Lucene search
K

10756 matches found

Vulnrichment
Vulnrichment
added 2026/03/19 10:6 p.m.4 views

CVE-2026-32019 OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard

OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4 function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit webfetch functionality to acce...

7.4CVSS5.8AI score0.00206EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/19 8:20 p.m.5 views

CVE-2026-33321 OpenEMR has Out-of-Band Server-Side Request Forgery (OOB SSRF)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An Out-of-Band Server-Side...

7.2CVSS5.8AI score0.0028EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/19 1:44 p.m.18 views

CVE-2025-71259 BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Blind SSRF in externalfeed/RSS

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of...

5.3CVSS0.12916EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/19 1:44 p.m.4 views

CVE-2025-71258 BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Blind SSRF in searchWeb

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the searchWeb API component that allows authenticated attackers to cause the server to initiate arbitrary outbound requests. Attackers can exploit improper URL validation to...

5.3CVSS6.2AI score0.1743EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/19 12:43 p.m.10 views

AVideo has SSRF in Scheduler Plugin via callbackURL Missing `isSSRFSafeURL()` Validation

Summary The Scheduler plugin's run function in plugin/Scheduler/Scheduler.php calls urlgetcontents with an admin-configurable callbackURL that is validated only by isValidURL URL format check. Unlike other AVideo endpoints that were recently patched for SSRF GHSA-9x67-f2v7-63rw,...

5.5CVSS6.1AI score0.00338EPSS
Exploits1References5Affected Software1
Redos
Redos
added 2026/03/19 12:0 a.m.2 views

ROS-20260319-73-0032

Vulnerability in glpi related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow a remote attacker to launch an ssrf attack...

9.1CVSS5.9AI score0.00317EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/18 11:11 p.m.4 views

CVE-2026-32255 Kan is Vulnerable to Unauthenticated SSRF via Attachment Download Endpoint

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...

8.6CVSS5.8AI score0.10069EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/18 12:59 p.m.6 views

SSRF in @aborruso/ckan-mcp-server via base_url allows access to internal networks

Summary The @aborruso/ckan-mcp-server MCP server provides tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to contact cloud metadata or internal network...

5.7CVSS5.9AI score0.00289EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/18 11:29 a.m.9 views

OPENSUSE-SU-2026:20386-1 Security update for cosign

This update for cosign fixes the following issues: Update to version 3.0.5: - CVE-2026-24122: Fixed improper validation of certificates that outlive expired CA certificates bsc1258542 - CVE-2026-26958: Fixed filippo.io/edwards25519: failure to initialize receiver in MultiScalarMult can produce...

7.5CVSS6.8AI score0.0053EPSS
Exploits4References18
OSV
OSV
added 2026/03/18 11:27 a.m.3 views

SUSE-SU-2026:20904-1 Security update for cosign

This update for cosign fixes the following issues: Update to version 3.0.5: - CVE-2026-24122: Fixed improper validation of certificates that outlive expired CA certificates bsc1258542 - CVE-2026-26958: Fixed filippo.io/edwards25519: failure to initialize receiver in MultiScalarMult can produce...

7.5CVSS6.1AI score0.0053EPSS
Exploits4References19
OSV
OSV
added 2026/03/18 2:16 a.m.3 views

CVE-2026-22181

OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch paths that allows attackers to circumvent SSRF guards when environment proxy variables are configured. When HTTPPROXY, HTTPSPROXY, or ALLPROXY environment variables are present, attacker-influenced...

7.6CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 2026/03/18 1:34 a.m.3 views

EUVD-2026-12728

OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch paths that allows attackers to circumvent SSRF guards when environment proxy variables are configured. When HTTPPROXY, HTTPSPROXY, or ALLPROXY environment variables are present, attacker-influenced...

6.4CVSS5.8AI score0.00221EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/18 1:34 a.m.4 views

CVE-2026-22181 OpenClaw < 2026.3.2 - DNS Pinning Bypass via Environment Proxy Configuration in web_fetch

OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch paths that allows attackers to circumvent SSRF guards when environment proxy variables are configured. When HTTPPROXY, HTTPSPROXY, or ALLPROXY environment variables are present, attacker-influenced...

7.6CVSS5.8AI score0.00221EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2026/03/18 12:0 a.m.18 views

Roundcube -- Multiple vulnerabilities

The Roundcube project reports: pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler password could get changed without providing the old password IMAP Injection + CSRF bypass in mail search remote image blocking bypass via various SVG animate attributes remot...

5.9AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/17 8:33 p.m.9 views

AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy

Summary The plugin/LiveLinks/proxy.php endpoint validates user-supplied URLs against internal/private networks using isSSRFSafeURL, but only checks the initial URL. When the initial URL responds with an HTTP redirect Location header, the redirect target is fetched via fakeBrowser without...

8.6CVSS5.9AI score0.00453EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.8 views

PT-2026-25997

Summary The plugin/LiveLinks/proxy.php endpoint validates user-supplied URLs against internal/private networks using isSSRFSafeURL, but only checks the initial URL. When the initial URL responds with an HTTP redirect Location header, the redirect target is fetched via fakeBrowser without...

8.6CVSS6AI score0.00453EPSS
Exploits1References9
NVD
NVD
added 2026/03/16 3:16 p.m.3 views

CVE-2026-2455

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation which allows an attacker to perform SSRF attacks against internal services via IPv4-mapped IPv6 literals e.g., ::ffff:127.0.0.1.. Mattermost...

4.3CVSS0.00165EPSS
Exploits0References1
OSV
OSV
added 2026/03/16 3:16 p.m.4 views

CVE-2026-2455

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation which allows an attacker to perform SSRF attacks against internal services via IPv4-mapped IPv6 literals e.g., ::ffff:127.0.0.1.. Mattermost...

4.3CVSS5.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/16 2:53 p.m.3 views

CVE-2026-2455 SSRF bypass via IPv4-mapped IPv6 literals

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation which allows an attacker to perform SSRF attacks against internal services via IPv4-mapped IPv6 literals e.g., ::ffff:127.0.0.1.. Mattermost...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/16 9:2 a.m.3 views

CVE-2026-4231

A vulnerability was found in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function updatesql/runsql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Performing a manipulation results in server-side request forgery. The attack may be initiated remotely. Th...

7.5CVSS5.3AI score0.00278EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder