Lucene search
K

11 matches found

EUVD
EUVD
added 2026/06/26 7:26 a.m.6 views

EUVD-2026-39638

The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated...

8.3CVSS5.9AI score0.00222EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/27 9:31 p.m.9 views

Server-side Request Forgery (SSRF)

Overview mcp-url-downloader is a MCP server that enables AI assistants to download files from URLs to the local filesystem Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the validateurlsafe function. An attacker can access internal resources or services b...

7.5CVSS7.1AI score0.00294EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 7:57 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the POST /api/lunchflow/link endpoint, which insufficiently validates user-supplied URLs and fails to restrict access to internal or sensitive network addresses. An attacker can cause the server to...

8.5CVSS5.9AI score0.00331EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/01 9:8 p.m.4 views

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the EPG link processing, which fails to properly validate URLs using the intended isSSRFSafeURL function. An attacker can caus...

7.1CVSS5.9AI score0.00323EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.9 views

PT-2026-26167

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...

8.6CVSS5.8AI score0.10069EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/02/24 8:10 p.m.11 views

Payload: Server-Side Request Forgery (SSRF) in External File URL Uploads

Impact A Server-Side Request Forgery SSRF vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an authenticated attacker to access internal network resources. Users are affected ...

6.5CVSS5.6AI score0.00288EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/12/19 4:43 p.m.4 views

CVE-2025-68477 Langflow vulnerable to Server-Side Request Forgery

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, an...

7.7CVSS6.5AI score0.0576EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/09/23 12:0 a.m.6 views

DNN 安全漏洞

DNN aka DotNetNuke is a Microsoft-supported, open-source content management system CMS based on the ASP.NET platform from the U.S. company DNN. The system is easy to install, scalable, feature-rich and so on. A security vulnerability exists in versions prior to DNN 10.1.0, which stems from...

5.3CVSS6.5AI score0.00246EPSS
Exploits0References1
OSV
OSV
added 2025/09/17 3:2 p.m.4 views

CVE-2025-9862 Ghost 6.0.6 - SSRF via oEmbed Bookmark

Server-Side Request Forgery SSRF vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3...

6.1CVSS5.9AI score0.00483EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/04/29 12:0 a.m.9 views

PT-2024-25386 · Unknown · Cusmin Absolutely Glamorous Custom Admin

Name of the Vulnerable Software and Affected Versions: Cusmin Absolutely Glamorous Custom Admin versions through 7.2.2 Description: A Server-Side Request Forgery SSRF issue affects the software, allowing unauthorized access to internal resources. This can lead to sensitive data exposure or other...

4.4CVSS6.7AI score0.00294EPSS
Exploits0References5
CNVD
CNVD
added 2018/03/29 12:0 a.m.4 views

WireMock XML External Entity Injection Vulnerability

WireMock is an open source HTTP-based API simulator . An XML external entity vulnerability exists in WireMock versions prior to 2.16.0. A remote attacker could exploit this vulnerability to access local files and internal resources and potentially cause a denial of service...

9.1CVSS6.6AI score0.01984EPSS
Exploits0References1
Rows per page
Query Builder