Lucene search
K

10764 matches found

OSV
OSV
added 2026/03/11 7:53 p.m.4 views

CVE-2026-32096 Plunk has SSRF via unvalidated AWS SNS SubscriptionConfirmation in POST /webhooks/sns

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Request Forgery SSRF vulnerability existed in the SNS webhook handler. An unauthenticated attacker could send a crafted request that caused the server to make an arbitrary outbound HTTP GET request to an...

9.3CVSS5.9AI score0.00273EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/11 7:39 p.m.1 views

CVE-2026-31974 Blind SSRF on OpenProject instance via webhooks

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, OpenProject SMTP test endpoint POST /admin/settings/mailnotifications accepts arbitrary host and port values and exhibits measurable differences in response behaviour depending on whether the target IP exists a...

3CVSS5.9AI score0.00156EPSS
Exploits0References1
CVE
CVE
added 2026/03/11 7:39 p.m.17 views

CVE-2026-31974

OpenProject prior to 17.2.0 is affected by an SSRF vulnerability via the SMTP test endpoint (POST /admin/settings/mail_notifications) and via webhooks, where arbitrary host/port values enable timing and error differences to map internal hosts and reachable services/ports. Root cause: improper han...

4.3CVSS5.9AI score0.00156EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/11 7:30 p.m.6 views

CVE-2026-31959 SSRF in Quill via unvalidated URL from Apple notarization log retrieval

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple'...

5.3CVSS5.9AI score0.00097EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.7 views

PT-2026-24557

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A high-privileged attacker could exploit this vulnerability to manipulate...

5.5CVSS5.8AI score0.00232EPSS
Exploits0References2
OSV
OSV
added 2026/03/10 7:17 p.m.4 views

CVE-2026-26801

Server-Side Request Forgery SSRF vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy method allowing server operato...

7.5CVSS5.9AI score0.00481EPSS
Exploits2References5
EUVD
EUVD
added 2026/03/10 6:48 p.m.3 views

EUVD-2026-10788

MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers...

8.2CVSS5.8AI score0.13589EPSS
Exploits1References2
CVE
CVE
added 2026/03/10 6:46 p.m.89 views

CVE-2026-27826

CVE-2026-27826 — MCP Atlassian SSRF (pre-0.17.0) Affected: MCP Atlassian server (Confluence/Jira) prior to version 0.17.0.Root cause: HTTP middleware and dependency injection layer improperly validate per-request headers, enabling an unauthenticated attacker to direct outbound requests to attacke...

8.2CVSS5.9AI score0.13589EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/10 6:46 p.m.4 views

CVE-2026-27826 MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL b...

8.2CVSS6AI score0.13589EPSS
Exploits1References4
OSV
OSV
added 2026/03/10 6:18 p.m.4 views

CVE-2026-26121

Server-side request forgery ssrf in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network...

7.5CVSS5.8AI score0.01046EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/10 12:17 a.m.3 views

CVE-2026-24316 Server-Side Request Forgery (SSRF) in SAP NetWeaver Application Server for ABAP

SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery SSRF. Successful exploitation could lead to interaction with...

6.4CVSS5.9AI score0.00163EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/09 9:1 p.m.3 views

CVE-2026-25960

vLLM is an inference and serving engine for large language models LLMs. The SSRF protection fix for CVE-2026-24779 add in 0.15.1 can be bypassed in the loadfromurlasync method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. The SSRF fix uses...

7.1CVSS5.8AI score0.00528EPSS
Exploits2References5Affected Software1
OSV
OSV
added 2026/03/09 7:55 p.m.3 views

GHSA-V359-JJ2V-J536 vLLM has SSRF Protection Bypass

Summary The SSRF protection fix for https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc can be bypassed in the loadfromurlasync method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. Affected Component - File:...

5.4CVSS5.9AI score0.00485EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.4 views

CVE-2026-30839

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, testwebhooknotifications.php does not validate the target URL against private/reserved IP ranges, enabling full-read SSRF. The server response is returned to the caller. This issue has been patched in...

5.3CVSS5.7AI score0.00331EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.3 views

CVE-2026-30247

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery SSRF through HTTP redirects. While the backend implements comprehensive UR...

7.5CVSS5.7AI score0.00388EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.6 views

PT-2026-24113

vLLM is an inference and serving engine for large language models LLMs. The SSRF protection fix for CVE-2026-24779 add in 0.15.1 can be bypassed in the load from url async method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. The SSRF fix uses...

7.1CVSS6.3AI score0.00528EPSS
Exploits2References5
CVE
CVE
added 2026/03/07 4:34 p.m.18 views

CVE-2026-30858

Technical details for CVE-2026-30858 are not provided in the connected documents. The available sources describe the issue and patch timing but do not specify affected products/versions or exploit details. Monitor for updates.

7.5CVSS5.7AI score0.00355EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/07 3:57 p.m.3 views

CVE-2026-30832 Soft Serve: SSRF via unvalidated LFS endpoint in repo import

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is...

9.1CVSS5.7AI score0.00328EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/07 5:54 a.m.6 views

CVE-2026-27797

Homarr is an open-source dashboard. Prior to version 1.54.0, an unauthenticated Server-Side Request Forgery SSRF vulnerability allows a remote attacker to force the Homarr server to perform arbitrary outbound HTTP requests. This can be used as an internal network access primitive e.g., reaching...

5.3CVSS5.8AI score0.0043EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/07 5:29 a.m.26 views

CVE-2026-30839 Wallos: SSRF via webhook test endpoint

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, testwebhooknotifications.php does not validate the target URL against private/reserved IP ranges, enabling full-read SSRF. The server response is returned to the caller. This issue has been patched in...

5.3CVSS0.00331EPSS
Exploits1References3
Rows per page
Query Builder