18 matches found
CVE-2026-44492
Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NOPROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form ::ffff:7f00:1, ::ffff:a9fe:a9fe...
Node.js Module axios < 0.32.0 / 1.x < 1.16.0 NO_PROXY Bypass (SSRF)
The version of the axios Node.js module installed on the remote host is prior to 0.32.0 or 1.x prior to 1.16.0. It is, therefore, affected by the following vulnerability: - shouldBypassProxy, introduced in v1.15.0 to fix CVE-2025-62718, does not normalise IPv4-mapped IPv6 addresses. When NOPROXY...
PT-2026-44923
Name of the Vulnerable Software and Affected Versions MoviePilot version v2 Description An issue exists in the image proxy endpoint '/api/v1/system/img/proxy' that allows authenticated attackers to request arbitrary URLs. By providing a resource token cookie and a URL with a domain that matches t...
PT-2026-41397
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.1 Description The REST datasource integration in the packages/server/src/integrations/rest.ts file follows HTTP redirects without re-validating the target URL against the IP blacklist. This allows an authenticat...
CVE-2026-42592
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when i...
CVE-2025-8325
The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x...
PT-2026-37104
Name of the Vulnerable Software and Affected Versions Gotenberg versions 8.30.1 and earlier Description Gotenberg is an API-based document conversion tool. The default private-IP deny-lists for the --webhook-deny-list and --api-download-from-deny-list flags use a case-sensitive regular expression...
EUVD-2026-24554
A server-side request forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was disabled, the notebo...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the ValidateHTTP01Challenge and ValidateTLSALPN01Challenge validation paths in builtin/logical/pki/acmechallenges.go. An attacker can make the ACME validator connect to loopback, link-local,...
GHSA-MVVV-V22X-XQWP NocoBase has SSRF in Workflow HTTP Request and Custom Request Plugins
Summary NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any SSRF protection. An authenticated user can access internal network services, cloud metadata endpoints, and localhost. Vulnerable Code 1. Workflow HTTP...
MCP Server Kubernetes 安全漏洞
MCP Server Kubernetes is a Kubernetes management server developed by Suyog Sonwalkar. Versions of MCP Server Kubernetes prior to 3.4.0 have security vulnerabilities. These vulnerabilities stem from parameter injection issues in the port-forward tool, which may lead to exposure of internal...
EUVD-2026-19869
OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the validateenrichmenturl function in src/handler/http/request/enrichmenttable/mod.rs fails to block IPv6 addresses because Rust's url crate returns them with surrounding brackets e.g. "::1" not "::1". An authenticated...
PT-2026-26786
Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo, an open source video platform, contains an unauthenticated server-side request forgery SSRF vulnerability in the plugin/Live/test.php file. This allows a remote user to make the AVid...
ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login
Summary Zitadel is vulnerable to an unauthenticated, full-read SSRF vulnerability. An unauthenticated remote attacker can force Zitadel into making HTTP requests to arbitrary domains, including internal addresses. The server then returns the upstream response to the attacker, enabling data...
marimo vulnerable to proxy abuse of /mpl/{port}/
Summary The /mpl// endpoint, which is accessible without authentication on default Marimo installations allows for external attackers to reach internal services and arbitrary ports. Details From our understanding, this route is used internally to provide access to interactive matplotlib...
CVE-2025-34201 Vasion Print (formerly PrinterLogic) Lack of Network Segmentation Between Docker Instances
Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA and SaaS deployments run many Docker containers on shared internal networks without firewalling or segmentation between instances. A compromise of any single container allows direct access to internal services HTTP, Redi...
GHSA-373J-MHPF-84WG Janssen Config API returns results without scope verification
Impact What kind of vulnerability is it? Who is impacted? The configAPI is an internal service and hence should never be exposed to the internet. With that said, this is a serious vulnerability that has a large internal surface attack area that exposes all sorts of information from the IDP...
CVE-2024-13924
The Starter Templates by FancyWP plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.0.0 via the 'httprequesthostisexternal' filter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...