Lucene search
K

10756 matches found

Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.4 views

PT-2026-27456

Name of the Vulnerable Software and Affected Versions LoLLMs WEBUI affected versions not specified Description LoLLMs WEBUI, the web user interface for Lord of Large Language and Multi modal Systems, contains a Server-Side Request Forgery SSRF issue. An unauthenticated attacker can exploit this t...

9.1CVSS5.9AI score0.21629EPSS
Exploits3References8
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.8 views

PT-2026-27468

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validate webhook url for ssrf protection was added to the test notification endpoints but not to the...

7.7CVSS5.7AI score0.00282EPSS
Exploits3References6
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.5 views

macOS 14.x < 14.8.5 Multiple Vulnerabilities (126796)

The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.8.5. It is, therefore, affected by multiple vulnerabilities: - A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. A...

9.3CVSS6.5AI score0.015EPSS
Exploits3References56
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.9 views

macOS 26.x < 26.4 Multiple Vulnerabilities (126794)

The remote host is running a version of macOS / Mac OS X that is 26.x prior to 26.4. It is, therefore, affected by multiple vulnerabilities: - A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. A user may be able to elevate privileges. CVE-2026-20631 - When...

9.3CVSS6.8AI score0.015EPSS
Exploits6References84
NVD
NVD
added 2026/03/23 10:16 p.m.8 views

CVE-2026-32279

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Server-Side Request Forgery SSRF issue exists in the external page migration feature of the Page Management Plugin. Versions 1.41.1 and...

6.8CVSS0.00347EPSS
Exploits0References5
OSV
OSV
added 2026/03/23 2:8 p.m.2 views

CVE-2026-33480 AVideo has a SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in Unauthenticated LiveLinks Proxy

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the isSSRFSafeURL function in AVideo can be bypassed using IPv4-mapped IPv6 addresses ::ffff:x.x.x.x. The unauthenticated plugin/LiveLinks/proxy.php endpoint uses this function to validate URLs before fetching the...

8.6CVSS5.8AI score0.0032EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/23 1:51 p.m.20 views

CVE-2026-33351 AVideo has Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to Verification Bypass

WWBN AVideo is an open source video platform. Prior to version 26.0, a Server-Side Request Forgery SSRF vulnerability exists in plugin/Live/standAloneFiles/saveDVR.json.php. When the AVideo Live plugin is deployed in standalone mode the intended configuration for this file, the...

9.1CVSS0.00431EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/23 12:30 p.m.3 views

EUVD-2026-14396

XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References2
OSV
OSV
added 2026/03/23 10:9 a.m.6 views

EEF-CVE-2026-28809 XXE in esaml SAML library allows local file read and potential SSRF

Summary XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages usin...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.3 views

PT-2026-26814

The Performance Monitor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.6. This is due to insufficient validation of the 'url' parameter in the '/wp-json/performance-monitor/v1/curl data' REST API endpoint. This makes it possible for...

7.2CVSS6AI score0.00374EPSS
Exploits0References5
OSV
OSV
added 2026/03/20 8:44 p.m.4 views

GHSA-P3GR-G84W-G8HH AVideo has a SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in Unauthenticated LiveLinks Proxy

Summary The isSSRFSafeURL function in AVideo can be bypassed using IPv4-mapped IPv6 addresses ::ffff:x.x.x.x. The unauthenticated plugin/LiveLinks/proxy.php endpoint uses this function to validate URLs before fetching them with curl, but the IPv4-mapped IPv6 prefix passes all checks, allowing an...

8.6CVSS5.8AI score0.0032EPSS
Exploits1References4
OSV
OSV
added 2026/03/20 7:57 p.m.2 views

CVE-2026-33126 Frigate has SSRF vulnerability in /ffprobe endpoint

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to version 0.16.3, the /ffprobe endpoint accepts arbitrary user-controlled URLs without proper validation, allowing Server-Side Request Forgery SSRF attacks. An attacker can use the Frigate server t...

5CVSS5.9AI score0.00189EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/20 5:38 a.m.25 views

CVE-2026-33039 AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy

WWBN AVideo is an open source video platform. In versions 25.0 and below, the plugin/LiveLinks/proxy.php endpoint validates user-supplied URLs against internal/private networks using isSSRFSafeURL, but only checks the initial URL. When the initial URL responds with an HTTP redirect Location heade...

8.6CVSS0.00453EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/20 4:8 a.m.5 views

EUVD-2026-13541

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...

8.7CVSS5.9AI score0.00427EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/20 1:58 a.m.36 views

CVE-2026-32812 Admidio Vulnerable to SSRF and Local File Read via Unrestricted URL Fetch in SSO Metadata Endpoint

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, unrestricted URL fetch in the SSO Metadata API can result in SSRF and local file reads. The SSO Metadata fetch endpoint at modules/sso/fetchmetadata.php accepts an arbitrary URL via $GET'url', validates it only...

6.8CVSS0.00428EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.10 views

PT-2026-26767

Summary The isSSRFSafeURL function in AVideo can be bypassed using IPv4-mapped IPv6 addresses ::ffff:x.x.x.x. The unauthenticated plugin/LiveLinks/proxy.php endpoint uses this function to validate URLs before fetching them with curl, but the IPv4-mapped IPv6 prefix passes all checks, allowing an...

8.6CVSS5.8AI score0.0032EPSS
Exploits1References5
NVD
NVD
added 2026/03/19 10:16 p.m.3 views

CVE-2026-32041

OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes to remain accessible without authentication. Local processes or loopback-reachable SSRF paths can exploit this to access browser-control routes including...

7.8CVSS0.0011EPSS
Exploits0References2
NVD
NVD
added 2026/03/19 10:16 p.m.7 views

CVE-2026-32037

OpenClaw versions prior to 2026.2.22 fail to consistently validate redirect chains against configured mediaAllowHosts allowlists during MSTeams media downloads. Attackers can supply or influence attachment URLs to force redirects to non-allowlisted targets, bypassing SSRF boundary controls...

6.5CVSS0.00172EPSS
Exploits0References4
NVD
NVD
added 2026/03/19 10:16 p.m.4 views

CVE-2026-32019

OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4 function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit webfetch functionality to acce...

7.4CVSS0.00206EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:7 p.m.1 views

CVE-2026-32041

OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes to remain accessible without authentication. Local processes or loopback-reachable SSRF paths can exploit this to access browser-control routes including...

7.5CVSS5.8AI score0.0011EPSS
Exploits0References3
Rows per page
Query Builder