CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

265 matches found

Snyk•added 2026/05/05 8:29 p.m.•6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isSSRFSafeURL function. An attacker can access internal network resources and sensitive cloud metadata by submitting specially crafted URLs that use IPv4-mapped IPv6 notation, which bypasses the...

8.8CVSS5.8AI score0.00051EPSS

Exploits0References3

Microsoft CVE•added 2026/04/14 2:0 p.m.•2 views

.NET Denial of Service Vulnerability

Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network...

7.5CVSS5.8AI score0.03084EPSS

Exploits0

CNNVD•added 2026/02/21 12:0 a.m.•3 views

OpenSift 代码问题漏洞

OpenSift is an open-source artificial intelligence learning assistant developed by OpenSift. Versions of OpenSift 1.1.2-alpha and earlier contained code vulnerabilities. These vulnerabilities stemmed from overly permissive server-side access behaviors allowed by URL ingestion, which could lead to...

7.1CVSS5.9AI score0.00068EPSS

Exploits0References2

Vulnrichment•added 2026/02/20 11:58 p.m.•1 views

CVE-2026-27170 OpenSift: SSRF risk in URL ingestion endpoint

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Potential access/probing of private/local...

7.1CVSS5.3AI score0.00068EPSS

Exploits0References2

Positive Technologies•added 2026/02/10 12:0 a.m.•6 views

PT-2026-7274

An Improper Verification of Source of a Communication Channel vulnerability CWE-940 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated user with knowledge of FSSO policy configurations t...

4.2CVSS5.5AI score0.00022EPSS

Exploits0References2

ATTACKERKB•added 2026/01/22 10:21 p.m.•0 views

CVE-2025-25051

An attacker could decrypt sensitive data, impersonate legitimate users or devices, and potentially gain access to network resources for lateral attacks...

6.1CVSS5.4AI score0.00021EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 9:29 a.m.•3 views

CVE-2023-29046

Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of...

4.3CVSS6.9AI score0.00061EPSS

Exploits0References1

OSV•added 2025/12/08 9:15 a.m.•0 views

CVE-2025-26487

Server-Side Request Forgery SSRF vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge...

8.6CVSS5.8AI score0.00044EPSS

Exploits0References1

CNNVD•added 2025/12/08 12:0 a.m.•1 views

Infinera MTC-9 安全漏洞

Infinera MTC-9 is a modular controller from Infinera USA. A security vulnerability exists in the Infinera MTC-9 that originates from server-side request forgery and could lead to access to other network resources...

8.6CVSS6.7AI score0.00044EPSS

Exploits0References1

Positive Technologies•added 2025/10/23 12:0 a.m.•2 views

PT-2025-43564

Name of the Vulnerable Software and Affected Versions Azure Compute Gallery affected versions not specified Description An authorized attacker can elevate privileges over a network due to a server-side request forgery issue in Azure Compute Gallery. This allows for potential misuse of network...

10CVSS6.5AI score0.00197EPSS

Exploits0References11