Lucene search
K

10757 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/02 2:26 p.m.3 views

CVE-2024-50337

Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28...

5.3CVSS5.8AI score0.00323EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/02 2:26 p.m.9 views

EUVD-2024-55456

Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28...

5.3CVSS5.8AI score0.00323EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/02 1:0 p.m.5 views

CVE-2026-3431 Sim Studio AI - MongoDB SSRF and Arbitrary Document Deletion

On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized operations including...

9.8CVSS6AI score0.00352EPSS
Exploits0References1
OSV
OSV
added 2026/03/02 8:42 a.m.8 views

BIT-MASTODON-2026-27477 Mastodon has SSRF via unvalidated FASP Provider base_url

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, an unauthenticated attacker can register a FASP with an attacker-chosen baseurl that includes or...

8.2CVSS6AI score0.0027EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/01 1:43 a.m.8 views

CVE-2026-27759

Featured Image from Content featured-image-from-content WordPress plugin versions prior to 1.7 contain an authenticated server-side request forgery vulnerability that allows Author-level users to fetch internal HTTP resources. Attackers can exploit insecure URL fetching and file write operations ...

5.3CVSS5.9AI score0.00234EPSS
Exploits0References1
OSV
OSV
added 2026/03/01 1:30 a.m.4 views

GHSA-CWPP-325Q-2CVP Statamic Vulnerable to Server-Side Request Forgery via Glide

Impact When Glide image manipulation is used in insecure mode which is not the default, the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary URLs—either via the URL directly or via the watermark feature. That can allow access to internal...

6.8CVSS5.9AI score0.00378EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/28 2:0 p.m.4 views

CVE-2026-2252

An XML External Entity XXE vulnerability allows malicious user to perform Server-Side Request Forgery SSRF via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core...

7.5CVSS5.9AI score0.00265EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/28 7:47 a.m.11 views

CVE-2026-3286

A vulnerability was identified in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3. The impacted element is the function Save of the file paicoding-web/src/main/java/com/github/paicoding/forum/web/common/image/rest/ImageRestController.java of the component Image Save Endpoint. Such manipulation of the...

6.5CVSS6.4AI score0.00312EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/27 10:11 p.m.26 views

CVE-2026-28423 Statamic Vulnerable to Server-Side Request Forgery via Glide

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, when Glide image manipulation is used in insecure mode which is not the default, the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary...

6.8CVSS0.00378EPSS
Exploits0References3
OSV
OSV
added 2026/02/27 10:11 p.m.6 views

CVE-2026-28423 Statamic Vulnerable to Server-Side Request Forgery via Glide

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, when Glide image manipulation is used in insecure mode which is not the default, the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary...

6.8CVSS5.9AI score0.00378EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/27 8:21 p.m.5 views

EUVD-2026-9066

Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access internal services that should be restricted. Version...

6.5CVSS5.9AI score0.0043EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.8 views

CVE-2026-27808

Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...

8.6CVSS5.9AI score0.00755EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.8 views

CVE-2026-27829

Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing image.domains / image.remotePatterns restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an inferSize option that fetches remote images at rend...

7.2CVSS5.7AI score0.00281EPSS
Exploits1References1
NVD
NVD
added 2026/02/27 12:16 a.m.9 views

CVE-2026-3270

A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit h...

8.8CVSS0.00362EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.7 views

PT-2026-22395

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.2.0 Description A flaw exists in the configuration functionality of Kiteworks, a private data network PDN, that allows bypassing of Server-Side Request Forgery SSRF protections through DNS rebinding attacks. A...

6.5CVSS5.9AI score0.0043EPSS
Exploits0References8
Snyk
Snyk
added 2026/02/26 3:13 a.m.5 views

Server-side Request Forgery (SSRF)

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the inferSize option that fetches remote images at render time to determine their dimensions. An...

7.2CVSS6AI score0.00281EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/02/25 10:59 p.m.7 views

LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader

Summary A redirect-based Server-Side Request Forgery SSRF bypass exists in RecursiveUrlLoader in @langchain/community. The loader validates the initial URL but allows the underlying fetch to follow redirects automatically, which permits a transition from a safe public URL to an internal or metada...

7.4CVSS5.6AI score0.00371EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 10:57 p.m.7 views

esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route

Summary An SSRF vulnerability CWE-918 exists in esm.sh’s /https fetch route. The service tries to block localhost/internal targets, but the validation is based on hostname string checks and can be bypassed using DNS alias domains for example, 127.0.0.1.nip.io resolving to 127.0.0.1. This allows a...

8.6CVSS5.7AI score0.00339EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/02/25 6:30 p.m.4 views

GHSA-9FJ4-3849-RV9G OpenKruise PodProbeMarker is Vulnerable to SSRF via Unrestricted Host Field

Summary PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since kruise-daemon runs with hostNetwork=true, it executes probes from the node network namespace. An attacker with...

6AI score0.00285EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/25 5:30 p.m.26 views

CVE-2026-27795 LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader

LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery SSRF bypass exists in RecursiveUrlLoader in @langchain/community. The loader validates the initial URL but allows the underlying fetch to follow redirects...

4.1CVSS0.00206EPSS
Exploits0References7
Rows per page
Query Builder