Lucene search
+L

121 matches found

euvd
euvd
added yesterday8 views

EUVD-2026-44597

A confused-deputy flaw in Grafana MCP Server allows an unauthenticated remote attacker to exfiltrate the server's environment-configured Grafana service-account token by supplying a crafted X-Grafana-URL request header. This also enables SSRF against arbitrary internal services, including cloud...

8.6CVSS6.2AI score0.00312EPSS
Exploits0References1
nvd
nvd
added 2 days ago4 views

CVE-2026-61520

Simple Machines Forum 2.1 prior to commit 4bf35cf and 3.0 prior to commit b4d23df contains a server-side request forgery vulnerability in the image proxy that allows authenticated attackers to trigger internal HTTP requests by embedding attacker-controlled URLs in BBCode image tags, which the pro...

7.7CVSS0.00251EPSS
Exploits0References3
euvd
euvd
added 2 days ago5 views

EUVD-2026-43555

CrewAI before 1.15.1 contains a server-side request forgery vulnerability in the validateurl function that performs one-shot DNS resolution and blocklist checks before returning the original URL unchanged. Attackers can bypass the security filter by supplying URLs that redirect to internal...

8.3CVSS6.1AI score0.00287EPSS
Exploits1References6
cvelist
cvelist
added 3 days ago30 views

CVE-2026-62240 CrewAI < 1.15.1 SSRF Filter Bypass via HTTP Redirect in Scrape Tools

CrewAI before 1.15.1 contains a server-side request forgery vulnerability in the validateurl function that performs one-shot DNS resolution and blocklist checks before returning the original URL unchanged. Attackers can bypass the security filter by supplying URLs that redirect to internal...

8.3CVSS0.00287EPSS
Exploits1References5
osv
osv
added 3 days ago2 views

CVE-2026-62240 CrewAI < 1.15.1 SSRF Filter Bypass via HTTP Redirect in Scrape Tools

CrewAI before 1.15.1 contains a server-side request forgery vulnerability in the validateurl function that performs one-shot DNS resolution and blocklist checks before returning the original URL unchanged. Attackers can bypass the security filter by supplying URLs that redirect to internal...

8.3CVSS6.1AI score0.00287EPSS
Exploits1References8
cvelist
cvelist
added 6 days ago32 views

CVE-2026-56261 Crawl4AI - Server-Side Request Forgery via Webhook URLs

Crawl4AI before 0.8.7 contains a server-side request forgery SSRF vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation. An attacker can supply webhook URLs pointing to private or internal IP ranges, Docker networks, o...

9.2CVSS0.00371EPSS
Exploits0References3
euvd
euvd
added 6 days ago8 views

EUVD-2026-42726

Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by supplying a spoofed X-Forwarded-For header with a loopback address. Attackers can exploit this bypass to...

9.3CVSS6AI score0.00293EPSS
Exploits0References5
osv
osv
added last week2 views

CVE-2026-58122 Hermes WebUI < 0.51.307 Authentication Bypass via X-Forwarded-For Header Spoofing

Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by supplying a spoofed X-Forwarded-For header with a loopback address. Attackers can exploit this bypass to...

9.3CVSS6.1AI score0.00293EPSS
Exploits0References7
cvelist
cvelist
added 2026/07/07 3:23 a.m.33 views

CVE-2026-34170 Coolify: Server-Side Request Forgery via attacker-controlled GitHub App API URL

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GithubApp apiurl field is used as the base URL for server-side HTTP requests without allowlisting or private IP blocking, allowing an authenticated user to configure a...

4.3CVSS0.00171EPSS
Exploits0References1
cve
cve
added 2026/06/29 5:18 p.m.18 views

CVE-2026-57947

Pinpoint (through 3.1.0) has a server-side request forgery in the webhook registration endpoint. Authenticated users can register internal URLs due to missing SSRF protection, potentially causing the server to issue POST requests to internal hosts and metadata endpoints, enabling unauthorized acc...

8.5CVSS5.8AI score0.00239EPSS
Exploits0References2
osv
osv
added 2026/06/29 5:18 p.m.3 views

CVE-2026-57947 Pinpoint - Server-Side Request Forgery via Alarm Webhook Registration

Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook registration endpoint that allows authenticated users to register internal URLs due to missing SSRF protection. Attackers can trigger alarm threshold breaches to force the server to issue POST requests to...

6.3CVSS6AI score0.00239EPSS
Exploits0References5
nvd
nvd
added 2026/06/26 9:16 p.m.10 views

CVE-2026-54353

Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypass Budibase's SSRF blacklist through DNS rebinding. The outbound fetch flow validates a hostname against the blacklist before the request is sent, but the actual socket connectio...

8.5CVSS0.00202EPSS
Exploits1References1
nvd
nvd
added 2026/06/25 7:16 p.m.12 views

CVE-2026-56771

NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the addurl endpoint that allows authenticated users to make arbitrary server requests to internal networks by failing to filter private IP addresses. Attackers can exploit this to access localhost services and...

8.5CVSS0.00204EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/25 6:7 p.m.34 views

CVE-2026-56771 NewsBlur < 14.5.0 - Server-Side Request Forgery via add_url Endpoint

NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the addurl endpoint that allows authenticated users to make arbitrary server requests to internal networks by failing to filter private IP addresses. Attackers can exploit this to access localhost services and...

8.5CVSS0.00204EPSS
Exploits0References4
cve
cve
added 2026/06/25 6:7 p.m.15 views

CVE-2026-56771

NewsBlur prior to 14.5.0 is affected by an SSRF in the add_url endpoint. The issue lets authenticated users trigger arbitrary server requests to internal networks by failing to filter private IPs, potentially reaching localhost services and cloud metadata endpoints. This enables internal network ...

8.5CVSS6AI score0.00204EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/06/25 6:7 p.m.7 views

CVE-2026-56771 NewsBlur < 14.5.0 - Server-Side Request Forgery via add_url Endpoint

NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the addurl endpoint that allows authenticated users to make arbitrary server requests to internal networks by failing to filter private IP addresses. Attackers can exploit this to access localhost services and...

8.5CVSS6AI score0.00204EPSS
Exploits0References4
osv
osv
added 2026/06/25 6:7 p.m.2 views

CVE-2026-56771 NewsBlur < 14.5.0 - Server-Side Request Forgery via add_url Endpoint

NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the addurl endpoint that allows authenticated users to make arbitrary server requests to internal networks by failing to filter private IP addresses. Attackers can exploit this to access localhost services and...

6.3CVSS6AI score0.00204EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/06/24 5:33 a.m.6 views

CVE-2026-12095

The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'apiurl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

7.2CVSS6AI score0.0029EPSS
Exploits0References5
cvelist
cvelist
added 2026/06/24 5:33 a.m.35 views

CVE-2026-12095 Kargo Takip <= 1.2 - Unauthenticated Server-Side Request Forgery via 'api_url' Parameter

The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'apiurl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

7.2CVSS0.0029EPSS
Exploits0References4
nvd
nvd
added 2026/06/20 7:16 p.m.16 views

CVE-2026-56342

AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenticated administrators to read arbitrary URLs via the statsURL parameter, which lacks isSSRFSafeURL validation and accepts requests to private IP ranges and cloud metadata...

6.8CVSS0.00236EPSS
Exploits0References2
Rows per page
Query Builder