Lucene search
K

1993 matches found

Nuclei
Nuclei
added yesterday24 views

Visualizer <3.3.1 - Blind Server-Side Request Forgery

Visualizer prior to 3.3.1 suffers from a blind server-side request forgery vulnerability via the /wp-json/visualizer/v1/upload-data endpoint. id: CVE-2019-16932 info: name: Visualizer 3.3.1 - Blind Server-Side Request Forgery author: akincibor severity: critical description: | Visualizer prior to...

10CVSS7.3AI score0.39137EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added yesterday6 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.15 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.6CVSS7AI score0.0217EPSS
Exploits1References10
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago3 views

Security Bulletin:IBM Spectrum Control is vulnerable to weaknesses related to axios (CVE-2025-62718, CVE-2026-40175)

Summary Axios is vulnerable to infrastructure tampering and Critical SSRF and exposure of private internal/loopback endpoints attacks. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser an...

9.9CVSS6.6AI score0.01815EPSS
Exploits6Affected Software1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-28385 SSRF via image import from URL allows internal network probing by authenticated users

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

5CVSS0.00172EPSS
Exploits0References2
OSV
OSV
added 6 days ago2 views

SUSE-SU-2026:2627-1 Security update for python-PyJWT

This update for python-PyJWT fixes the following issues - CVE-2026-48522: PyJWKClient passes URI arguments directly to urllib.request.urlopen and allows for SSRF and token forgery bsc1266798. - CVE-2026-48523: verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are...

7.4CVSS5.8AI score0.00379EPSS
Exploits4References9
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-52216

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description An authentication bypass exists in Gitea Docker images due to the REVERSE PROXY TRUSTED PROXIES variable defaulting to . When reverse-proxy authentication is enabled, this configuration allows...

5.8AI score
Exploits1References4
CVE
CVE
added last week13 views

CVE-2026-55454

Appsmith (prior to 2.1) exposes the bundled Caddy admin API without authentication inside the container, bound to 0.0.0.0:2019. Although not exposed to the host via docker-compose, it is reachable from the Appsmith server process and can be targeted via SSRF to issue admin-API calls (e.g., POST /...

9.9CVSS5.9AI score0.00328EPSS
Exploits1References1Affected Software1
The Hacker News
The Hacker News
added 2026/06/24 6:50 a.m.10 views

Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root

Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager Unified CM and Unified Communications Manager Session Management Edition Unified CM SME. The vulnerability, tracked as CVE-2026-20230 CVSS score: 8.6, is a case of improp...

8.6CVSS6.4AI score0.41694EPSS
Exploits3
NVD
NVD
added 2026/06/23 6:18 p.m.8 views

CVE-2026-54018

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the SafePlaywrightURLLoader implements a validateurl function to prevent SSRF attacks by checking the IP address of the user-provided URL. However, this validation is performed only ...

7.7CVSS0.00287EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 6:15 p.m.6 views

EUVD-2026-38567

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through...

8.6CVSS5.9AI score0.00289EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 4:9 p.m.3 views

Security Bulletin: SSRF via HTTP Redirect Following in Langflow API Request Component

Summary Langflow OSS contains SSRF vulnerability in API Request component allowing authenticated flow authors to read localhost/private HTTP services via redirect following. APIRequestComponent.makeapirequest validates only initial URL with validateandresolveurl and pins DNS for initial hostname,...

8.5CVSS5.9AI score
Exploits0Affected Software1
NVD
NVD
added 2026/06/22 6:16 p.m.10 views

CVE-2026-46417

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.12, 21.2.13, 20.3.21, and 19.2.22, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server. The issue stems from how...

8.8CVSS0.0021EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/22 3:39 p.m.5 views

CVE-2026-50168

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/platform-server package allows remote attackers to bypass host allowlist constraints an...

8.8CVSS6.1AI score0.00279EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in libuv1

libuv is a multi-platform support library that focuses on asynchronous I/O operations. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its Windows counterpart src/win/getaddrinfo.c truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to generat...

7.3CVSS6.8AI score0.02003EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in unoconv

The unoconv package before version 0.9 mishandles untrusted pathnames, resulting in SSRF and local file inclusions...

7.5CVSS7.1AI score0.01927EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/17 5:50 p.m.15 views

CVE-2026-48818 Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...

7.5CVSS0.00368EPSS
Exploits0References4
OSV
OSV
added 2026/06/16 9:2 p.m.5 views

GHSA-6QHC-X826-342C Crawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF check

Summary The Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through it, reaching internal services and cloud-metadata endpoints, while usin...

8.6CVSS5.5AI score0.00289EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/16 2:38 p.m.8 views

Astro: Host header SSRF in prerendered error page fetch

Summary Astro SSR apps with prerendered error pages /404 or /500 using export const prerender = true fetch those pages over HTTP at runtime when an error occurs. The URL for this fetch is derived from request.url, which in turn gets its origin from the incoming Host header. When the Host header i...

7.5CVSS5.6AI score0.00196EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/12 6:27 p.m.7 views

GHSA-CV96-5348-P5P8 Budibase: Unvalidated VectorDB Host Parameter Enables SSRF

Summary The VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reserved hostnames, or URL schemes. Any authenticated user with builder-level access can supply an arbitrary host value such as 169.254.169.254 or localhost,...

5.3CVSS5.6AI score0.00226EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/12 3:8 p.m.13 views

Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection

Summary The OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts line 59 uses raw fetchconfig.url with no SSRF protection. The safe wrapper fetchWithBlacklist exists in the same codebase and is used in every other outbound HTTP call automation steps, plugin downloads,...

7.7CVSS5.5AI score0.00217EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder