Lucene search
K

1124 matches found

EUVD
EUVD
added 2 days ago8 views

EUVD-2026-40451

Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentiall...

5.3CVSS5.8AI score0.0032EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40846

Storage Concentrator SC & SCVM contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services,...

9.3CVSS5.8AI score0.00128EPSS
Exploits0References4
NVD
NVD
added 3 days ago5 views

CVE-2026-56399

Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentiall...

5.3CVSS0.0032EPSS
Exploits0References3
NVD
NVD
added 3 days ago5 views

CVE-2026-50110

Storage Concentrator SC & SCVM contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services,...

9.3CVSS0.00128EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago20 views

CVE-2026-50110 Use of Hard-coded Credentials in StoneFly Storage Concentrator

Storage Concentrator SC & SCVM contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services,...

9.3CVSS0.00128EPSS
Exploits0References3
CVE
CVE
added 3 days ago7 views

CVE-2026-50110

The CVE-2026-50110 entry concerns Storage Concentrator (SC & SCVM) that contains hardcoded credentials for numerous internal services embedded in a configuration file. The credentials are encoded but reversible to plaintext, exposing accounts for databases, licensing, replication, and third-party...

9.3CVSS5.8AI score0.00128EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago23 views

CVE-2026-56399 Open WebUI - Server-Side Request Forgery via Location Redirect in /api/v1/retrieval/process/web

Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentiall...

5.3CVSS0.0032EPSS
Exploits0References3
NVD
NVD
added last week9 views

CVE-2026-54353

Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypass Budibase's SSRF blacklist through DNS rebinding. The outbound fetch flow validates a hostname against the blacklist before the request is sent, but the actual socket connectio...

8.5CVSS0.00202EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-54353

Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypass Budibase's SSRF blacklist through DNS rebinding. The outbound fetch flow validates a hostname against the blacklist before the request is sent, but the actual socket connectio...

8.5CVSS5.8AI score0.00202EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/06/25 7:16 p.m.7 views

CVE-2026-56769

Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that allows workspace users to make arbitrary server requests. Attackers can exploit this by supplying malicious URLs to fetch internal...

8.5CVSS0.00216EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 6:26 p.m.4 views

GO-2026-5083 Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services in github.com/traefik/traefik

Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services in github.com/traefik/traefik...

7.1CVSS5.8AI score0.00318EPSS
Exploits2References3
EUVD
EUVD
added 2026/06/25 6:11 p.m.5 views

EUVD-2026-39527

MaxKB before 2.10.0 contains a server-side request forgery vulnerability in tool creation and update endpoints that allows authenticated users to make arbitrary server requests by supplying unvalidated downloadCallbackUrl and downloadurl parameters. Attackers with default workspace USER role can...

6.4CVSS6AI score0.00171EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 6:5 p.m.30 views

CVE-2026-56769 Huly Platform - Server-Side Request Forgery via /import Endpoint

Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that allows workspace users to make arbitrary server requests. Attackers can exploit this by supplying malicious URLs to fetch internal...

8.5CVSS0.00216EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 6:5 p.m.6 views

EUVD-2026-39521

Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that allows workspace users to make arbitrary server requests. Attackers can exploit this by supplying malicious URLs to fetch internal...

8.5CVSS6AI score0.00216EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 6:5 p.m.9 views

CVE-2026-56769

Huly Platform through version 0.7.423 contains an authenticated server-side request forgery (SSRF) in the /import endpoint of the front pod. The vulnerability lets workspace users issue arbitrary server requests by supplying malicious URLs, enabling access to internal services, exfiltration of re...

8.5CVSS6AI score0.00216EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 6:10 p.m.5 views

CVE-2026-53944

Affected software: Ghost CMS (Node.js) versions 6.0.9 through 6.21.1. Vulnerability: When Ghost makes an external request, an IPv6 literal can map to a private IPv4 address, bypassing the internal IP filter and potentially reaching internal services. Root cause: IP-filter bypass via IPv6-to-IPv4 ...

5.8CVSS5.9AI score0.00197EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 7:16 a.m.10 views

CVE-2026-12095

The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'apiurl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

7.2CVSS0.0029EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 7:16 a.m.10 views

CVE-2026-12100

The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the 'url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be use...

7.2CVSS0.00281EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 5:33 a.m.10 views

CVE-2026-12095

The CVE-2026-12095 entry concerns the WordPress plugin Kargo Takip (versions up to 1.2). It describes an unauthenticated Server-Side Request Forgery (SSRF) via the api_url parameter, enabling an attacker to cause the application to make web requests to arbitrary locations from within the web app....

7.2CVSS6AI score0.0029EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:33 a.m.6 views

CVE-2026-12095

The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'apiurl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

7.2CVSS6AI score0.0029EPSS
Exploits0References5
Rows per page
Query Builder