Lucene search
K

688 matches found

Veracode
Veracode
added 2026/05/16 5:32 a.m.27 views

Server-Side Request Forgery

github.com/quantumnous/new-api, is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to incomplete SSRF protection that fails to block the unspecified address 0.0.0.0, allowing authenticated users to bypass private-IP filtering and force the server to make requests to...

7.1CVSS5.8AI score0.00258EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/14 4:36 p.m.52 views

CVE-2026-44515 Nextcloud News: Authenticated blind SSRF via feed URL

Nextcloud News is an RSS/Atom feed reader. Prior to 28.3.0-beta.1, Nextcloud News allows authenticated users to add feeds by providing a feed URL via the web interface or the API. In affected versions, an authenticated attacker could provide a URL pointing to internal/private IP ranges or...

2.3CVSS0.00185EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.16 views

PT-2026-41195

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description A parsing discrepancy between the urlparse and requests libraries allows for a Server-Side Request Forgery SSRF bypass. The validate url function uses urlparse to verify the hostname; however,...

8.5CVSS5.8AI score0.00292EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.17 views

PT-2026-40964

Nextcloud News is an RSS/Atom feed reader. Prior to 28.3.0-beta.1, Nextcloud News allows authenticated users to add feeds by providing a feed URL via the web interface or the API. In affected versions, an authenticated attacker could provide a URL pointing to internal/private IP ranges or...

2.3CVSS5.8AI score0.00185EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/11 8:25 p.m.11 views

CVE-2026-42339

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. In versions 0.11.9-alpha.1 and prior, the SSRF protection introduced in v0.9.0.5 CVE-2025-59146 and hardened in v0.9.6 CVE-2025-62155 does not block the unspecified address 0.0.0.0. A regular...

7.1CVSS5.8AI score0.00258EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.19 views

PT-2026-39677

Summary The programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an attacker who can influence the scanned repository URL to trigger SSRF and...

8.2CVSS5.9AI score0.00198EPSS
Exploits0References4
OSV
OSV
added 2026/04/27 1:14 p.m.7 views

JLSEC-2026-197

A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function readmeshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to...

5.3CVSS5.3AI score0.0021EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/04/17 11:54 p.m.5 views

CVE-2026-40346

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.37, NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any SSRF protection. An...

6.4CVSS5.8AI score0.00384EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/04/09 8:16 p.m.15 views

CVE-2026-35577

Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run ...

8.1CVSS0.00182EPSS
Exploits0References3
OSV
OSV
added 2026/03/31 11:29 p.m.2 views

GHSA-68P4-J234-43MV SiYuan is Vulnerable to Cross-Origin RCE via Permissive CORS Policy and JavaScript Snippet Injection

Summary A malicious website can achieve Remote Code Execution RCE on any desktop running SiYuan by exploiting the permissive CORS policy Access-Control-Allow-Origin: + Access-Control-Allow-Private-Network: true to inject a JavaScript snippet via the API. The injected snippet executes in Electron'...

9.6CVSS6.3AI score0.00499EPSS
Exploits1References5
NVD
NVD
added 2026/03/27 12:16 a.m.4 views

CVE-2026-33898

Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. incus webui runs a local web server on a random localhost port. For authentication, i...

8.8CVSS0.00347EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/26 11:25 p.m.4 views

CVE-2026-33898 Local Incus UI web server vulnerable to nuthentication bypass

Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. incus webui runs a local web server on a random localhost port. For authentication, i...

8.8CVSS6AI score0.00347EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 11:25 p.m.5 views

CVE-2026-33898 Local Incus UI web server vulnerable to nuthentication bypass

Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. incus webui runs a local web server on a random localhost port. For authentication, i...

8.8CVSS6AI score0.00347EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.5 views

SUSE CVE-2026-27945

ZITADEL is an open source identity management platform. Zitadel Action V2 introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0 is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. Zitadel's Action target URLs...

6.5CVSS5.9AI score0.00226EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.11 views

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from the isSSRFSafeURL function, which allowed bypassing IPv6 addresses using IPv4 mapping. This could lead to...

8.6CVSS5.9AI score0.0032EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.10 views

ZKTeco ZKBioSecurity 信任管理问题漏洞

ZKTeco ZKBioSecurity is a web-based integrated platform developed by ZKTeco Corporation in China. Version 3.0 of ZKTeco ZKBioSecurity contains a vulnerability related to trust management. This vulnerability stems from local authorization bypassing, which may allow attackers to authenticate withou...

6.8CVSS5.8AI score0.00149EPSS
Exploits1References6
OSV
OSV
added 2026/03/12 9:15 a.m.5 views

DEBIAN-CVE-2026-4015

A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtinprocesstexml of the file src/filters/loadtext.c of the component TeXML File Parser. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit...

4.8CVSS5.7AI score0.00127EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/03/12 8:32 a.m.4 views

CVE-2026-4015

A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtinprocesstexml of the file src/filters/loadtext.c of the component TeXML File Parser. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit...

5.3CVSS5.7AI score0.00127EPSS
Exploits0
EUVD
EUVD
added 2026/03/10 6:31 p.m.4 views

EUVD-2026-10490

The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This security issue has bee...

6.1CVSS5.8AI score0.00082EPSS
Exploits0References2
NVD
NVD
added 2026/03/02 4:16 p.m.8 views

CVE-2026-28403

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server ws://127.0.0.1: accepts connections from any origin without validating the HTTP Origin header during the WebSocket handshake. A malicious web page visited in the same browser session can silentl...

7.6CVSS0.00136EPSS
Exploits1References2
Rows per page
Query Builder