Lucene search
K

10757 matches found

NVD
NVD
added 2026/02/25 5:25 p.m.6 views

CVE-2026-3189

A weakness has been identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This vulnerability affects unknown code of the file /api/admin/common/files/download. Executing a manipulation of the argument url can lead to server-side request forgery. The attack can be executed remotely. Attacks ...

3.1CVSS0.00212EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/02/25 4:47 p.m.24 views

CVE-2026-27739 Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline

The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery SSRF vulnerability in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL...

9.2CVSS0.00497EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/25 3:56 p.m.7 views

CVE-2026-27706

Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery SSRF vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the...

7.7CVSS5.6AI score0.00213EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/25 3:56 p.m.7 views

CVE-2026-27706 Plane Vulnerable to Full Read SSRF via Favicon Fetching in "Add Link" Feature

Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery SSRF vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the...

7.7CVSS5.7AI score0.00213EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/25 4:16 a.m.4 views

CVE-2026-27696 changedetection.io Vulnerable to Server-Side Request Forgery (SSRF) via Watch URLs

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery SSRF because the URL validation function issafevalidurl does not validate the resolved IP address of watch URLs against private,...

8.6CVSS5.5AI score0.00445EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/25 4:6 a.m.13 views

CVE-2026-27129

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation uses gethostbyname, which only resolves IPv4 addresses. When a hostname has only AAAA IPv6 records, the function returns the...

7.1CVSS5.4AI score0.00427EPSS
Exploits2References1
OSV
OSV
added 2026/02/24 3:51 p.m.6 views

GHSA-V2GC-RM6G-WRW9 Craft CMS: Cloud Metadata SSRF Protection Bypass via IPv6 Resolution

The SSRF validation in Craft CMS’s GraphQL Asset mutation uses gethostbyname, which only resolves IPv4 addresses. When a hostname has only AAAA IPv6 records, the function returns the hostname string itself, causing the blocklist comparison to always fail and completely bypassing SSRF protection...

7CVSS6.2AI score0.00421EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/24 1:33 p.m.6 views

CVE-2026-2985

A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a manipulation of the argument urlPath results in server-side request forgery. The attack is possible...

6.5CVSS5.2AI score0.00297EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/24 2:45 a.m.2 views

CVE-2026-27129 Cloud Metadata SSRF Protection Bypass via IPv6 Resolution

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation uses gethostbyname, which only resolves IPv4 addresses. When a hostname has only AAAA IPv6 records, the function returns the...

7.1CVSS5.9AI score0.00421EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/24 2:45 a.m.5 views

EUVD-2026-7400

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation uses gethostbyname, which only resolves IPv4 addresses. When a hostname has only AAAA IPv6 records, the function returns the...

7.1CVSS5.3AI score0.00427EPSS
Exploits2References3
Cvelist
Cvelist
added 2026/02/24 2:45 a.m.20 views

CVE-2026-27129 Cloud Metadata SSRF Protection Bypass via IPv6 Resolution

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation uses gethostbyname, which only resolves IPv4 addresses. When a hostname has only AAAA IPv6 records, the function returns the...

7.1CVSS0.00421EPSS
Exploits1References3
OSV
OSV
added 2026/02/24 2:45 a.m.4 views

CVE-2026-27129 Cloud Metadata SSRF Protection Bypass via IPv6 Resolution

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation uses gethostbyname, which only resolves IPv4 addresses. When a hostname has only AAAA IPv6 records, the function returns the...

7.1CVSS5.5AI score0.00421EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/24 2:39 a.m.5 views

CVE-2026-27127

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebindi...

7CVSS5.5AI score0.00446EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2026/02/24 2:39 a.m.13 views

CVE-2026-27127

CVE-2026-27127 affects Craft CMS (versions 4.5.0-RC1–4.16.18 and 5.0.0-RC1–5.8.22). It exploits a TOCTOU DNS rebinding flaw in the GraphQL Asset mutation where DNS resolution occurs separately from the HTTP request, bypassing prior fixes for CVE-2025-68437 and allowing access to blocked IPs. Expl...

7CVSS5.3AI score0.00446EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/02/23 10:16 p.m.4 views

GHSA-GP2F-7WCM-5FHX Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding

Summary The SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebinding attacks, where an attacker’s DNS server returns different IP addresses for validation compared to t...

7CVSS6.2AI score0.00446EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.13 views

PT-2026-21546

Name of the Vulnerable Software and Affected Versions Astro versions prior to 9.5.4 Description Astro, a web framework, is affected by a Server-Side Request Forgery SSRF issue in versions prior to 9.5.4. Server-Side Rendered pages returning an error with a prerendered custom error page such as...

8.6CVSS5.3AI score0.01414EPSS
Exploits1References17
RedhatCVE
RedhatCVE
added 2026/02/22 1:25 p.m.5 views

CVE-2026-27488

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, Cron webhook delivery in src/gateway/server-cron.ts uses fetch directly, so webhook targets can reach private/metadata/internal endpoints without SSRF policy checks. This issue was fixed in version 2026.2.19...

7.3CVSS5.4AI score0.00327EPSS
Exploits0References1
OSV
OSV
added 2026/02/21 8:15 a.m.4 views

CVE-2026-27479 Wallos: SSRF via Redirect Bypass in Logo/Icon URL Fetch

Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...

7.7CVSS5.6AI score0.00307EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/20 11:58 p.m.25 views

CVE-2026-27170 OpenSift: SSRF risk in URL ingestion endpoint

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Potential access/probing of private/local...

7.1CVSS0.00181EPSS
Exploits0References2
OSV
OSV
added 2026/02/20 9:13 p.m.7 views

GHSA-W45G-5746-X9FP OpenClaw hardened cron webhook delivery against SSRF

Affected Packages / Versions - openclaw npm package versions = 2026.2.17. Vulnerability Cron webhook delivery in src/gateway/server-cron.ts used fetch directly, so webhook targets could reach private/metadata/internal endpoints without SSRF policy checks. Fix Commits - 99db4d13e - 35851cdaf Thank...

6.9CVSS5.5AI score0.00327EPSS
Exploits0References5
Rows per page
Query Builder