Lucene search
K

10756 matches found

Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.4 views

PT-2026-25758

Mattermost fails to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/03/15 12:0 a.m.3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-urllib3 (UTSA-2026-006150)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006150 advisory. urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and...

6.1CVSS5.8AI score0.004EPSS
Exploits1References4
CVE
CVE
added 2026/03/12 9:19 p.m.40 views

CVE-2026-32301

CVE-2026-32301 affects Centrifugo up to 6.6.x. An unauthenticated attacker can cause SSRF by crafting a JWT whose iss or aud claims interpolate into a dynamic JWKS endpoint URL before token verification, triggering Centrifugo to make a request to an attacker‑controlled destination. The dynamic JW...

9.3CVSS5.8AI score0.00258EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/12 9:19 p.m.2 views

CVE-2026-32301

Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vulnerable to Server-Side Request Forgery SSRF when configured with a dynamic JWKS endpoint URL using template variables e.g. tenant. An unauthenticated attacker can craft a JWT with a malicious iss or...

9.3CVSS5.8AI score0.00258EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/12 6:37 p.m.24 views

CVE-2026-32236 @backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch

Backstage is an open framework for building developer portals. Prior to 0.27.1, a Server-Side Request Forgery SSRF vulnerability exists in @backstage/plugin-auth-backend when auth.experimentalClientIdMetadataDocuments.enabled is set to true. The CIMD metadata fetch validates the initial clientid...

6.3CVSS0.00292EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/12 6:37 p.m.2 views

CVE-2026-32236 @backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch

Backstage is an open framework for building developer portals. Prior to 0.27.1, a Server-Side Request Forgery SSRF vulnerability exists in @backstage/plugin-auth-backend when auth.experimentalClientIdMetadataDocuments.enabled is set to true. The CIMD metadata fetch validates the initial clientid...

6.3CVSS5.8AI score0.00292EPSS
Exploits0References2
OSV
OSV
added 2026/03/12 6:37 p.m.6 views

CVE-2026-32236 @backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch

Backstage is an open framework for building developer portals. Prior to 0.27.1, a Server-Side Request Forgery SSRF vulnerability exists in @backstage/plugin-auth-backend when auth.experimentalClientIdMetadataDocuments.enabled is set to true. The CIMD metadata fetch validates the initial clientid...

5.8AI score0.00292EPSS
Exploits0References4
CVE
CVE
added 2026/03/12 5:0 p.m.22 views

CVE-2026-21887

OpenCTI platform (data ingestion feature) is vulnerable prior to 6.8.16 due to accepting user-supplied URLs without validation and using Axios with allowAbsoluteUrls: true, enabling semi-blind SSRF to internal endpoints. Impact reported as HIGH (CVSS 3.1: 7.7) with network attack vector and low p...

7.7CVSS5.8AI score0.00212EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/12 2:23 p.m.9 views

SiYuan has a Full-Read SSRF via /api/network/forwardProxy

Summary The /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and headers. There is no URL validation to prevent requests to...

8.3CVSS5.9AI score0.00278EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/11 9:45 p.m.2 views

CVE-2026-32133 2FAuth has Blind SSRF in image parameter allows internal network access and more

2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server to internal networks and cloud metadata endpoints. Th...

7.8CVSS5.9AI score0.00505EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 9:32 p.m.2 views

CVE-2026-3958

A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/apiserver.py of the component JSON Handler. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The...

6.5CVSS5.3AI score0.00201EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/11 7:53 p.m.25 views

CVE-2026-32096 Plunk has SSRF via unvalidated AWS SNS SubscriptionConfirmation in POST /webhooks/sns

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Request Forgery SSRF vulnerability existed in the SNS webhook handler. An unauthenticated attacker could send a crafted request that caused the server to make an arbitrary outbound HTTP GET request to an...

9.3CVSS0.00273EPSS
Exploits1References2
OSV
OSV
added 2026/03/11 7:53 p.m.3 views

CVE-2026-32096 Plunk has SSRF via unvalidated AWS SNS SubscriptionConfirmation in POST /webhooks/sns

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Request Forgery SSRF vulnerability existed in the SNS webhook handler. An unauthenticated attacker could send a crafted request that caused the server to make an arbitrary outbound HTTP GET request to an...

9.3CVSS5.9AI score0.00273EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/11 7:39 p.m.1 views

CVE-2026-31974 Blind SSRF on OpenProject instance via webhooks

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, OpenProject SMTP test endpoint POST /admin/settings/mailnotifications accepts arbitrary host and port values and exhibits measurable differences in response behaviour depending on whether the target IP exists a...

3CVSS5.9AI score0.00156EPSS
Exploits0References1
CVE
CVE
added 2026/03/11 7:39 p.m.17 views

CVE-2026-31974

OpenProject prior to 17.2.0 is affected by an SSRF vulnerability via the SMTP test endpoint (POST /admin/settings/mail_notifications) and via webhooks, where arbitrary host/port values enable timing and error differences to map internal hosts and reachable services/ports. Root cause: improper han...

4.3CVSS5.9AI score0.00156EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/11 7:30 p.m.5 views

CVE-2026-31959 SSRF in Quill via unvalidated URL from Apple notarization log retrieval

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple'...

5.3CVSS5.9AI score0.00097EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.7 views

PT-2026-24557

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A high-privileged attacker could exploit this vulnerability to manipulate...

5.5CVSS5.8AI score0.00232EPSS
Exploits0References2
OSV
OSV
added 2026/03/10 7:17 p.m.3 views

CVE-2026-26801

Server-Side Request Forgery SSRF vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy method allowing server operato...

7.5CVSS5.9AI score0.00481EPSS
Exploits2References5
EUVD
EUVD
added 2026/03/10 6:48 p.m.3 views

EUVD-2026-10788

MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers...

8.2CVSS5.8AI score0.13589EPSS
Exploits1References2
OSV
OSV
added 2026/03/10 6:46 p.m.4 views

CVE-2026-27826 MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL b...

8.2CVSS6AI score0.13589EPSS
Exploits1References4
Rows per page
Query Builder