026-33975

Twenty is an open source CRM built with NestJS Node.js. In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 addresses in URL IP literals. Node.js's URL parser normalizes IPv4-mapped IPv6 addresses to compressed hex...

8.3CVSS5.8AI score0.0024EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/04/30 5:24 p.m.7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the FilterDeadline function. An attacker can force the application to make arbitrary outbound HTTP POST requests to internal or external destinations by supplying a crafted URL in the...

7.2CVSS6AI score0.00236EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/22 7:57 p.m.8 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the POST /api/lunchflow/link endpoint, which insufficiently validates user-supplied URLs and fails to restrict access to internal or sensitive network addresses. An attacker can cause the server to...

8.5CVSS5.9AI score0.00331EPSS
Exploits0References4
OSV
OSV
added 2026/04/21 3:4 p.m.9 views

GHSA-6W67-HWM5-92MQ LMDeploy has Server-Side Request Forgery (SSRF) via Vision-Language Image Loading

Summary A Server-Side Request Forgery SSRF vulnerability exists in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, an...

7.5CVSS5.9AI score0.4525EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.8 views

PT-2026-33211

Name of the Vulnerable Software and Affected Versions NocoBase versions prior to 2.0.37 Description The workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without protection against Server-Side Request Forgery SSRF, a flaw where an...

6.5CVSS5.8AI score0.00384EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 2026/04/14 9:5 p.m.6 views

CVE-2026-33715

Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is accessible without authentication on fully installed instances because, unlike other AJAX endpoints, it does not include the global.inc.php file that performs...

7.2CVSS5.8AI score0.00208EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/10 10:9 p.m.16 views

GHSA-55V6-G8PM-PW4C rembg server is vulnerable to Server-Side Request Forgery (SSRF) and a weak default CORS configuration

GitHub Security Lab GHSL Vulnerability Report, rembg: GHSL-2024-161, GHSL-2024-162 The GitHub Security Lab team has identified potential security vulnerabilities in rembg. We are committed to working with you to help resolve these issues. In this report you will find everything you need to...

4.3CVSS5.2AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/10 10:9 p.m.8 views

rembg server is vulnerable to Server-Side Request Forgery (SSRF) and a weak default CORS configuration

GitHub Security Lab GHSL Vulnerability Report, rembg: GHSL-2024-161, GHSL-2024-162 The GitHub Security Lab team has identified potential security vulnerabilities in rembg. We are committed to working with you to help resolve these issues. In this report you will find everything you need to...

5.2AI score
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/04/10 7:49 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the validateWebhookURL function. An administrator can access internal network resources and cloud metadata endpoints by submitting webhook URLs that use hostnames resolving to private IP addresses,...

7CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/04/10 4:39 p.m.3 views

CVE-2026-40100 FastGPT has Unauthenticated SSRF in /api/core/app/mcpTools/runTool via missing CHECK_INTERNAL_IP default

FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool endpoint accepts arbitrary URLs without authentication. The internal IP check in isInternalAddress only blocks private IPs when CHECKINTERNALIP=true, which is not the default. This allows...

5.3CVSS6.1AI score0.00253EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/03 9:34 p.m.14 views

Insecure Default Initialization of Resource

Overview @budibase/backend-core is a Budibase backend core libraries used in server and worker Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the isBlacklisted function when the BLACKLISTIPS environment variable is unset, causing the blacklist...

9.9CVSS6AI score0.00377EPSS
Exploits1References3
Rows per page
Query Builder