10759 matches found
CVE-2026-39521 WordPress Nelio Content plugin <= 4.3.1 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Nelio Software Nelio Content nelio-content allows Server Side Request Forgery.This issue affects Nelio Content: from n/a through = 4.3.1...
GHSA-CMCR-Q4JF-P6Q9 WWBN AVideo has an Allowlisted downloadURL media extensions bypass SSRF protection and enable internal response exfiltration (Incomplete fix for CVE-2026-27732)
Summary The fix for CVE-2026-27732 is incomplete. objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions such as .mp4, .mp3, .zip, .jpg, .png, .gif, and .webm to bypass SSRF validation. The server then fetches the response and...
PT-2026-31257
Name of the Vulnerable Software and Affected Versions Podigee versions through 1.4.0 Description A Server-Side Request Forgery SSRF vulnerability exists in Podigee. This allows for Server Side Request Forgery. Recommendations Update Podigee to a version later than 1.4.0...
VulnCheck KEV: CVE-2025-27817
A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...
PYSEC-2026-60
FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An...
CVE-2026-39376 FastFeedParser has an infinite redirect loop DoS via meta-refresh chain
FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An...
CVE-2026-39370
WWBN AVideo (versions 26.0 and prior) is affected by CVE-2026-39370. The flaw resides in objects/aVideoEncoder.json.php which still accepts attacker-controlled downloadURL values with common media or archive extensions (e.g., .mp4, .mp3, .zip, .jpg, .png, .gif, .webm) that bypass SSRF validation....
CVE-2026-39361
OpenObserve (cloud-native observability platform)
CVE-2026-35037
Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, the GET /api/website/title endpoint accepts an arbitrary URL via the websiteurl query parameter and makes a server-side HTTP request to it without any validation of the target host or IP address. Th...
CVE-2026-35516
LinkAce CVE-2026-35516 affects LinkAce prior to version 2.5.4. The issue arises because LinkRepository::update and CheckLinksCommand::checkLink do not validate private IPs, allowing an authenticated user to cause server-side requests to internal resources (e.g., AWS IMDSv1, cloud metadata, intern...
CVE-2026-35461 Papra has a Blind Server-Side Request Forgery (SSRF) via Webhook URL
Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, the Papra webhook system allows authenticated users to register arbitrary URLs as webhook endpoints with no validation of the destination address. The server makes outbound HTTP POST requests to registered URLs,...
SUSE CVE-2026-33990
Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...
CVE-2026-35459
pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, pyLoad has a server-side request forgery SSRF vulnerability. The fix for CVE-2026-33992 added IP validation to BaseDownloader.download that checks the hostname of the initial download URL. However,...
CVE-2026-35459
pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, pyLoad has a server-side request forgery SSRF vulnerability. The fix for CVE-2026-33992 added IP validation to BaseDownloader.download that checks the hostname of the initial download URL. However,...
CVE-2026-35459 pyLoad has SSRF fix bypass via HTTP redirect
pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, pyLoad has a server-side request forgery SSRF vulnerability. The fix for CVE-2026-33992 added IP validation to BaseDownloader.download that checks the hostname of the initial download URL. However,...
EUVD-2026-19360
Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config admin.go, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication,...
CVE-2026-32871
A flaw was found in FastMCP. An authenticated attacker can exploit a path traversal vulnerability in the buildurl method of the RequestDirector class. By manipulating path parameters in an OpenAPI operation, an attacker can use directory traversal sequences ../ to bypass the intended API prefix...
CVE-2026-5530
A flaw was found in Ollama. A remote attacker can exploit this vulnerability by manipulating the Model Pull API's server/download.go file. This can lead to Server-Side Request Forgery SSRF, allowing the attacker to force the server to make requests to arbitrary network locations. Mitigation To...
PT-2026-30515
A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallToolRequestSchema of the file src/handlers.ts of the component URL Parameter Handler. The manipulation of the argument request.params.name/request.params.arguments leads to...
Linux Distros Unpatched Vulnerability : CVE-2026-35540
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF ...