Lucene search
K

114 matches found

NVD
NVD
added 2026/03/11 10:16 p.m.7 views

CVE-2026-32133

2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server to internal networks and cloud metadata endpoints. Th...

9.1CVSS0.00505EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/09 5:42 p.m.4 views

EUVD-2026-10170

Parse Server: File metadata endpoint bypasses beforeFind / afterFind trigger authorization...

6.3CVSS5.8AI score0.00295EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.5 views

CVE-2026-30850

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.9 and 9.5.0-alpha.9, the file metadata endpoint GET /files/:appId/metadata/:filename does not enforce beforeFind / afterFind file triggers. When these triggers are used as...

6.3CVSS5.7AI score0.00295EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/07 6:44 p.m.2 views

Missing Authorization

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Missing Authorization in the GET /files/:appId/metadata/:filename endpoint due to the lack of enforcement of beforeFind and...

6.3CVSS5.8AI score0.00295EPSS
Exploits0References2
NVD
NVD
added 2026/03/07 5:15 p.m.6 views

CVE-2026-30850

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.9 and 9.5.0-alpha.9, the file metadata endpoint GET /files/:appId/metadata/:filename does not enforce beforeFind / afterFind file triggers. When these triggers are used as...

6.3CVSS0.00295EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/07 4:21 p.m.3 views

CVE-2026-30850

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.9 and 9.5.0-alpha.9, the file metadata endpoint GET /files/:appId/metadata/:filename does not enforce beforeFind / afterFind file triggers. When these triggers are used as...

6.3CVSS5.7AI score0.00295EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.7 views

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.9 and 9.5.0-alpha.9. These vulnerabilities stemmed from a flaw in the file metadata...

6.3CVSS5.8AI score0.00295EPSS
Exploits0References2
OSV
OSV
added 2026/03/01 1:29 a.m.4 views

GHSA-JMH7-G254-2CQ9 Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing

Summary A Server-Side Request Forgery SSRF vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses gr.load to load an attacker-controlled Space, the malicious proxyurl from the config is...

8.2CVSS6.1AI score0.00316EPSS
Exploits0References6
Huntr
Huntr
added 2025/12/29 5:51 p.m.6 views

Server-Side Request Forgery (SSRF) in LollMS Export Content

Executive Summary A security vulnerability has been identified in LollMS that allows Server-Side Request Forgery SSRF attacks through the /api/files/export-content endpoint. The downloadimagetotemp function downloads images from arbitrary user-controlled URLs without validation, allowing attacker...

7.5CVSS6AI score0.01765EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2025/12/19 10:52 p.m.6 views

Langflow vulnerable to Server-Side Request Forgery

Vulnerability Overview Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, and then sends the request using a server-side httpx client. It does not block...

7.7CVSS6.5AI score0.0576EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/02 1:8 a.m.10 views

Portkey.ai Gateway: Server-Side Request Forgery (SSRF) in Custom Host

Summary The gateway determines the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch. This can be maliciously used by users for SSRF CWE-918 attack Impact This vulnerabilit...

9.8CVSS6.8AI score0.00323EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-47022

Malicious code in bioql PyPI...

8.6CVSS8.8AI score0.00554EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-7033

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00646EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/03/22 12:52 p.m.17 views

CVE-2024-11822

langgenius/dify version 0.9.1 contains a Server-Side Request Forgery SSRF vulnerability. The vulnerability exists due to improper handling of the apiendpoint parameter, allowing an attacker to make direct requests to internal network services. This can lead to unauthorized access to internal...

7.5CVSS6.9AI score0.0056EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.18 views

CVE-2024-11822

langgenius/dify version 0.9.1 contains a Server-Side Request Forgery SSRF vulnerability. The vulnerability exists due to improper handling of the apiendpoint parameter, allowing an attacker to make direct requests to internal network services. This can lead to unauthorized access to internal...

7.5CVSS0.0056EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:15 a.m.5 views

CVE-2024-11603

A Server-Side Request Forgery SSRF vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the /queue/join? endpoint, where insufficient validation of the path parameter allows an attacker to send crafted requests. This can lead to unauthorized access to internal...

7.5CVSS5.8AI score0.00646EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:9 a.m.3 views

CVE-2024-11822 Server-Side Request Forgery (SSRF) in langgenius/dify

langgenius/dify version 0.9.1 contains a Server-Side Request Forgery SSRF vulnerability. The vulnerability exists due to improper handling of the apiendpoint parameter, allowing an attacker to make direct requests to internal network services. This can lead to unauthorized access to internal...

6.5CVSS6.6AI score0.0056EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.20 views

CVE-2024-11822 Server-Side Request Forgery (SSRF) in langgenius/dify

langgenius/dify version 0.9.1 contains a Server-Side Request Forgery SSRF vulnerability. The vulnerability exists due to improper handling of the apiendpoint parameter, allowing an attacker to make direct requests to internal network services. This can lead to unauthorized access to internal...

6.5CVSS0.0056EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:8 a.m.6 views

CVE-2024-11449 Server-Side Request Forgery in haotian-liu/llava

A vulnerability in haotian-liu/llava version 1.2.0 LLaVA-1.6 allows for Server-Side Request Forgery SSRF through the /run/predict endpoint. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint by sending crafted requests that exploit insufficient validation o...

7.5CVSS7.6AI score0.00646EPSS
Exploits1References1
NVD
NVD
added 2024/06/27 7:15 p.m.35 views

CVE-2024-5885

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery SSRF vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain acces...

8.6CVSS0.00554EPSS
Exploits1References1
Rows per page
Query Builder