Lucene search
K

104 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2026/03/25 12:0 a.m.10 views

Vikjuna Bypasses Webhook SSRF Protections During OpenID Connect Avatar Download

The DownloadImage function in pkg/utils/avatar.go uses a bare http.Client with no SSRF protection when downloading user avatar images from the OpenID Connect picture claim URL. An attacker who controls their OIDC profile picture URL can force the Vikunja server to make HTTP GET requests to...

7.4CVSS5.9AI score0.00395EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2026/03/24 6:16 p.m.3 views

CVE-2026-33401

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in commit e8a513591 CVE-2026-30840 added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama host parameter, the AI...

7.1CVSS0.00283EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/03/24 5:58 p.m.4 views

CVE-2026-33401

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in commit e8a513591 CVE-2026-30840 added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama host parameter, the AI...

8.8CVSS7.2AI score0.00497EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2026/03/24 4:16 p.m.3 views

CVE-2026-33679

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the DownloadImage function in pkg/utils/avatar.go uses a bare http.Client with no SSRF protection when downloading user avatar images from the OpenID Connect picture claim URL. An attacker who controls their...

7.4CVSS0.00395EPSS
Exploits1References3
CVE
CVE
added 2026/03/24 3:46 p.m.10 views

CVE-2026-33679

Vikunja Open Source (self-hosted task manager) contains an SSRF vulnerability in the avatar download path. Before version 2.2.1, DownloadImage (pkg/utils/avatar.go) uses a bare http.Client with no SSRF protection when fetching the user’s OpenID Connect picture URL, enabling an attacker-controlled...

7.4CVSS5.9AI score0.00395EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 11:4 p.m.5 views

CVE-2026-33226

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions from 3.30.6 and prior, the REST datasource query preview endpoint POST /api/queries/preview makes server-side HTTP requests to any URL supplied by the user in fields.path with no validation. An...

8.7CVSS5.9AI score0.00367EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/18 6:31 a.m.5 views

EUVD-2026-12762

A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an attacker to trick the server into making unintended requests to internal or restricted resources...

5.8CVSS5.8AI score0.00228EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/18 4:2 a.m.5 views

CVE-2026-4366

A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an attacker to trick the server into making unintended requests to internal or restricted resources...

5.8CVSS5.8AI score0.00228EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/18 4:2 a.m.3 views

CVE-2026-4366

A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an attacker to trick the server into making unintended requests to internal or restricted resources...

5.8CVSS5.8AI score0.00228EPSS
Exploits0References3
CVE
CVE
added 2026/03/18 4:2 a.m.22 views

CVE-2026-4366

CVE-2026-4366 affects Keycloak, where improper handling of HTTP redirects during specific client configuration requests allows an attacker to induce the server to reach internal/restricted resources. The impact described is potential information disclosure and the ability to map internal network ...

5.8CVSS5.8AI score0.00228EPSS
Exploits0References4Affected Software4
CVE
CVE
added 2026/03/11 9:45 p.m.13 views

CVE-2026-32133

CVE-2026-32133 concerns the 2FAuth web app versioned before 6.1.0. A blind SSRF flaw in the OTP URL’s image parameter allows authenticated users to cause the server to make arbitrary HTTP requests from internal networks and cloud metadata endpoints. The issue is triggered by insufficient validati...

9.1CVSS5.9AI score0.00505EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/03/10 9:16 p.m.5 views

CVE-2026-30953

LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL LinkRepository::create calls HtmlMeta::getFromUrl. The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-si...

7.7CVSS0.00218EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/10 8:38 p.m.4 views

EUVD-2026-10874

LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL LinkRepository::create calls HtmlMeta::getFromUrl. The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-si...

7.7CVSS5.8AI score0.00218EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/01 1:29 a.m.11 views

Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing

Summary A Server-Side Request Forgery SSRF vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses gr.load to load an attacker-controlled Space, the malicious proxyurl from the config is...

8.6CVSS6.1AI score0.00316EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/27 9:47 p.m.5 views

CVE-2026-28416

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery SSRF vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses...

8.6CVSS6AI score0.00316EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/26 10:34 p.m.8 views

CVE-2026-27706

Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery SSRF vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the...

7.7CVSS5.6AI score0.00213EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/25 3:56 p.m.7 views

EUVD-2026-8682

Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery SSRF vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the...

7.7CVSS5.6AI score0.00213EPSS
Exploits0References2
CVE
CVE
added 2026/02/21 8:15 a.m.21 views

CVE-2026-27479

CVE-2026-27479 affects Wallos versions ≤ 4.6.0, where a SSRF issue arises in the logo/icon URL fetch. The application validates the target URL’s IP, but allows HTTP redirects (CURLOPT_FOLLOWLOCATION = true) and follows up to 3 redirects, bypassing the initial IP check and enabling access to inter...

7.7CVSS5.6AI score0.00307EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/21 12:0 a.m.7 views

PT-2026-21371

Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...

7.7CVSS5.6AI score0.00307EPSS
Exploits1References4
NVD
NVD
added 2026/02/09 8:15 p.m.8 views

CVE-2026-25493

Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation validates the initial URL hostname and resolved IP against a blocklist, but Guzzle follows HTTP redirects by default. An attacker can bypa...

6.9CVSS0.00359EPSS
Exploits1References3
Rows per page
Query Builder