Lucene search
K

4 matches found

NVD
NVD
added 11 hours ago5 views

CVE-2026-34170

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GithubApp apiurl field is used as the base URL for server-side HTTP requests without allowlisting or private IP blocking, allowing an authenticated user to configure a...

4.3CVSS
Exploits0References1
Cvelist
Cvelist
added 12 hours ago7 views

CVE-2026-34170 Coolify: Server-Side Request Forgery via attacker-controlled GitHub App API URL

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GithubApp apiurl field is used as the base URL for server-side HTTP requests without allowlisting or private IP blocking, allowing an authenticated user to configure a...

4.3CVSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/20 7:21 a.m.3 views

CVE-2026-33060 CKAN MCP Server: SSRF via base_url allows access to internal networks

CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to...

5.3CVSS5.9AI score0.00289EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.5 views

CVE-2026-27023

Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService validated request URLs at the request level but did not validate redirect targets. An authenticated user who could control outbound request URLs e.g., webhook endpoints, image URLs could bypass...

5CVSS5.7AI score0.00199EPSS
Exploits0References1
Rows per page
Query Builder