CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

102 matches found

CVE-2026-10177

A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file apidocs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has...

6.5CVSS5.4AI score0.00043EPSS

Exploits0References1

Vulnrichment•added 3 days ago•6 views

CVE-2026-10241 jeecgboot The server processes these URLs Cloud Instance Metadata Endpoint debug FileDownloadUtils.download2DiskFromNet server-side request forgery

A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. T...

6.5CVSS5.4AI score0.00043EPSS

Exploits0References6

Positive Technologies•added 3 days ago•6 views

PT-2026-45350

6.5CVSS6.2AI score0.00043EPSS

Exploits0References7

CNNVD•added 3 days ago•3 views

JeecgBoot code issues and vulnerabilities

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contain code vulnerabilities. These vulnerabilities stem from a server-side request forgeing vulnerability in the...

6.5CVSS6.7AI score0.00043EPSS

Exploits0References6

NVD•added 4 days ago•10 views

CVE-2026-10177

6.5CVSS0.00043EPSS

Exploits0References7

ATTACKERKB•added 4 days ago•7 views

CVE-2026-10177

6.5CVSS6.2AI score0.00043EPSS

Exploits0References7Affected Software1

CVE•added 4 days ago•12 views

CVE-2026-10177

CVE-2026-10177 affects Aider-AI Aider 0.86.3, specifically the function requests.get in api_docs.py within the AWS EC2 Metadata Endpoint component. The issue enables a server-side request forgery (SSRF) and is exploitable remotely. Public disclosure has occurred, with the vulnerability categorize...

6.5CVSS6.2AI score0.00043EPSS

Exploits0References7

Positive Technologies•added 4 days ago•7 views

PT-2026-45187

A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file api docs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has...

6.5CVSS6.2AI score0.00043EPSS

Exploits0References8

NVD•added 6 days ago•7 views

CVE-2026-42965

A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN Fully Qualified Domain Name EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud...

7.7CVSS0.00028EPSS

Exploits0References2

ATTACKERKB•added 6 days ago•6 views

CVE-2026-42965

7.7CVSS5.7AI score0.00028EPSS

Exploits0References3

EUVD•added 6 days ago•4 views

EUVD-2026-33275

7.7CVSS5.7AI score0.00028EPSS

Exploits0References2

RedhatCVE•added 6 days ago•7 views

CVE-2026-42965

7.7CVSS5.7AI score0.00028EPSS

Exploits0References3

Positive Technologies•added 6 days ago•5 views

PT-2026-44798

7.7CVSS5.7AI score0.00028EPSS

Exploits0References3

OSSF Malicious Packages•added 2026/05/25 11:35 a.m.•7 views

Malicious code in clawpro-diagnostics-metrics-cls (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d176cad00849132cb8df7ca53ac064e1980cea09bfe9b25836a78b4719b08ea The package's dist/index.js contains hardcoded HTTP POST calls targeting http://metadata.tencentyun.com along with reads of process.platform and...

5.8AI score

Exploits0References1

Cvelist•added 2026/05/11 4:46 p.m.•26 views

CVE-2026-45000 OpenClaw < 2026.4.20 - Server-Side Request Forgery via Browser CDP Profile Creation

OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing to private-network or metadata endpoints that bypass security policies and are later probed durin...

5CVSS0.0003EPSS

Exploits0References4

Vulnrichment•added 2026/05/11 4:46 p.m.•4 views

CVE-2026-45000 OpenClaw < 2026.4.20 - Server-Side Request Forgery via Browser CDP Profile Creation

5CVSS5.8AI score0.0003EPSS

Exploits0References4

Positive Technologies•added 2026/05/11 12:0 a.m.•5 views

PT-2026-39649

Name of the Vulnerable Software and Affected Versions MLflow versions prior to 3.9.0 Description A Server-Side Request Forgery SSRF issue exists where the create webhook function in mlflow/server/handlers.py accepts a user-controlled url parameter without validation. Subsequently, the send webhoo...

7.1CVSS7.2AI score0.00034EPSS

Exploits1References8

Cvelist•added 2026/05/08 10:11 p.m.•26 views

CVE-2026-42345 FastGPT: Cloud metadata endpoint SSRF protection bypass via port specification, IPv6 mapping, hex/decimal IP encoding, and trailing dot

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...

7.7CVSS0.00032EPSS

Exploits0References1

ATTACKERKB•added 2026/05/08 10:11 p.m.•5 views

CVE-2026-42345

7.7CVSS5.8AI score0.00032EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/05/06 8:21 p.m.•4 views

CVE-2026-40280

Gotenberg is an API-based document conversion tool. In versions 8.30.1 and earlier, the default private-IP deny-lists for the --webhook-deny-list and --api-download-from-deny-list flags use a case-sensitive regular expression ^https?:// to match URL schemes. Because Go's net/url.Parse normalizes...

7.8CVSS5.7AI score0.00014EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by