Lucene search
K

10764 matches found

EUVD
EUVD
added 2026/03/27 7:23 p.m.2 views

EUVD-2026-16765

LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery SSRF attack when using agent actions or MCP. Although a previous SSRF vulnerability...

7.7CVSS5.9AI score0.00249EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/27 7:21 p.m.2 views

CVE-2026-31943 LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, isPrivateIP in packages/api/src/auth/domain.ts fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests ...

8.5CVSS5.9AI score0.00213EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/27 7:21 p.m.19 views

CVE-2026-31943 LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, isPrivateIP in packages/api/src/auth/domain.ts fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests ...

8.5CVSS0.00213EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 7:21 p.m.3 views

CVE-2026-31943

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, isPrivateIP in packages/api/src/auth/domain.ts fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests ...

8.5CVSS5.9AI score0.00213EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/27 7:21 p.m.7 views

CVE-2026-31943 LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, isPrivateIP in packages/api/src/auth/domain.ts fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests ...

8.5CVSS5.9AI score0.00213EPSS
Exploits1References3
NVD
NVD
added 2026/03/27 3:16 p.m.4 views

CVE-2026-33766

WWBN AVideo is an open source video platform. In versions up to and including 26.0, isSSRFSafeURL validates URLs against private/reserved IP ranges before fetching, but urlgetcontents follows HTTP redirects without re-validating the redirect target. An attacker can bypass SSRF protection by...

6.5CVSS0.00233EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/27 2:31 p.m.27 views

CVE-2026-33766 AVideo has SSRF Protection Bypass via HTTP Redirect in Image Download Endpoints

WWBN AVideo is an open source video platform. In versions up to and including 26.0, isSSRFSafeURL validates URLs against private/reserved IP ranges before fetching, but urlgetcontents follows HTTP redirects without re-validating the redirect target. An attacker can bypass SSRF protection by...

5.3CVSS0.00233EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/27 2:31 p.m.12 views

EUVD-2026-16652

WWBN AVideo is an open source video platform. In versions up to and including 26.0, isSSRFSafeURL validates URLs against private/reserved IP ranges before fetching, but urlgetcontents follows HTTP redirects without re-validating the redirect target. An attacker can bypass SSRF protection by...

5.3CVSS5.9AI score0.00233EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/27 2:24 p.m.9 views

CVE-2021-27670

Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter...

9.8CVSS7AI score0.61274EPSS
Exploits1References1
OSV
OSV
added 2026/03/27 6:31 a.m.3 views

GHSA-MHRG-94VW-45C5 Spring AI: Insufficient Validation causes SSRF when processing multimodal messages with user-supplied URLs

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery SSRF vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests...

8.6CVSS5.9AI score0.00353EPSS
Exploits0References6
NVD
NVD
added 2026/03/27 1:16 a.m.7 views

CVE-2026-33693

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the...

6.5CVSS0.00359EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:3 a.m.10 views

CVE-2026-33693

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the...

6.5CVSS5.8AI score0.00389EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2026/03/27 12:0 a.m.5 views

CVE-2026-30637

CVE-2026-30637 is an SSRF vulnerability in OTCMS prior to V7.66, affecting the AnnounContent in /admin/read.php. The issue allows unauthenticated attackers to craft HTTP requests to internal or arbitrary remote URLs. The CVSS v3.1 base score is 7.5 (HIGH) with network access, low attack complexit...

7.5CVSS6AI score0.00499EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 9:45 p.m.2 views

CVE-2026-33682 Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)

Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...

4.7CVSS5.8AI score0.00282EPSS
Exploits0References3
CVE
CVE
added 2026/03/26 9:45 p.m.12 views

CVE-2026-33682

CVE-2026-33682 (Streamlit) affects Windows deployments of Streamlit Open Source up to version 1.53.x. The issue is an SSRF vulnerability caused by insufficient validation of attacker-controlled filesystem paths in component request handling (notably ComponentRequestHandler). On Windows, supplying...

4.8CVSS5.9AI score0.00282EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/26 8:33 p.m.3 views

GO-2026-4852 Vikjuna Bypasses Webhook SSRF Protections During OpenID Connect Avatar Download in code.vikunja.io/api

Vikjuna Bypasses Webhook SSRF Protections During OpenID Connect Avatar Download in code.vikunja.io/api. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

7.4CVSS5.9AI score0.00395EPSS
Exploits1References4
OSV
OSV
added 2026/03/26 8:33 p.m.6 views

GO-2026-4825 PinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrl in github.com/pinchtab/pinchtab

PinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrl in github.com/pinchtab/pinchtab...

5.5CVSS5.9AI score0.00249EPSS
Exploits1References3
OSV
OSV
added 2026/03/26 8:32 p.m.3 views

GO-2026-4702 Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL in github.com/centrifugal/centrifugo

Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL in github.com/centrifugal/centrifugo...

9.3CVSS5.8AI score0.00258EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:4 p.m.4 views

CVE-2026-33644

Lychee is a free, open-source photo-management tool. Prior to version 7.5.2, the SSRF protection in PhotoUrlRule.php can be bypassed using DNS rebinding. The IP validation check line 86-89 only activates when the hostname is an IP address. When a domain name is used, filtervar$host,...

2.3CVSS5.8AI score0.00217EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/26 8:4 p.m.10 views

EUVD-2026-16374

Lychee is a free, open-source photo-management tool. Prior to version 7.5.2, the SSRF protection in PhotoUrlRule.php can be bypassed using DNS rebinding. The IP validation check line 86-89 only activates when the hostname is an IP address. When a domain name is used, filtervar$host,...

2.3CVSS5.8AI score0.00217EPSS
Exploits1References2
Rows per page
Query Builder