Lucene search
K

48 matches found

Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.18 views

PT-2026-48709

Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port...

7.7CVSS5.5AI score0.00209EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.10 views

CVE-2026-33234

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogptplatform/backend/backend/blocks/emailblock.py accepts a user-supplied smtpserver string and smtpport integer as...

5CVSS5.6AI score0.00304EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 4:4 p.m.8 views

EUVD-2026-24167

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery SSRF vulnerability in the IMAP/SMTP connection test functionality of FreeScout's MailboxesController. Three AJAX actions fetchtest line 731, sendtest line 682, and imapfolder...

4.1CVSS5.8AI score0.00291EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/21 4:4 p.m.6 views

CVE-2026-40566

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery SSRF vulnerability in the IMAP/SMTP connection test functionality of FreeScout's MailboxesController. Three AJAX actions fetchtest line 731, sendtest line 682, and imapfolder...

4.1CVSS5.8AI score0.00291EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/21 4:4 p.m.12 views

CVE-2026-40566

FreeScout (versions before 1.8.213) contains an SSRF in the IMAP/SMTP connection test flow via MailboxesController. The three AJAX actions fetch_test, send_test, and imap_folders pass admin-configured in_server/in_port and out_server/out_port directly to fsockopen and to IMAP/SMTP clients without...

4.1CVSS5.8AI score0.00291EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.20 views

PT-2026-34010

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery SSRF vulnerability in the IMAP/SMTP connection test functionality of FreeScout's MailboxesController. Three AJAX actions fetch test line 731, send test line 682, and imap...

4.1CVSS5.8AI score0.00291EPSS
Exploits0References4
NVD
NVD
added 2026/04/15 10:17 p.m.9 views

CVE-2026-40500

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. The "Add Module from URL" feature requires superuser privileges root-equivalent in ProcessWire who already has unrestricted arbitrary code execution via standard module upload, making the SSRF vector...

0.00385EPSS
Exploits0
OSV
OSV
added 2026/04/15 9:25 p.m.4 views

CVE-2026-40500 ProcessWire CMS SSRF via Add Module From URL

ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...

6.1CVSS6AI score0.00385EPSS
Exploits0References6
NVD
NVD
added 2026/04/10 6:16 p.m.4 views

CVE-2026-31941

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery SSRF vulnerability in the Social Wall feature. The endpoint readurlwithopengraph accepts a URL from the user via the socialwallnewmsgmain POST parameter and performs tw...

7.7CVSS0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/19 12:0 a.m.27 views

CVE-2025-55853

SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery SSRF. The PDF converter function does not check if internal or external resources are requested in the uploaded files and allows for protocols such as http:// and file:///. This allows an attacker to upload an XML or HTM...

0.00373EPSS
Exploits1References2
CVE
CVE
added 2026/02/19 12:0 a.m.13 views

CVE-2025-55853

SoftVision webPDF (before 10.0.2) is affected by a Server-Side Request Forgery (SSRF) in its PDF converter: uploaded XML/HTML can trigger rendering that accesses internal or external resources (http://, file://), enabling internal port scanning and Local File Inclusion (LFI). Multiple sources (NV...

9.1CVSS5.6AI score0.00373EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/17 1:18 p.m.7 views

CVE-2026-0613

The Librarian contains an internal port scanning vulnerability, facilitated by the webfetch tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has...

7.5CVSS6.9AI score0.00373EPSS
Exploits0References1
NVD
NVD
added 2026/01/16 1:16 p.m.6 views

CVE-2026-0613

The Librarian contains an internal port scanning vulnerability, facilitated by the webfetch tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has...

7.5CVSS0.00373EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/16 12:46 p.m.4 views

CVE-2026-0613 CVE-2026-0613

The Librarian contains an internal port scanning vulnerability, facilitated by the webfetch tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has...

6.5AI score0.00373EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/16 12:46 p.m.6 views

CVE-2026-0613

The Librarian contains an internal port scanning vulnerability, facilitated by the webfetch tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has...

7.5CVSS5.7AI score0.00373EPSS
Exploits0References3
CVE
CVE
added 2026/01/16 12:46 p.m.18 views

CVE-2026-0613

The Librarian (TheLibrarian.io) has an internal port-scanning vulnerability via the web_fetch tool that can be used for SSRF-like GET requests to internal IPs/services, enabling probing of the Hertzner cloud environment. The issue is tied to CVE-2026-0613; vendor remediation states the vulnerabil...

7.5CVSS6.5AI score0.00373EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/16 12:46 p.m.27 views

CVE-2026-0613 CVE-2026-0613

The Librarian contains an internal port scanning vulnerability, facilitated by the webfetch tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has...

0.00373EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.6 views

PT-2026-3248

Name of the Vulnerable Software and Affected Versions TheLibrarian affected versions not specified Description The Librarian software has an internal port scanning issue stemming from the web fetch tool. This tool allows for Server-Side Request Forgery SSRF-style behavior, enabling GET requests t...

7.5CVSS5.7AI score0.00373EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/07 9:53 a.m.6 views

CVE-2013-7359

Unspecified vulnerability in SAP Mobile Infrastructure allows remote attackers to obtain sensitive port information via unknown vectors, related to an "internal port scanning" issue...

5CVSS6.9AI score0.01173EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2010-3958

Malware in sbrugna...

5CVSS6.4AI score0.01343EPSS
Exploits1References4
Rows per page
Query Builder