Lucene search
K

67 matches found

NVD
NVD
added yesterday4 views

CVE-2026-10134

IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally...

10CVSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-40404

IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally...

10CVSS5.8AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago3 views

Security Bulletin: Vulnerabilities in lodash, cryptography and axios might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by lodash, cryptography and axios. Vulnerabilities include allowing an attacker to perform prototype pollution, create buffer overflows, improper validation of certificates and connect to internal services. More details are...

9.8CVSS7.7AI score0.01735EPSS
Exploits5Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 6:50 p.m.9 views

CVE-2026-47260 Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs

Koel is a free, open-source music streaming solution. Prior to version 9.3.5, Koel validates the podcast feed URL via the SafeUrl rule DNS resolution + public IP check, but the individual episode values extracted from the RSS XML are stored directly into the database without any SSRF validation...

7.7CVSS5.3AI score0.00263EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/05 4:19 p.m.15 views

NocoDB: Server-Side Request Forgery via Database Connection Host

Summary The connection-test endpoint opened a raw TCP socket to the user-supplied database host without resolving and range-checking the destination, so private and link-local addresses including IPv4-mapped IPv6 forms and localhost reached the driver. Details A new validateDbConnectionHost helpe...

5.3CVSS5.5AI score0.00207EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.13 views

PT-2026-45047

Name of the Vulnerable Software and Affected Versions Koel versions prior to 9.3.5 Description Koel fails to validate individual episode enclosure URLs extracted from RSS XML feeds, despite validating the main podcast feed URL. These unvalidated URLs are stored in the database and subsequently...

7.7CVSS5.3AI score0.00263EPSS
Exploits0References8
NVD
NVD
added 2026/05/28 6:16 p.m.10 views

CVE-2026-45310

CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetchurl tool validates the initial URL's resolved IP address against a restricted-IP blocklist isrestrictedip to prevent SSRF attacks against internal services cloud metadata endpoints, localhost, private networks...

7.4CVSS0.00226EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.11 views

PT-2026-44731

A source code audit led to the discovery of three significant security vulnerabilities in the trestle/core/remote/cache.py module. Finding 1 Critical: SSRF CWE-918 The HTTPSFetcher. do fetch method passes a user-supplied URL directly to requests.get without validation. This allows an attacker to...

6.7CVSS6AI score0.00012EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/22 7:50 a.m.6 views

CVE-2026-7798 FluentCRM <= 2.9.87 - Unauthenticated Blind Server-Side Request Forgery via 'SubscribeURL' Parameter

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.9.87 via the 'SubscribeURL' parameter. This makes it possible for...

5.4CVSS5.8AI score0.00645EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/14 8:12 p.m.8 views

CVE-2026-44661

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS /...

4.7CVSS5.8AI score0.00168EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/14 8:12 p.m.13 views

CVE-2026-44661 python-utcp: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS /...

4.7CVSS5.8AI score0.00168EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 3:19 p.m.22 views

CVE-2026-42596

CVE-2026-42596 describes an unauthenticated SSRF vulnerability in Gotenberg’s default deny-list filtering for the downloadFrom and webhook features. The issue arises because the deny-lists are regex-based and case-sensitive, allowing attacker-controlled URLs (e.g., IPv4-mapped IPv6 loopback forms...

9.4CVSS5.8AI score0.00352EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/12 4:29 p.m.8 views

CVE-2026-43993 JunoClaw: SSRF in WAVS computeDataVerify allows cloud-metadata and internal-service access

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1...

8.2CVSS5.8AI score0.0023EPSS
Exploits0References3
NVD
NVD
added 2026/05/11 6:16 p.m.9 views

CVE-2026-2393

A Server-Side Request Forgery SSRF vulnerability exists in MLflow versions prior to 3.9.0. The createwebhook function in mlflow/server/handlers.py accepts a user-controlled url parameter without validation, and the sendwebhookrequest function in mlflow/webhooks/delivery.py sends HTTP POST request...

7.1CVSS0.00288EPSS
Exploits1References2
CVE
CVE
added 2026/05/07 6:8 p.m.15 views

CVE-2026-41905

FreeScout (PHP Laravel) before version 1.8.217 is affected by an SSRF issue in Helper::sanitizeRemoteUrl() where curlGetLastRedirectedUrl() returns the final destination URL but the code re-validates the original URL. This allows an attacker who can supply a URL passing the initial host check to ...

7.7CVSS5.8AI score0.00209EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.7 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.21 of GitHub Enterprise Server, there was a security...

9.8CVSS5.8AI score0.00377EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/30 6:12 p.m.5 views

Server-side Request Forgery (SSRF)

Overview n8n-mcp is an Integration between n8n workflow automation and Model Context Protocol MCP Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the SSRFProtection.validateUrlSync function in the src/utils/ssrf-protection.ts component. An attacker can rea...

8.5CVSS5.8AI score0.00206EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/23 7:17 p.m.3 views

CVE-2026-41271

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery SSRF vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests t...

7.1CVSS7.2AI score0.00233EPSS
Exploits1References2Affected Software2
Vulnrichment
Vulnrichment
added 2026/04/14 12:8 a.m.2 views

CVE-2026-39418 MaxKB: SSRF via sandbox network hook bypass

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, sandbox network protection can be bypassed by using socket.sendto with the MSGFASTOPEN flag. This allows authenticated user with tool-editing permissions to reach internal services that are explicitly blocked by the...

5CVSS5.7AI score0.00198EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/08 5:6 p.m.26 views

CVE-2026-32591 Mirror-registry: quay: server-side request forgery in proxy cache upstream registry configuration

A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An...

5.2CVSS0.00256EPSS
Exploits0References3
Rows per page
Query Builder