Lucene search
K

10757 matches found

SUSE Linux
SUSE Linux
added 2026/02/20 2:27 p.m.6 views

Security update for vexctl

This update for vexctl fixes the following issues: Update to version 0.4.1+git78.f951e3a: CVE-2025-22868: Unexpected memory consumption during token parsing in golang.org/x/oauth2. bsc1239186 CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in...

8.7CVSS5.6AI score0.03092EPSS
Exploits5References36
RedhatCVE
RedhatCVE
added 2026/02/20 1:26 p.m.7 views

CVE-2026-25385

Server-Side Request Forgery SSRF vulnerability in KaizenCoders URL Shortify url-shortify allows Server Side Request Forgery.This issue affects URL Shortify: from n/a through = 1.12.3...

5.5CVSS5.5AI score0.00237EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.13 views

CVE-2026-2711

A vulnerability has been found in zhutoutoutousan worldquant-miner up to 1.0.9. The impacted element is an unknown function of the file worldquant-miner-master/agent-dify-api/core/helper/ssrfproxy.py of the component URL Handler. The manipulation of the argument makerequest leads to server-side...

6.3CVSS4.8AI score0.00354EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 10:49 p.m.3 views

CVE-2026-26324 OpenClaw has a SSRF guard bypass via full-form IPv4-mapped IPv6 (loopback / metadata reachable)

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, OpenClaw's SSRF protection could be bypassed using full-form IPv4-mapped IPv6 literals such as 0:0:0:0:0:ffff:7f00:1 which is 127.0.0.1. This could allow requests that should be blocked loopback / private network / link-local metada...

7.5CVSS5.5AI score0.00391EPSS
Exploits0References3
CVE
CVE
added 2026/02/19 10:49 p.m.17 views

CVE-2026-26324

OpenClaw has a SSRF protection bypass vulnerability (CVE-2026-26324). An attacker could trigger requests that should be blocked by SSRF guards by using full-form IPv4-mapped IPv6 literals (for example, 0:0:0:0:0:ffff:7f00:1), bypassing loopback/private network/link-local protections. Affected pro...

7.5CVSS5.5AI score0.00391EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/19 3:30 p.m.5 views

CVE-2026-25738 Indico has Server-Side Request Forgery (SSRF) in multiple places

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to server-side request forgery. Indico makes outgoing requests to user-provides URLs in various places. This is mostly intentional and part of...

6.9CVSS5.7AI score0.00189EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/19 3:21 p.m.5 views

CVE-2026-2274 Arbitrary File Read and SSRF in Google AppSheet

A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet prior to 2025-11-23 allows an authenticated remote attacker to read sensitive local files and access internal network resources via crafted requests to the production cluster. This vulnerability was patched and no...

8.5CVSS5.6AI score0.00252EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/19 8:27 a.m.4 views

CVE-2026-25385

Server-Side Request Forgery SSRF vulnerability in KaizenCoders URL Shortify url-shortify allows Server Side Request Forgery.This issue affects URL Shortify: from n/a through = 1.12.3...

5.5AI score0.00237EPSS
Exploits0References2
OSV
OSV
added 2026/02/19 8:16 a.m.1 views

CVE-2026-2711

A vulnerability has been found in zhutoutoutousan worldquant-miner up to 1.0.9. The impacted element is an unknown function of the file worldquant-miner-master/agent-dify-api/core/helper/ssrfproxy.py of the component URL Handler. The manipulation of the argument makerequest leads to server-side...

5.6CVSS5.2AI score0.00354EPSS
Exploits0References6
CVE
CVE
added 2026/02/19 12:0 a.m.10 views

CVE-2025-55853

SoftVision webPDF (before 10.0.2) is affected by a Server-Side Request Forgery (SSRF) in its PDF converter: uploaded XML/HTML can trigger rendering that accesses internal or external resources (http://, file://), enabling internal port scanning and Local File Inclusion (LFI). Multiple sources (NV...

9.1CVSS5.6AI score0.00373EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.7 views

PT-2026-20845

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9 Description SPIP before version 4.4.9 contains a Blind Server-Side Request Forgery SSRF issue related to syndicated sites within the private area. The application does not validate the syndication URL when editing ...

4.3CVSS5.5AI score
Exploits0References6
CVE
CVE
added 2026/02/18 6:42 a.m.16 views

CVE-2026-1857

The CVE-2026-1857 issue affects Kadence Blocks — Gutenberg Blocks with AI for WordPress (

4.3CVSS5.7AI score0.00283EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.4 views

PT-2026-20398

Name of the Vulnerable Software and Affected Versions huggingface smolagents version 1.24.0 Description A weakness exists in the LocalPythonExecutor component of the software. The functions requests.get and requests.post are affected, potentially leading to server-side request forgery. This issue...

9.8CVSS6.5AI score0.00379EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2026/02/17 11:1 p.m.2 views

CVE-2026-22048

StorageGRID formerly StorageGRID Webscale versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID formerly Azure AD as an IdP are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an authenticated...

7.1CVSS5.5AI score0.00271EPSS
Exploits0References1
OSV
OSV
added 2026/02/17 9:42 p.m.3 views

GHSA-JRVC-8FF5-2F9F OpenClaw has a SSRF guard bypass via full-form IPv4-mapped IPv6 (loopback / metadata reachable)

Summary OpenClaw's SSRF protection could be bypassed using full-form IPv4-mapped IPv6 literals such as 0:0:0:0:0:ffff:7f00:1 which is 127.0.0.1. This could allow requests that should be blocked loopback / private network / link-local metadata to pass the SSRF guard. - Vulnerable component: SSRF...

7.5CVSS5.5AI score0.00391EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/17 9:30 p.m.8 views

OpenClaw affected by SSRF via attachment/media URL hydration

Summary Versions of the openclaw npm package prior to 2026.2.2 could be coerced into fetching arbitrary https URLs during attachment/media hydration. An attacker who can influence the media URL for example via model-controlled sendAttachment or auto-reply media URLs could trigger SSRF to internal...

8.6CVSS6.6AI score0.00397EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.6 views

PT-2026-8388

Name of the Vulnerable Software and Affected Versions Rocket TRUfusion Enterprise versions through 7.10.5 Description Rocket TRUfusion Enterprise through version 7.10.5 has a path traversal issue in the WsPortalV6UpDwAxis2Impl service, accessible via the API endpoint...

9.9CVSS6.2AI score0.01027EPSS
Exploits1References17
Redos
Redos
added 2026/02/16 12:0 a.m.5 views

ROS-20260216-73-0013

Vulnerability in kubernetes related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow an attacker acting remotely to launch an ssrf attack...

5.8CVSS5.5AI score0.00355EPSS
Exploits0
NVD
NVD
added 2026/02/13 7:17 p.m.8 views

CVE-2026-25991

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, there is a Blind Server-Side Request Forgery SSRF vulnerability in the Cookmate recipe import feature of Tandoor Recipes. The application fails to validate the destination URL afte...

7.7CVSS0.00283EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/12 8:34 p.m.3 views

CVE-2026-26005

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 45, in Clip Bucket V5, The Remote Play allows creating video entries that reference external video URLs without uploading the video files to the server. However, by specifying an internal network host in the video URL, an SS...

5CVSS5.6AI score0.00233EPSS
Exploits1References3
Rows per page
Query Builder