Lucene search
K

10754 matches found

RedhatCVE
RedhatCVE
added 2026/03/30 10:52 p.m.3 views

CVE-2026-0560

A Server-Side Request Forgery SSRF vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the /api/files/export-content endpoint. The downloadimagetotemp function in backend/routers/files.py fails to validate user-controlled URLs, allowing attackers to make arbitrary HTT...

7.5CVSS7.4AI score0.01765EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/30 6:0 p.m.3 views

CVE-2026-5126

A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function filegetcontents. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used...

6.5CVSS5.5AI score0.00267EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/30 5:24 p.m.4 views

GHSA-VR79-8M62-WH98 FHIR Validator HTTP service has SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft

Summary The FHIR Validator HTTP service exposes an unauthenticated /loadIG endpoint that makes outbound HTTP requests to attacker-controlled URLs. Combined with a startsWith URL prefix matching flaw in the credential provider ManagedWebAccessUtils.getServer, an attacker can steal authentication...

9.3CVSS5.9AI score0.00299EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/30 5:8 p.m.9 views

Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF)

Summary Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's WWW-Authenticate header without validating the scheme, hostname, or IP range. A malicious OCI registry can set the realm...

9.1CVSS6AI score0.00253EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/29 5:51 p.m.18 views

CVE-2026-0560 Server-Side Request Forgery (SSRF) in parisneo/lollms

A Server-Side Request Forgery SSRF vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the /api/files/export-content endpoint. The downloadimagetotemp function in backend/routers/files.py fails to validate user-controlled URLs, allowing attackers to make arbitrary HTT...

7.5CVSS0.01765EPSS
Exploits1References2
Hacker One
Hacker One
added 2026/03/28 3:26 p.m.17 views

arkadiyt-projects: SSRF Filter Bypass via Unblocked NAT64 Local-Use IPv6 Prefix (64:ff9b:1::/48)

A vulnerability was discovered in the ssrffilter library version 1.3.0. The library failed to block the NAT64 local-use IPv6 prefix 64:ff9b:1::/48, allowing such addresses to be treated as public. This enabled SSRF requests through /fetch to targets encoded under that prefix when routable in the...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.5 views

CVE-2026-33693

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the...

6.5CVSS6AI score0.00389EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.3 views

CVE-2026-33644

Lychee is a free, open-source photo-management tool. Prior to version 7.5.2, the SSRF protection in PhotoUrlRule.php can be bypassed using DNS rebinding. The IP validation check line 86-89 only activates when the hostname is an IP address. When a domain name is used, filtervar$host,...

4.3CVSS5.8AI score0.00217EPSS
Exploits1References1
CVE
CVE
added 2026/03/27 9:22 p.m.15 views

CVE-2026-33953

CVE-2026-33953 (LinkAce) : The SSRF protection in LinkAce can be bypassed via internal hostname resolution. In versions prior to 2.5.3, direct requests to private IP literals are blocked, but server-side requests to internal resources can still be triggered when those resources are referenced thr...

8.5CVSS5.9AI score0.00274EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/03/27 7:23 p.m.12 views

CVE-2026-31945

LibreChat (versions 0.8.2-rc2 to 0.8.2) is vulnerable to SSRF via DNS resolution in agent actions or MCP. The issue arises because prior fixes only added hostname validation and do not verify whether DNS results map to private IPs, allowing access to internal resources (e.g., internal RAG API or ...

7.7CVSS5.9AI score0.00249EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/03/27 7:23 p.m.2 views

EUVD-2026-16765

LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery SSRF attack when using agent actions or MCP. Although a previous SSRF vulnerability...

7.7CVSS5.9AI score0.00249EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/27 7:21 p.m.2 views

CVE-2026-31943 LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, isPrivateIP in packages/api/src/auth/domain.ts fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests ...

8.5CVSS5.9AI score0.00213EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/27 7:21 p.m.19 views

CVE-2026-31943 LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, isPrivateIP in packages/api/src/auth/domain.ts fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests ...

8.5CVSS0.00213EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 7:21 p.m.3 views

CVE-2026-31943

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, isPrivateIP in packages/api/src/auth/domain.ts fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests ...

8.5CVSS5.9AI score0.00213EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/27 7:21 p.m.6 views

CVE-2026-31943 LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, isPrivateIP in packages/api/src/auth/domain.ts fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests ...

8.5CVSS5.9AI score0.00213EPSS
Exploits1References3
NVD
NVD
added 2026/03/27 3:16 p.m.4 views

CVE-2026-33766

WWBN AVideo is an open source video platform. In versions up to and including 26.0, isSSRFSafeURL validates URLs against private/reserved IP ranges before fetching, but urlgetcontents follows HTTP redirects without re-validating the redirect target. An attacker can bypass SSRF protection by...

6.5CVSS0.00233EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/27 2:31 p.m.27 views

CVE-2026-33766 AVideo has SSRF Protection Bypass via HTTP Redirect in Image Download Endpoints

WWBN AVideo is an open source video platform. In versions up to and including 26.0, isSSRFSafeURL validates URLs against private/reserved IP ranges before fetching, but urlgetcontents follows HTTP redirects without re-validating the redirect target. An attacker can bypass SSRF protection by...

5.3CVSS0.00233EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/27 2:31 p.m.12 views

EUVD-2026-16652

WWBN AVideo is an open source video platform. In versions up to and including 26.0, isSSRFSafeURL validates URLs against private/reserved IP ranges before fetching, but urlgetcontents follows HTTP redirects without re-validating the redirect target. An attacker can bypass SSRF protection by...

5.3CVSS5.9AI score0.00233EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/27 2:24 p.m.9 views

CVE-2021-27670

Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter...

9.8CVSS7AI score0.61274EPSS
Exploits1References1
OSV
OSV
added 2026/03/27 6:31 a.m.3 views

GHSA-MHRG-94VW-45C5 Spring AI: Insufficient Validation causes SSRF when processing multimodal messages with user-supplied URLs

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery SSRF vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests...

8.6CVSS5.9AI score0.00353EPSS
Exploits0References6
Rows per page
Query Builder