141 matches found
EUVD-2026-42106
mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...
PT-2026-56268
Name of the Vulnerable Software and Affected Versions mem0 affected versions not specified Description Unauthenticated config API endpoints expose LLM API keys in plaintext and enable server-side request forgery SSRF, a technique where an attacker induces the server to make requests to an...
CVE-2026-22874 Gitea webhook and migration allow-list filtering permits SSRF
Gitea versions up to and including 1.26.2 have incomplete SSRF protection in webhook and migration allow-list filtering...
GHSA-72F5-RR8C-R6GR Fluentd is Vulnerable to Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http`
The outhttp output plugin allows the use of placeholders such as $tag in the endpoint configuration parameter. It was discovered that if the placeholder value is derived from untrusted user input, an attacker can maliciously control the destination hostname of the outbound HTTP requests made by...
CVE-2026-57535
Content injected to PDF rendering contexts could, in many places, include HTML content including tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would download the image from that place and display it, thereby leaking information about the rendering server a...
jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)
Summary JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution for hostname inputs at deserialization time. An application that binds untrusted JSON into a type containing an InetSocketAddress field issues an...
EUVD-2026-32915
PyJWKClient: missing scheme allowlist enables CVE-2024-21643-class SSRF + token forgery via file://, ftp://, data: schemes...
Security Bulletin: IBM Maximo Scheduler Optimizer uses axios-1.13.5.tgz which is vulnerable to CVE-2025-62718
Summary IBM Maximo Scheduler Optimizer uses axios-1.13.5.tgz which is vulnerable to CVE-2025-62718. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and...
CVE-2026-50131
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validation before runtime document and media fetching. However, the IPv4 validation logic present starting...
PT-2026-48548
Name of the Vulnerable Software and Affected Versions Fedify versions 0.11.2 through 1.9.11 Fedify versions 0.11.2 through 1.10.10 Fedify versions 0.11.2 through 2.0.18 Fedify versions 0.11.2 through 2.1.14 Fedify versions 0.11.2 through 2.2.3 Description Fedify is a TypeScript library for buildi...
Security Bulletin: Langflow OSS affected by vulnerabilies in Axios versions prior to 1.15.0
Summary Langflow OSS affected by vulnerabilies in Axios versions prior to 1.15.0 Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checki...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when...
PT-2026-45022
Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description NodeVM allows the exclusion of public network builtins from the wildcard builtin option, which blocks direct access to modules such as 'http', 'https', 'http2', 'net', 'dgram', 'tls', 'dns', and...
PYSEC-0000-CVE-2026-48522
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (2025-62718)
Summary IBM Security SOAR uses an older version of the Axios component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.10.0 Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios i...
CVE-2026-48522 PyJWKClient: missing scheme allowlist enables SSRF + token forgery via file://, ftp://, data: schemes
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...
CVE-2026-48522
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...
CVE-2026-48522 PyJWKClient: missing scheme allowlist enables SSRF + token forgery via file://, ftp://, data: schemes
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...
CVE-2026-45717 Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameters including host, port, and URL.
Budibase is an open-source low-code platform. Prior to 3.38.1, Budibase exposes a REST API for datasource management. The route PUT /api/datasources/:datasourceId is registered in the authorizedRoutes group with TABLE/READ permission. This is the same authorization level as the read endpoint GET...
EUVD-2026-31718
Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...