112 matches found
CVE-2026-6604
A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...
CVE-2026-6604
The CVE-2026-6604 entry affects modelscope agentscope up to version 1.0.18, specifically the Cloud Metadata Endpoint’s _openai_tools.py functions _parse_url, prepare_image, and openai_audio_to_text. The vulnerability arises from manipulating image_url/audio_file_url, enabling server-side request ...
CVE-2026-6604
A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...
CVE-2026-6604 modelscope agentscope Cloud Metadata Endpoint _openai_tools.py openai_audio_to_text server-side request forgery
A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...
PT-2026-33710
A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parse url/prepare image/openai audio to text of the file src/agentscope/tool/ multi modality/ openai tools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...
CVE-2026-35037
Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, the GET /api/website/title endpoint accepts an arbitrary URL via the websiteurl query parameter and makes a server-side HTTP request to it without any validation of the target host or IP address. Th...
PT-2026-30015
Name of the Vulnerable Software and Affected Versions Ech0 versions prior to 4.2.8 Description The GET /api/website/title endpoint is susceptible to Server-Side Request Forgery SSRF. The endpoint accepts an arbitrary URL via the website url query parameter and makes a server-side HTTP request to ...
GO-2026-4854 DigitalOcean Droplet Agent: Command Injection via Metadata Service Endpoint in github.com/digitalocean/droplet-agent
DigitalOcean Droplet Agent: Command Injection via Metadata Service Endpoint in github.com/digitalocean/droplet-agent...
CVE-2026-27826
MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL b...
SUSE CVE-2026-32828
Kargo manages and automates the promotion of software artifacts. In versions 1.4.0 through 1.6.3, 1.7.0-rc.1 through 1.7.8, 1.8.0-rc.1 through 1.8.11, and 1.9.0-rc.1 through 1.9.4, the http and http-download promotion steps allow Server-Side Request Forgery SSRF against link-local addresses, most...
DigitalOcean Droplet Agent: Command Injection via Metadata Service Endpoint
A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component internal/troubleshooting/actioner/actioner.go processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting...
CVE-2026-24516
DigitalOcean Droplet Agent (droplet-agent)
CVE-2026-32828
Kargo manages and automates the promotion of software artifacts. In versions 1.4.0 through 1.6.3, 1.7.0-rc.1 through 1.7.8, 1.8.0-rc.1 through 1.8.11, and 1.9.0-rc.1 through 1.9.4, the http and http-download promotion steps allow Server-Side Request Forgery SSRF against link-local addresses, most...
EUVD-2026-13424
Kargo manages and automates the promotion of software artifacts. In versions 1.4.0 through 1.6.3, 1.7.0-rc.1 through 1.7.8, 1.8.0-rc.1 through 1.8.11, and 1.9.0-rc.1 through 1.9.4, the http and http-download promotion steps allow Server-Side Request Forgery SSRF against link-local addresses, most...
CVE-2026-32828 Kargo: SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration
Kargo manages and automates the promotion of software artifacts. In versions 1.4.0 through 1.6.3, 1.7.0-rc.1 through 1.7.8, 1.8.0-rc.1 through 1.8.11, and 1.9.0-rc.1 through 1.9.4, the http and http-download promotion steps allow Server-Side Request Forgery SSRF against link-local addresses, most...
Budibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query Preview
Summary The REST datasource query preview endpoint POST /api/queries/preview makes server-side HTTP requests to any URL supplied by the user in fields.path with no validation. An authenticated admin can reach internal services that are not exposed to the internet — including cloud metadata...
GHSA-6J68-GCC3-MQ73 Admidio Vulnerable to SSRF and Local File Read via Unrestricted URL Fetch in SSO Metadata Endpoint
Summary The SSO metadata fetch endpoint at modules/sso/fetchmetadata.php accepts an arbitrary URL via $GET'url', validates it only with PHP's FILTERVALIDATEURL, and passes it directly to filegetcontents. FILTERVALIDATEURL accepts file://, http://, ftp://, data://, and php:// scheme URIs. An...
Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration
Summary Kargo's built-in http and http-download promotion steps execute outbound HTTP requests from the Kargo controller. By design, these steps do not restrict destination addresses, as there are legitimate use cases for requests to internal and private endpoints. However, this also permits...
CVE-2026-32133
2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server to internal networks and cloud metadata endpoints. Th...
EUVD-2026-10170
Parse Server: File metadata endpoint bypasses beforeFind / afterFind trigger authorization...