CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 3 days ago•23 views

CVE-2026-10276 hekmon8 Jenkins-server-mcp get_build_status/get_build_log/trigger_build index.ts jobPath server-side request forgery

A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...

6.5CVSS0.00043EPSS

RedhatCVE•added 3 days ago•5 views

CVE-2026-10177

A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file apidocs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has...

6.5CVSS5.4AI score0.00043EPSS

Vulnrichment•added 3 days ago•6 views

CVE-2026-10241 jeecgboot The server processes these URLs Cloud Instance Metadata Endpoint debug FileDownloadUtils.download2DiskFromNet server-side request forgery

A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. T...

6.5CVSS5.4AI score0.00043EPSS

CVE•added 3 days ago•7 views

CVE-2026-10241

Summary of CVE-2026-10241 : In jeecgboot, the server-side component is affected via the function FileDownloadUtils.download2DiskFromNet in the file path /airag/app/debug within the Cloud Instance Metadata Endpoint . The issue enables a server-side request forgery (SSRF) condition that can be trig...

6.5CVSS6.2AI score0.00043EPSS

Positive Technologies•added 3 days ago•5 views

PT-2026-45450

A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of the file src/mcp-server.ts of the component Axios Request Flow. Executing a manipulation of the argument assetPath can lead to server-si...

6.5CVSS6.3AI score0.00043EPSS

Positive Technologies•added 3 days ago•7 views

PT-2026-45349

A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly...

6.5CVSS6.3AI score0.00043EPSS

Positive Technologies•added 3 days ago•5 views

PT-2026-45348

A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be...

6.5CVSS6.3AI score0.00043EPSS

CVE•added 4 days ago•12 views

CVE-2026-10177

CVE-2026-10177 affects Aider-AI Aider 0.86.3, specifically the function requests.get in api_docs.py within the AWS EC2 Metadata Endpoint component. The issue enables a server-side request forgery (SSRF) and is exploitable remotely. Public disclosure has occurred, with the vulnerability categorize...

6.5CVSS6.2AI score0.00043EPSS

ATTACKERKB•added 6 days ago•5 views

CVE-2026-10068

A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. The attack may be initiated remotely. This project is superseded by FreshTomato. Thi...

7.5CVSS6.8AI score0.00038EPSS

Exploits0References5Affected Software1

RedhatCVE•added last week•4 views

CVE-2026-9464

A vulnerability has been found in YunaiV yudao-cloud 2026.03. This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint. Such manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit h...

5.8CVSS5.4AI score0.00043EPSS

Positive Technologies•added 2026/05/23 12:0 a.m.•9 views

PT-2026-42883

A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this...

5.3CVSS5.3AI score0.00019EPSS

CVE•added 2026/05/04 3:45 a.m.•5 views

CVE-2026-7729

CVE-2026-7729 affects pixelsock directus-mcp 1.0.0, specifically the MCP Interface’s index.ts validateUrl function. Manipulating the fileUrl argument can lead to server-side request forgery (SSRF). The vulnerability is exploitable remotely and, per the CVE metrics, has PROOF-OF-CONCEPT exploit ma...

6.5CVSS6.3AI score0.00048EPSS

CNNVD•added 2026/04/29 12:0 a.m.•3 views

Dell Disk Library for Mainframe 代码问题漏洞

Dell Disk Library for Mainframe is an enterprise-level storage system developed by the American company Dell. It provides virtual tape libraries and data storage management capabilities for mainframe environments. There are code-related vulnerabilities in the Dell Disk Library for Mainframe DLm...

4.3CVSS5.8AI score0.00011EPSS

Positive Technologies•added 2026/04/28 12:0 a.m.•0 views

PT-2026-35825

A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl.java of the component trigger Endpoint. This manipulation of the argument addressList causes...

6.5CVSS6.2AI score0.00055EPSS