Lucene search
K

10754 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/01 4:17 p.m.2 views

CVE-2026-33990

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...

6.8CVSS5.9AI score0.00253EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/01 4:17 p.m.2 views

EUVD-2026-17963

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...

6.8CVSS5.9AI score0.00253EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/04/01 4:0 p.m.13 views

arkadiyt-projects: Authorization header leak in ssrf_filter via cross-host redirect leads to credential theft and unauthorized access

A vulnerability was discovered in the ssrffilter library. The vulnerability allowed an attacker-controlled redirect target to receive credentials that were intended only for the original request origin. This was possible because ssrffilter followed redirects by rebuilding each redirected request...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/01 10:3 a.m.2 views

CVE-2026-0932

Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...

6.9CVSS6AI score0.00195EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.4 views

Docker Model Runner 代码问题漏洞

Docker Model Runner is an open-source Docker model runner developed by Docker. Versions of Docker Model Runner prior to 1.1.25 contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing attack during the OCI registry token exchange process. When pulling...

9.1CVSS6AI score0.00253EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/31 11:58 p.m.10 views

OpenClaw SSRF guard misses four IPv6 special-use ranges

Summary The SSRF/IP classifier treated several IPv6 special-use ranges as public and allowed fetches to proceed. Impact An attacker who controlled a fetched URL could target internal or non-routable IPv6 addresses that should have been blocked by the SSRF guard. Affected Component...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 10:53 p.m.9 views

FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability

Technical Description The OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend service. A critical vulnerability exists in the buildurl method. When an OpenAPI...

10CVSS6AI score0.00988EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/03/31 10:53 p.m.6 views

GHSA-VV7Q-7JX5-F767 FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability

Technical Description The OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend service. A critical vulnerability exists in the buildurl method. When an OpenAPI...

10CVSS6AI score0.00988EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/03/31 9:28 p.m.0 views

CVE-2026-34443 FreeScout: SSRF protection bypass via broken CIDR check in checkIpByMask()

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, checkIpByMask in app/Misc/Helper.php checks whether the input IP contains a / character. Plain IP addresses never contain /, so the function always returns false without checking any CIDR...

6.9CVSS5.8AI score0.00277EPSS
Exploits1References3
CVE
CVE
added 2026/03/31 9:28 p.m.9 views

CVE-2026-34443

FreeScout (Laravel) contains a flaw in checkIpByMask() in app/Misc/Helper.php prior to version 1.8.211: it only checks for a slash and returns false for plain IPs, bypassing CIDR evaluation. This leaves the 10.0.0.0/8 and 172.16.0.0/12 private ranges unprotected, enabling potential SSRF-like expo...

6.9CVSS5.8AI score0.00277EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 8:57 p.m.3 views

CVE-2026-34740

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the EPG Electronic Program Guide link feature in AVideo allows authenticated users with upload permissions to store arbitrary URLs that the server fetches on every EPG page visit. The URL is validated only with PHP's...

6.5CVSS6AI score0.00323EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/31 8:57 p.m.5 views

CVE-2026-34740 AVideo: Stored SSRF via Video EPG Link Missing isSSRFSafeURL() Validation

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the EPG Electronic Program Guide link feature in AVideo allows authenticated users with upload permissions to store arbitrary URLs that the server fetches on every EPG page visit. The URL is validated only with PHP's...

6.5CVSS6AI score0.00323EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/31 5:41 p.m.2 views

CVE-2026-33185 Discourse: Group SMTP test endpoint susceptible to SSRF

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the group email settings test endpoint could be used to make the server initiate outbound connections to arbitrary hosts a...

5.3CVSS5.8AI score0.0018EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/31 4:56 p.m.21 views

CVE-2026-34361 HAPI FHIR: Unauthenticated SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the FHIR Validator HTTP service exposes an unauthenticated "/loadIG" endpoint that makes outbound HTTP requests to attacker-controlled URLs. Combined with a startsWith...

9.3CVSS0.00299EPSS
Exploits1References1
OSV
OSV
added 2026/03/31 4:56 p.m.5 views

CVE-2026-34361 HAPI FHIR: Unauthenticated SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the FHIR Validator HTTP service exposes an unauthenticated "/loadIG" endpoint that makes outbound HTTP requests to attacker-controlled URLs. Combined with a startsWith...

9.3CVSS5.8AI score0.00299EPSS
Exploits1References3
NVD
NVD
added 2026/03/31 3:16 p.m.2 views

CVE-2026-34163

FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's MCP Model Context Protocol tools endpoints /api/core/app/mcpTools/getTools and /api/core/app/mcpTools/runTool accept a user-supplied URL parameter and make server-side HTTP requests to it without validating whether the...

7.7CVSS0.00283EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/31 1:43 p.m.24 views

CVE-2026-34162 FastGPT: Unauthenticated SSRF via httpTools Endpoint Leads to Internal API Key Theft

FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint /api/core/app/httpTools/runTool is exposed without any authentication. This endpoint acts as a full HTTP proxy — it accepts a user-supplied baseUrl, toolPath, HTTP method, custom headers,...

10CVSS0.00416EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/31 6:31 a.m.11 views

OpenStack Glance is affected by Server-Side Request Forgery (SSRF)

OpenStack Glance versions = 30.0.0 30.1.1, == 31.0.0 are affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only the glance image import functionality is affected. In particular, the...

7.1CVSS5.9AI score0.00258EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/03/31 6:0 a.m.12 views

CVE-2026-3881

The Vulnerability: WordPress Performance Monitor plugin versions

5.8CVSS5.9AI score0.00259EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/31 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-34881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user...

7.1CVSS5.8AI score0.00258EPSS
Exploits1References2
Rows per page
Query Builder