Lucene search
K

1624 matches found

Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.22 views

PT-2026-48622

Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description When WS-Addressing is used with...

8.6CVSS5.8AI score0.00383EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

VMware Spring Web Services 代码问题漏洞

VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are code vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the use of...

8.6CVSS5.4AI score0.00383EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 11:54 p.m.9 views

Malicious code in zer0onedatetool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73fd05fda74bbf13c6275d4da0fa80fece821cad03fb2237ae74ed24309eab52 The postinstall lifecycle script in this package issues curl POST requests to a subdomain of oastify.com — the out-of-band callback domain operated b...

6AI score
Exploits0References1
OSV
OSV
added 2026/06/10 11:54 p.m.19 views

MAL-2026-5536 Malicious code in zer0onedatetool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73fd05fda74bbf13c6275d4da0fa80fece821cad03fb2237ae74ed24309eab52 The postinstall lifecycle script in this package issues curl POST requests to a subdomain of oastify.com — the out-of-band callback domain operated b...

6AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/10 2:27 a.m.9 views

SUSE CVE-2026-44185

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

6.5CVSS5.4AI score0.00598EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.10 views

PT-2026-48548

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validation before runtime document and media fetching. However, the IPv4 validation logic present starting...

8.6CVSS5.4AI score0.00269EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.8 views

CVE-2026-40999: Spring WS SSRF via unvalidated WS-Addressing reply destinations

When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to connect to. A remo...

8.6CVSS5.9AI score0.00383EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/09 8:33 p.m.25 views

MAL-2026-5483 Malicious code in mcp-server-sentry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf12283b2f16a43388d0cc6c2991fbbdab0da44ab344c1f9c71515dd05024046 On npm install, the package's postinstall hook scripts.postinstall: node index.js collects host identifiers — os.hostname, process.cwd, the npm...

5.5AI score
Exploits0References2
EUVD
EUVD
added 2026/06/08 3:22 p.m.13 views

EUVD-2026-35099

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.3CVSS5.4AI score0.00598EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 12:51 p.m.3 views

EUVD-2026-21581

GeoNode contains a server-side request forgery vulnerability in the service registration endpoint...

6.3CVSS5.4AI score0.00172EPSS
Exploits0References6
OSV
OSV
added 2026/06/08 12:51 p.m.8 views

GHSA-HW9R-6M78-W6H3 GeoNode contains a server-side request forgery vulnerability in the service registration endpoint

GeoNode versions 4.4.5 and 5.0.2 and prior within their respective releases contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL durin...

6.3CVSS5.6AI score0.00172EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/06/06 1:36 p.m.18 views

New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks. The feature is primarily designed for people and organizations that handle sensitive data and require stricter protection...

5.7AI score
Exploits0
EUVD
EUVD
added 2026/06/06 12:31 a.m.15 views

EUVD-2026-34917

A server-side request forgery SSRF vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit a request whose input is treated as a URL by the server and used to issue an outbound HTTP GET request without URL validation ...

8.3CVSS5.3AI score0.00226EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/05 8:51 p.m.35 views

CVE-2026-11424 Server-Side Request Forgery in Altium Platform Design GraphQL Service Allows Information Disclosure

A server-side request forgery SSRF vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit a request whose input is treated as a URL by the server and used to issue an outbound HTTP GET request without URL validation ...

8.3CVSS0.00226EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 8:51 p.m.35 views

CVE-2026-11424

CVE-2026-11424: SSRF in a GraphQL service shared by Altium Enterprise Server and Altium 365. An authenticated user can submit input treated as a URL, causing the server to perform an outbound HTTP GET without URL validation or destination filtering, and return the response body. This enables acce...

8.3CVSS5.3AI score0.00226EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.10 views

CVE-2025-36145

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions...

5.4CVSS5.5AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.11 views

CVE-2026-9557

A Server-Side Request Forgery SSRF vulnerability exists in Mautic's Focus component. Due to insufficient validation of user-supplied URLs, an authenticated user can trigger outbound HTTP requests from the hosting server, enabling internal network reconnaissance or forcing requests to arbitrary...

6.4CVSS5.6AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.10 views

CVE-2026-48148

Budibase is an open-source low-code platform. Prior to 3.35.3, the VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reserved hostnames, or URL schemes. Any authenticated user with builder-level access can supply an...

5.3CVSS5.6AI score0.00226EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.10 views

CVE-2026-39383

Gotenberg is an API-based document conversion tool. In version 8.29.1, an unauthenticated attacker with network access can force the server to make outbound HTTP POST requests to arbitrary internal or external destinations by supplying a crafted URL in the Gotenberg-Webhook-Url request header. Th...

7.2CVSS5.7AI score0.00236EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.10 views

CVE-2026-41171

Squidex is an open source headless content management system and content management hub. Versions prior to 7.23.0 have a Server-Side Request Forgery SSRF vulnerability due to missing SSRF protection on the Jint HTTP client used by scripting engine functions getJSON, request, etc.. An authenticate...

8.6CVSS5.6AI score0.00215EPSS
Exploits0References1
Rows per page
Query Builder