Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

OSV
OSVadded 3 days ago5 views

GHSA-GQ96-5PFX-F4VC Shopware: SSRF in Media External-Link Endpoint Bypasses IP Validation

Summary The /api/action/media/external-link endpoint allows authenticated admin users to make server-side HTTP HEAD requests to arbitrary internal IP addresses. While the parallel uploadFromURL flow validates target IPs against private/reserved ranges via FileUrlValidator, the linkURL flow only...

4.1CVSS5.9AI score
Exploits0References3
CVE
CVEadded 2026/03/20 11:30 p.m.10 views

CVE-2026-33237

CVE-2026-33237 affects WWBN AVideo. The Scheduler plugin’s run() path in plugin/Scheduler/Scheduler.php uses callbackURL with isValidURL() (URL format check) but omits isSSRFSafeURL(), allowing SSRF to RFC-1918/private and cloud metadata endpoints. Concrete details show the vulnerable code at Sch...

5.5CVSS5.8AI score0.00021EPSS
Exploits1References3Affected Software1
SUSE CVE
SUSE CVEadded 2024/02/17 3:27 a.m.1 views

SUSE CVE-2023-5517

A flaw in query-handling code can cause named to exit prematurely with an assertion failure when: - nxdomain-redirect ; is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versio...

7.5CVSS8AI score0.00143EPSS
Exploits0References7
Rows per page
Query Builder