Lucene search
+L

164 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-61835

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 12.0.0, the SSRF protection on Directus's file-import-from-URL feature can be bypassed using the address 0.0.0.0 because api/src/request/is-denied-ip.ts treats 0.0.0.0 as a keyword for local interfaces but...

7.7CVSS0.0025EPSS
Exploits0References4
CVE
CVE
added 3 days ago24 views

CVE-2026-48736

Summary: CVE-2026-48736 affects Symfony's NoPrivateNetworkHttpClient and IpUtils::PRIVATE_SUBNETS, where IPv6 transition prefixes (6to4, NAT64, Teredo, IPv4‑mapped IPv6) could bypass private‑IP checks and enable SSRF-like behavior when processing attacker‑supplied URLs. What’s affected: Symfony f...

8.6CVSS6.1AI score0.0046EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-48736 Symfony: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 5.4.0 to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, NoPrivateNetworkHttpClient and IpUtils::PRIVATESUBNETS omitted IPv6 transition prefixes such as 6to4, NAT64, Teredo, and IPv4-compatible IPv6, allowi...

6.9CVSS0.0046EPSS
Exploits0References6
OSV
OSV
added last week3 views

CVE-2026-49213 TypeBot: SSRF protection bypass via IPv6 unspecified address in Typebot HTTP request execution

TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in packages/lib/src/ssrf/validateHttpReqUrl.ts can be bypassed with the IPv6 unspecified address :: because validateIPAddress blocks local, metadata, and private ranges but does not block :: or its expanded form. ...

8.1CVSS6.1AI score0.00319EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/26 8:44 p.m.35 views

CVE-2026-54353 Budibase: Potential SSRF DNS rebinding bypass in outbound fetch validation

Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypass Budibase's SSRF blacklist through DNS rebinding. The outbound fetch flow validates a hostname against the blacklist before the request is sent, but the actual socket connectio...

8.5CVSS0.00202EPSS
Exploits1References1
CVE
CVE
added 2026/06/24 7:39 p.m.34 views

CVE-2026-46348

CVE-2026-46348 affects Mastodon servers prior to 4.5.10, 4.4.17, and 4.3.23. The issue stems from the disallowed IP range list lacking an IPv6 unspecified address (::), allowing an attacker to induce HTTP requests to loopback interfaces and potentially access private resources and services. Impac...

8.7CVSS5.9AI score0.00337EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 6:16 p.m.3 views

CVE-2026-53754 Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach...

7.5CVSS6AI score0.00267EPSS
Exploits0References3
OSV
OSV
added 2026/06/19 9:16 p.m.8 views

GHSA-W4MC-HHC6-XP28 Mailpit: Incomplete SSRF protection in Link Check API via IPv6 transition mechanisms

Summary The remediation shipped in mailpit v1.29.2 for GHSA-mpf7-p9x7-96r3 CVE-2026-27808 is incomplete. The tools.IsInternalIP deny-list relies on Go's stdlib classification helpers IsLoopback, IsPrivate, IsLinkLocalUnicast, IsLinkLocalMulticast, IsUnspecified, IsMulticast plus an inline CGNAT...

5.8CVSS6AI score0.00282EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 10:49 p.m.35 views

CVE-2026-48782

CVE-2026-48782 affects Pydantic AI (versions 1.56.0–1.101.0, 2.0.0b1, 2.0.0b2) where the cloud-metadata blocklist can be bypassed by IPv6 transition forms that previous fixes did not decode. The IPv6 forms bypassing the blocklist can expose cloud IAM short-term credentials when an app uses force_...

6.8CVSS5.3AI score0.00332EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/16 2:31 p.m.34 views

CVE-2026-47684 Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP

Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.3.0, the private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses e.g. ::ffff:127.0.0.1, allowing SSRF protection to be bypassed ...

7.7CVSS0.00221EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.11 views

CVE-2026-45082

Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...

7.6CVSS5.5AI score0.003EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.12 views

openSUSE 16 Security Update : roundcubemail (openSUSE-SU-2026:20852-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20852-1 advisory. Changes in roundcubemail: - update to 1.6.16 - Fix potential too long value in IMAP ID command 10136 - Security: Fix stored XSS/HTML/CSS injecti...

8.1CVSS6AI score0.00764EPSS
Exploits1References24
CVE
CVE
added 2026/05/29 3:11 p.m.33 views

CVE-2026-35673

OpenClaw prior to 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and export routes. Attackers with access to these routes can reuse already-open blocked tabs to bypass private-network SSRF policies and export or inspect content that should remain protected. Affected softw...

6.5CVSS5.8AI score0.00155EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/29 12:0 a.m.15 views

CC-Tweaked has an SSRF Protection Bypass with NAT64

CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can reach an...

5.9AI score0.00054EPSS
Exploits0References3
NVD
NVD
added 2026/05/28 7:16 p.m.15 views

CVE-2026-43979

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService.markdowntohtml constructs an HTML document by interpolating user-controlled values — specifically title sourced from research.title or research.query and metadata key-value pairs —...

5CVSS0.00263EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/28 5:58 p.m.39 views

CVE-2026-46526 Local Deep Research: SSRF bypass in `safe_get`

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. The current project uses validateurl to validate the input URL. The...

5CVSS0.00247EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.12 views

Debian dsa-6301 : roundcube - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6301 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6301-1 [email protected]...

8.1CVSS5.7AI score0.00764EPSS
Exploits1References19
Debian
Debian
added 2026/05/27 9:1 p.m.72 views

[SECURITY] [DSA 6301-1] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6301-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 27, 2026 https://www.debian.org/security/faq -...

8.1CVSS5.9AI score0.00764EPSS
Exploits1
CVE
CVE
added 2026/05/27 5:10 p.m.21 views

CVE-2026-45715

Budibase (open-source low-code platform) is affected by CVE-2026-45715 via the REST datasource integration. The vulnerable component is the REST datasource code at packages/server/src/integrations/rest.ts, where redirects are followed without re-checking the IP blacklist, allowing an authenticate...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/26 8:22 p.m.36 views

CVE-2026-42336 MaxKB: SSRF Bypass via DNS Rebinding in MaxKB OSS URL Fetch

MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch functionality due to inconsistent DNS resolution between validation and actual request execution, allowing attackers to access...

5.1CVSS0.00187EPSS
Exploits0References1
Rows per page
Query Builder