Lucene search
K

151 matches found

Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-10564 SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection

IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery SSRF. The legacy RSSReaderComponent in rss.py and SearXNG component in searxng.py make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3. An authenticated attacker c...

8.2CVSS0.00199EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-13316 Foreman: ssrf to cloud metada service through unvalidated test_url parameters in foreman config

A flaw has been found in foreman when HTTP parameters are modified in httpproxiescontroller and httpproxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component...

4.4CVSS0.00109EPSS
Exploits0References2
CVE
CVE
added 6 days ago11 views

CVE-2026-13316

Foreman (HTTP proxies: http_proxies_controller, http_proxy) is affected by a flaw that allows SSRF, enabling access to cloud metadata services in AWS/GCP/Azure environments via modified HTTP parameters. Root cause involves unvalidated/test_url parameters in Foreman’s configuration paths. Impact i...

4.4CVSS5.7AI score0.00109EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-53959

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.6 Description An authenticated attacker can perform a Server-Side Request Forgery SSRF, which occurs when a server is tricked into making requests to an unintended location. The issue exists because...

8.2CVSS6AI score0.00199EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-252 acryl-datahub missing JWT signature check

Missing JWT signature check GHSL-2022-078 The StatelessTokenService of the DataHub metadata service GMS does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because...

9.9CVSS7.3AI score0.00851EPSS
Exploits1References9
EUVD
EUVD
added 2026/06/26 9:54 p.m.13 views

EUVD-2026-31689

Hackney has SSRF allowlist bypass in hackneyurl:normalize/2 via percent-encoded host...

6.9CVSS5.8AI score0.00201EPSS
Exploits1References5
OSV
OSV
added 2026/06/26 4:36 p.m.3 views

GHSA-72F5-RR8C-R6GR Fluentd is Vulnerable to Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http`

The outhttp output plugin allows the use of placeholders such as $tag in the endpoint configuration parameter. It was discovered that if the placeholder value is derived from untrusted user input, an attacker can maliciously control the destination hostname of the outbound HTTP requests made by...

7.2CVSS6AI score
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 5:32 p.m.3 views

Security Bulletin: SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection

Summary Langflow OSS versions = 1.9.3 contain SSRF vulnerability in legacy RSS Reader and SearXNG components that bypass SSRF protection introduced in v1.9.3. RSSReaderComponent calls requests.getself.rssurl directly on user input without validateurlforssrf check, completely bypassing protection...

8.2CVSS5.9AI score0.00199EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/25 4:7 p.m.28 views

CVE-2026-55412 ToolJet Cloud - SSRF to Azure Cloud Infrastructure Compromise

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only...

8.3CVSS0.00193EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 10:45 a.m.10 views

CVE-2026-13150

CVE-2026-13150 describes an SSRF in the PDF generation endpoint of ccyl13 Pentestify 1.0.0 and earlier. The vulnerability arises because GET /api/reports/{id}/pdf builds the target URL from request.base_url without validation, enabling remote attackers to cause the server to fetch arbitrary inter...

6.9CVSS6.1AI score0.00292EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 6:16 p.m.7 views

CVE-2026-53754

CVE-2026-53754 affects Crawl4AI prior to version 0.8.8. The Docker API server’s SSRF protection (validate_webhook_url/validate_url_destination) used an explicit IPv4/IPv6 CIDR blocklist that missed several address families, allowing an unauthenticated attacker to reach internal services and cloud...

7.5CVSS5.9AI score0.00267EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 10:44 p.m.8 views

Gogs has SSRF in webhook deliveries

Summary The fix for CVE-2022-1285 prevents adding webooks or running webhooks with URLs with a hostname that resolves in localCIDRs. However, webhooks still follow redirects allowing to access hostname inside localCIDRs. This was already communicated in the initial report but it looks like there...

8.3CVSS6.8AI score0.01193EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/12 6:27 p.m.13 views

Budibase: Unvalidated VectorDB Host Parameter Enables SSRF

Summary The VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reserved hostnames, or URL schemes. Any authenticated user with builder-level access can supply an arbitrary host value such as 169.254.169.254 or localhost,...

5.3CVSS5.6AI score0.00226EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/12 6:27 p.m.8 views

GHSA-CV96-5348-P5P8 Budibase: Unvalidated VectorDB Host Parameter Enables SSRF

Summary The VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reserved hostnames, or URL schemes. Any authenticated user with builder-level access can supply an arbitrary host value such as 169.254.169.254 or localhost,...

5.3CVSS5.6AI score0.00226EPSS
Exploits0References3
Virtuozzo
Virtuozzo
added 2026/06/11 12:0 a.m.18 views

Virtuozzo Infrastructure 7.3 Update 1 Hotfix 1 (7.3.1-60)

This update provides security and stability fixes. Vulnerability id: VSTOR-123887 Stale S3 lifecycle timestamps could cause objects to expire at incorrect times. Vulnerability id: VSTOR-127098 The Keystone service could fail to restart after log rotation. Vulnerability id: VSTOR-129336 A stabilit...

10CVSS6.5AI score0.96267EPSS
Exploits279
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 11:55 p.m.12 views

Malicious code in zer0onedate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 106494bfe4420962c30d8b3989a1397d197f277079c71b8d15695c9128d72399 On npm install, postinstall.js executes a chain of curl commands that read cloud instance metadata service IMDS endpoints — AWS...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/10 11:55 p.m.9 views

MAL-2026-5535 Malicious code in zer0onedate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 106494bfe4420962c30d8b3989a1397d197f277079c71b8d15695c9128d72399 On npm install, postinstall.js executes a chain of curl commands that read cloud instance metadata service IMDS endpoints — AWS...

5.5AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.12 views

CVE-2026-39910

STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...

9.8CVSS5.6AI score0.00302EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/08 4:16 p.m.10 views

CVE-2026-39910 STACKIT IaaS API Privilege Escalation via Service Account Attachment

STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...

9.8CVSS5.6AI score0.00302EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 4:16 p.m.38 views

CVE-2026-39910 STACKIT IaaS API Privilege Escalation via Service Account Attachment

STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...

9.8CVSS0.00302EPSS
Exploits0References2
Rows per page
Query Builder