Lucene search
K

10760 matches found

NVD
NVD
added 2026/01/22 5:16 p.m.6 views

CVE-2026-22358

Server-Side Request Forgery SSRF vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through = 5.6...

5.4CVSS0.00171EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:51 p.m.1 views

CVE-2025-64252

Server-Side Request Forgery SSRF vulnerability in Marco Milesi ANAC XML Viewer anac-xml-viewer allows Server Side Request Forgery.This issue affects ANAC XML Viewer: from n/a through = 1.8.2...

4.9CVSS5.3AI score0.00194EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.4 views

Oracle GoldenGate (January 2026 CPU)

The detected versions of GoldenGate installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative...

8.7CVSS6.7AI score0.01099EPSS
Exploits2References4
NVD
NVD
added 2026/01/21 11:15 p.m.7 views

CVE-2026-24048

Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the FetchUrlReader component, used by the catalog and other...

3.7CVSS0.00201EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/21 10:51 p.m.4 views

CVE-2026-24048 Backstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow`

Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the FetchUrlReader component, used by the catalog and other...

3.5CVSS5.7AI score0.00201EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/21 10:49 p.m.11 views

Backstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow`

Impact The FetchUrlReader component, used by the catalog and other plugins to fetch content from URLs, followed HTTP redirects automatically. This allowed an attacker who controls a host listed in backend.reading.allow to redirect requests to internal or sensitive URLs that are not on the...

3.7CVSS5.7AI score0.00201EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/01/21 9:5 a.m.6 views

WordPress Extend Link plugin <= 2.0.0 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by theviper17 in WordPress Plugin Extend Link versions = 2.0.0...

4.9CVSS5.5AI score0.00184EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/01/21 1:2 a.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the createDocWithMd function, where unsanitized input in the markdown parameter is passed to downstream processing functions. An attacker can access arbitrary files on the server or interact with...

8.8CVSS5.8AI score0.00522EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/21 12:0 a.m.14 views

Amazon Corretto Java 8.x < 8.482.08.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is 8 prior to 8.482.08.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-8-2026-Jan-20 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ...

7.5CVSS6.1AI score0.00864EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/01/20 12:33 p.m.3 views

CVE-2026-1180 Org.keycloak.protocol.oidc: blind server-side request forgery (ssrf) in keycloak oidc dynamic client registration via jwks_uri

A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using privatekeyjwt. The issue allows a client to specify an arbitrary jwksuri, which Keycloak then retrieves without validating the destination. This enables attackers to coerce the...

5.8CVSS5.7AI score0.00363EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/01/20 12:30 a.m.10 views

Chainlit contain a server-side request forgery (SSRF) vulnerability

Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy...

8.3CVSS5.8AI score0.04439EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : libuv-1.41.1-2.el8_10 (AXSA:2024-8516:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8516:01 advisory. libuv: Improper Domain Lookup that potentially leads to SSRF attacks CVE-2024-24806 Tenable has extracted the preceding description block directly from the...

7.3CVSS8.1AI score0.02003EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.9 views

MiracleLinux 7 : httpd-2.4.6-97.1.0.1.el7.AXS7 (AXSA:2021-2480:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2480:01 advisory. httpd: modproxy: SSRF via a crafted request uri-path containing unix: CVE-2021-40438 Tenable has extracted the preceding description block directly from the...

9CVSS8.2AI score0.99999EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : php:7.4 (AXSA:2022-3573:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3573:01 advisory. php: Local privilege escalation via PHP-FPM CVE-2021-21703 php: SSRF bypass in FILTERVALIDATEURL CVE-2021-21705 Tenable has extracted the preceding...

7.8CVSS5.6AI score0.01945EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : grafana-6.3.6-2.el8 (AXSA:2020-596:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-596:01 advisory. grafana: SSRF incorrect access control vulnerability allows unauthenticated users to make grafana send HTTP requests to any URL CVE-2020-13379 Tenable has...

8.2CVSS6.5AI score0.99856EPSS
Exploits5References2
OSV
OSV
added 2026/01/19 4:15 p.m.6 views

DEBIAN-CVE-2025-68616

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery SSRF protection bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata...

7.5CVSS5.4AI score0.00501EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/17 5:19 p.m.26 views

CVE-2026-23529

Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations...

7.7CVSS7AI score0.00376EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/17 1:18 p.m.7 views

CVE-2026-0613

The Librarian contains an internal port scanning vulnerability, facilitated by the webfetch tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has...

7.5CVSS6.9AI score0.00373EPSS
Exploits0References1
NVD
NVD
added 2026/01/16 5:15 p.m.8 views

CVE-2026-23529

Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations...

7.7CVSS0.00376EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/16 4:53 p.m.22 views

CVE-2026-23529 Arbitrary File Read in Google BigQuery Sink connector

Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations...

7.7CVSS0.00376EPSS
Exploits0References4
Rows per page
Query Builder