48 matches found
PT-2026-48709
Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port...
CVE-2026-33234
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogptplatform/backend/backend/blocks/emailblock.py accepts a user-supplied smtpserver string and smtpport integer as...
EUVD-2026-24167
FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery SSRF vulnerability in the IMAP/SMTP connection test functionality of FreeScout's MailboxesController. Three AJAX actions fetchtest line 731, sendtest line 682, and imapfolder...
CVE-2026-40566
FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery SSRF vulnerability in the IMAP/SMTP connection test functionality of FreeScout's MailboxesController. Three AJAX actions fetchtest line 731, sendtest line 682, and imapfolder...
CVE-2026-40566
FreeScout (versions before 1.8.213) contains an SSRF in the IMAP/SMTP connection test flow via MailboxesController. The three AJAX actions fetch_test, send_test, and imap_folders pass admin-configured in_server/in_port and out_server/out_port directly to fsockopen and to IMAP/SMTP clients without...
PT-2026-34010
FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery SSRF vulnerability in the IMAP/SMTP connection test functionality of FreeScout's MailboxesController. Three AJAX actions fetch test line 731, send test line 682, and imap...
CVE-2026-40500
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. The "Add Module from URL" feature requires superuser privileges root-equivalent in ProcessWire who already has unrestricted arbitrary code execution via standard module upload, making the SSRF vector...
CVE-2026-40500 ProcessWire CMS SSRF via Add Module From URL
ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...
CVE-2026-31941
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery SSRF vulnerability in the Social Wall feature. The endpoint readurlwithopengraph accepts a URL from the user via the socialwallnewmsgmain POST parameter and performs tw...
CVE-2025-55853
SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery SSRF. The PDF converter function does not check if internal or external resources are requested in the uploaded files and allows for protocols such as http:// and file:///. This allows an attacker to upload an XML or HTM...
CVE-2025-55853
SoftVision webPDF (before 10.0.2) is affected by a Server-Side Request Forgery (SSRF) in its PDF converter: uploaded XML/HTML can trigger rendering that accesses internal or external resources (http://, file://), enabling internal port scanning and Local File Inclusion (LFI). Multiple sources (NV...
CVE-2026-0613
The Librarian contains an internal port scanning vulnerability, facilitated by the webfetch tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has...
CVE-2026-0613
The Librarian contains an internal port scanning vulnerability, facilitated by the webfetch tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has...
CVE-2026-0613 CVE-2026-0613
The Librarian contains an internal port scanning vulnerability, facilitated by the webfetch tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has...
CVE-2026-0613
The Librarian contains an internal port scanning vulnerability, facilitated by the webfetch tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has...
CVE-2026-0613
The Librarian (TheLibrarian.io) has an internal port-scanning vulnerability via the web_fetch tool that can be used for SSRF-like GET requests to internal IPs/services, enabling probing of the Hertzner cloud environment. The issue is tied to CVE-2026-0613; vendor remediation states the vulnerabil...
CVE-2026-0613 CVE-2026-0613
The Librarian contains an internal port scanning vulnerability, facilitated by the webfetch tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has...
PT-2026-3248
Name of the Vulnerable Software and Affected Versions TheLibrarian affected versions not specified Description The Librarian software has an internal port scanning issue stemming from the web fetch tool. This tool allows for Server-Side Request Forgery SSRF-style behavior, enabling GET requests t...
CVE-2013-7359
Unspecified vulnerability in SAP Mobile Infrastructure allows remote attackers to obtain sensitive port information via unknown vectors, related to an "internal port scanning" issue...
EUVD-2010-3958
Malware in sbrugna...