Lucene search
+L

147 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.3 views

Unity Linux 20.1050e / 20.1060e Security Update: kernel (UTSA-2026-013403)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013403 advisory. In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: avoid possible UaF when selecting endp selectlocaladdress and selectsignaladdress both...

7.8CVSS5.6AI score0.00272EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/14 1:39 a.m.2 views

CVE-2026-34225 Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in the functionality that allows editing an image via a prompt. The affected function performs a GET request to a user-provided U...

4.3CVSS5.7AI score0.00227EPSS
Exploits1References1
OSV
OSV
added 2026/04/02 5:16 p.m.3 views

CVE-2026-34526 SillyTavern: Incomplete IP validation in /api/search/visit allows SSRF via localhost and IPv6

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, in src/endpoints/search.js, the hostname is checked against /^\d+.\d+.\d+.\d+$/. This...

5CVSS5.9AI score0.00213EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/26 8:1 p.m.23 views

CVE-2026-33537 Lychee has SSRF bypass via incomplete IP validation in Photo::fromUrl — loopback and link-local IPs not blocked

Lychee is a free, open-source photo-management tool. The patch introduced for GHSA-cpgw-wgf3-xc6v SSRF via Photo::fromUrl contains an incomplete IP validation check that fails to block loopback addresses and link-local addresses. Prior to version 7.5.1, an authenticated user can still reach...

5.3CVSS0.0026EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/26 8:1 p.m.10 views

EUVD-2026-16369

Lychee is a free, open-source photo-management tool. The patch introduced for GHSA-cpgw-wgf3-xc6v SSRF via Photo::fromUrl contains an incomplete IP validation check that fails to block loopback addresses and link-local addresses. Prior to version 7.5.1, an authenticated user can still reach...

5.3CVSS5.8AI score0.0026EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 12:39 a.m.4 views

CVE-2026-32828

Kargo manages and automates the promotion of software artifacts. In versions 1.4.0 through 1.6.3, 1.7.0-rc.1 through 1.7.8, 1.8.0-rc.1 through 1.8.11, and 1.9.0-rc.1 through 1.9.4, the http and http-download promotion steps allow Server-Side Request Forgery SSRF against link-local addresses, most...

5.1CVSS5.8AI score0.00328EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.60 views

Mastodon 代码问题漏洞

Mastodon is an open-source social networking server based on ActivityPub, developed by Mastodon. There are code vulnerabilities in versions 4.4.0 to 4.4.13 and 4.5.0 to 4.5.6 of Mastodon. These vulnerabilities allow unverified attackers to register a FASP with a baseurl pointing to a local intern...

8.2CVSS5.9AI score0.0027EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.3 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix 'scheduling while atomic' in mptcppmnlappendnewlocaladdr If multiple connection requests attempt to create an implicit mptcp endpoint in parallel, more than one caller may end up in mptcppmnlappendnewlocaladdr because...

4.7CVSS6.4AI score0.00135EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.12 views

PT-2026-5022

Name of the Vulnerable Software and Affected Versions Squidex versions up to and including 7.21.0 Description Squidex is an open source headless content management system and content management hub. Versions up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules...

9.1CVSS6AI score0.0042EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001043)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001043 advisory. The rdsibladdrcheck function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service NULL pointer dereference and system...

4.7CVSS7.2AI score0.00476EPSS
Exploits2References10
EUVD
EUVD
added 2026/01/08 3:23 p.m.5 views

EUVD-2026-1674

Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP addresses unless specified in ALLOWEDPRIVATEADDRESSES to...

7.1CVSS6AI score0.00247EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2026/01/08 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-8883

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...

6.1CVSS5.8AI score0.01959EPSS
In wildExploits0References3
OSV
OSV
added 2025/12/30 12:16 p.m.6 views

OESA-2025-2858 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled...

10CVSS7AI score0.00307EPSS
Exploits2References3
OSV
OSV
added 2025/12/30 12:16 p.m.4 views

OESA-2025-2855 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled...

10CVSS7AI score0.00307EPSS
Exploits2References3
OSV
OSV
added 2025/12/30 12:16 p.m.5 views

OESA-2025-2854 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled...

10CVSS7AI score0.00307EPSS
Exploits2References3
OSV
OSV
added 2025/12/05 7:15 p.m.4 views

UBUNTU-CVE-2025-66570

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTEADDR, REMOTEPORT,...

10CVSS5.7AI score0.00307EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/05 6:18 p.m.7 views

EUVD-2025-201455

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTEADDR, REMOTEPORT,...

10CVSS6.5AI score0.00307EPSS
Exploits1References2
OSV
OSV
added 2025/12/05 6:18 p.m.5 views

CVE-2025-66570 cpp-httplib Untrusted HTTP Header Handling: Internal Header Shadowing (REMOTE*/LOCAL*)

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTEADDR, REMOTEPORT,...

10CVSS7AI score0.00307EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/11/12 12:0 a.m.5 views

EulerOS 2.0 SP10 : cloud-init (EulerOS-SA-2025-2380)

According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this,cloud-init defau...

8.8CVSS5.5AI score0.00205EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-2393

Malware in sbrugna...

5CVSS7.4AI score0.04326EPSS
Exploits0References46
Rows per page
Query Builder