CVE-2026-24516

A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component internal/troubleshooting/actioner/actioner.go processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting...

CVE-2026-24516

A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component internal/troubleshooting/actioner/actioner.go processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting...

CVE-2026-24516

A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component internal/troubleshooting/actioner/actioner.go processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting...

CVE-2026-24516

A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component internal/troubleshooting/actioner/actioner.go processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting...

CVE-2026-24516

DigitalOcean Droplet Agent (droplet-agent)

CVE-2026-33237 AVideo has SSRF in Scheduler Plugin via callbackURL Missing `isSSRFSafeURL()` Validation

WWBN AVideo is an open source video platform. Prior to version 26.0, the Scheduler plugin's run function in plugin/Scheduler/Scheduler.php calls urlgetcontents with an admin-configurable callbackURL that is validated only by isValidURL URL format check. Unlike other AVideo endpoints that were...

GHSA-P3GR-G84W-G8HH AVideo has a SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in Unauthenticated LiveLinks Proxy

Summary The isSSRFSafeURL function in AVideo can be bypassed using IPv4-mapped IPv6 addresses ::ffff:x.x.x.x. The unauthenticated plugin/LiveLinks/proxy.php endpoint uses this function to validate URLs before fetching them with curl, but the IPv4-mapped IPv6 prefix passes all checks, allowing an...

CVE-2026-33126

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to version 0.16.3, the /ffprobe endpoint accepts arbitrary user-controlled URLs without proper validation, allowing Server-Side Request Forgery SSRF attacks. An attacker can use the Frigate server t...

SSRF in @aborruso/ckan-mcp-server via base_url allows access to internal networks

The @aborruso/ckan-mcp-server MCP server provides tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to contact cloud metadata or internal network service...

CVE-2026-28680

CVE-2026-28680 affects Ghostfolio before version 2.245.0. An attacker can abuse the manual asset import feature to perform a full-read SSRF, enabling exfiltration of sensitive cloud metadata (IMDS) and the ability to probe internal network services. The vulnerability exhibits high confidentiality...

CVE-2026-28680 Ghostfolio: Full-Read SSRF in Manual Asset Import

Ghostfolio is an open source wealth management software. Prior to version 2.245.0, an attacker can exploit the manual asset import feature to perform a full-read SSRF, allowing them to exfiltrate sensitive cloud metadata IMDS or probe internal network services. This issue has been patched in...

EUVD-2026-9984

Idno is a social publishing platform. Prior to version 1.6.4, a logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoin...

PT-2026-21933

Name of the Vulnerable Software and Affected Versions esm.sh versions prior to 137 Description esm.sh is susceptible to a full-response Server-Side Request Forgery SSRF issue. This allows an attacker to retrieve information from internal websites. The issue resides in the routing logic,...

CVE-2026-26019

LangChain is a framework for building LLM-powered applications. Prior to 1.1.14, the RecursiveUrlLoader class in @langchain/community is a web crawler that recursively follows links from a starting URL. Its preventOutside option enabled by default is intended to restrict crawling to the same site...

CVE-2026-26019 @langchain/community affected by SSRF Bypass in RecursiveUrlLoader via insufficient URL origin validation

LangChain is a framework for building LLM-powered applications. Prior to 1.1.14, the RecursiveUrlLoader class in @langchain/community is a web crawler that recursively follows links from a starting URL. Its preventOutside option enabled by default is intended to restrict crawling to the same site...

CVE-2026-26019

CVE-2026-26019 affects the LangChain JS library (@langchain/community) before version 1.1.14, specifically the RecursiveUrlLoader. The cause is insufficient URL origin validation: it relied on String.startsWith() to compare URLs, failing to validate semantic origin and permitting crawling of atta...

Craft CMS: save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host

Summary - The saveimagesAsset graphql mutation allows a user to give a url of an image to download. Url must use a domain, not a raw IP. - Attacker sets up domain attacker.domain with an A record of something like 169.254.169.254 special AWS metadata IP - Attacker invokes saveimagesAsset with url...

CVE-2026-0600 Nexus Repository 3 - Server-Side Request Forgery in Proxy Repository Configuration

Server-Side Request Forgery SSRF vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network...

Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the getTemplate function. An attacker can execute arbitrary code on the server by injecting malicious FreeMarker templates through the email template editing API...

PT-2025-52496

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.7.0 Description Langflow is a tool for building and deploying AI-powered agents and workflows. The API Request component allows issuing arbitrary HTTP requests within a flow. Prior to version 1.7.0, the component...