Lucene search
K

689 matches found

CVE
CVE
added yesterday8 views

CVE-2026-61970

The CVE-2026-61970 entry concerns a Server-Side Request Forgery (SSRF) in the Themeisle Auto Featured Image (Auto Post Thumbnail) WordPress plugin. Affected versions are <= 5.0.4 (reported as from n/a through

4.9CVSS6.1AI score0.00188EPSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-57413

CVE-2026-57413 describes a Server-Side Request Forgery (SSRF) vulnerability in the WordPress plugin “Instant Image Generator” (ai-image). The connected documents indicate the issue affects Instant Image Generator versions from n/a up to 2.1.4. The available details specify the vulnerability type ...

6.4CVSS6.1AI score0.0023EPSS
Exploits0References1
NCSC
NCSC
added yesterday5 views

Vulnerabilities in Palo Alto Networks PAN-OS

Palo Alto Networks has identified several vulnerabilities in the PAN-OS software, particularly in PA-Series and VM-Series firewalls, as well as the Panorama management platform. These vulnerabilities affect various components of PAN-OS. - There are several XSS vulnerabilities in the User-ID...

9.9CVSS7.1AI score0.01172EPSS
Exploits0References10
Nuclei
Nuclei
added yesterday12 views

Apache Kafka Client - Arbitrary File Read

Apache Kafka Client contains arbitrary file read and server-side request forgery caused by untrusted configuration of sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url, letting attackers read files or send requests to unintended locations, exploit requires untrusted party...

7.5CVSS7AI score0.62368EPSS
Exploits2References2
NVD
NVD
added 2 days ago8 views

CVE-2026-15501

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function ToolsRoute.testmcpconnection of the file astrbot/dashboard/routes/tools.py of the component MCP Test Endpoint. The manipulation of the argument mcpserverconfig.url leads to...

6.5CVSS0.00206EPSS
Exploits0References5
CVE
CVE
added 4 days ago9 views

CVE-2026-57575

Misskey (open source federated social platform) contains a Server-Side Request Forgery (SSRF) vulnerability in the UrlPreviewService prior to version 2026.6.0. The issue arises from insufficient network restrictions before outbound requests, allowing an attacker to trigger the Misskey server to i...

6.9CVSS6.1AI score0.00347EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-15146

A flaw was found in Wget. When operating in FTP passive mode, Wget fails to validate the IP address provided in an FTP PASV response. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this vulnerability to redirect Wget's data connection to an arbitrary IP addres...

5.9CVSS6.1AI score0.00121EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-56676 9router: Image prefetch DNS rebinding allows SSRF to internal services

9Router is an AI router & token saver. Prior to 0.5.2, 9router validates image URLs by resolving the host before fetching, but open-sse/translator/concerns/image.js performs the later server-side image fetch with a separate DNS resolution. An authenticated attacker with access to the LLM proxy ca...

7.4CVSS0.00154EPSS
Exploits0References3
NVD
NVD
added 4 days ago9 views

CVE-2026-15330

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function buildimagecontent/downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack c...

7.5CVSS0.00352EPSS
Exploits0References9
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42788

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function buildimagecontent/downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack c...

7.5CVSS6.6AI score0.00352EPSS
Exploits0References9
CVE
CVE
added last week15 views

CVE-2026-59707

CVE-2026-59707 : LocalAI exposes an unauthenticated SSRF via POST /models/apply. The endpoint forwards unsanitized gallery URL fields to gallery.GetGalleryConfigFromURLWithContext, allowing requests to internal/private/loopback URLs and leaking partial responses in error messages. No exploitation...

9.2CVSS6.1AI score0.0036EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 5:30 p.m.8 views

GHSA-794R-5RP2-FPG8 flyto-core has SSRF guard bypass via IPv6 transition addresses (IPv4-mapped / 6to4 / NAT64) in validate_url_ssrf

Summary flyto-core's SSRF protection validateurlssrf / isprivateip in src/core/utils.py blocks private and metadata destinations by resolving the host and testing the resulting IP for membership in a hardcoded PRIVATEIPRANGES list. That list contains only the native RFC 1918 / loopback / link-loc...

7.1CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2026/07/06 9:16 a.m.8 views

CVE-2026-55993

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Atmosphere Websocket Component. The camel-atmosphere-websocket consumer mapped inbound WebSocket query parameters into the Camel Exchange header...

7.5CVSS0.00536EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 8:13 a.m.14 views

CVE-2026-55993

CVE-2026-55993 : Apache Camel Atmosphere Websocket Component contains an SSRF/Information Disclosure issue via improper input validation. The camel-atmosphere-websocket consumer maps inbound WebSocket query parameters into the Camel Exchange header map without a HeaderFilterStrategy, allowing ext...

7.5CVSS6AI score0.00536EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-55939

Name of the Vulnerable Software and Affected Versions SharePoint for ownCloud versions prior to 0.4.1 ownCloud 10 versions prior to 10.15.3 Description An attacker with administrative privileges can exploit a Server-Side Request Forgery SSRF in the SharePoint app to execute arbitrary code on the...

8.5CVSS6.4AI score0.00232EPSS
Exploits0References7
NVD
NVD
added 2026/07/05 1:16 p.m.7 views

CVE-2026-14748

A flaw has been found in AIAnytime Awesome-MCP-Server up to a884bb51bcd99e08e14fd712c749d55d9d9a13ab. Affected by this issue is some unknown functionality of the file mcp-wiki/src/mcpwiki/server.py of the component mcp-wiki/wiki-summary. This manipulation of the argument url causes server-side...

6.5CVSS0.00231EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.13 views

PT-2026-55793

Name of the Vulnerable Software and Affected Versions AIAnytime Awesome-MCP-Server versions up to a884bb51bcd99e08e14fd712c749d55d9d9a13ab Description A flaw in the mcp-wiki/wiki-summary component, specifically within the mcp-wiki/src/mcp wiki/server.py file, allows for server-side request forger...

6.5CVSS6.6AI score0.00231EPSS
Exploits0References11
Microsoft CVE
Microsoft CVE
added 2026/07/02 2:0 p.m.7 views

Azure OpenAI Elevation of Privilege Vulnerability

Server-side request forgery ssrf in Azure OpenAI allows an authorized attacker to elevate privileges over a network...

9.9CVSS5.8AI score0.00608EPSS
Exploits0
NCSC
NCSC
added 2026/07/01 8:52 a.m.10 views

Vulnerabilities in Adobe ColdFusion

Adobe has addressed several vulnerabilities in Adobe ColdFusion versions 25.9, 23.20, and earlier versions. The vulnerabilities in Adobe ColdFusion include unlimited uploading of dangerous file types, improper input validation, path traversal, reflected Cross-Site Scripting XSS, and Server-Side...

10CVSS6AI score0.28583EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54712

Name of the Vulnerable Software and Affected Versions NVIDIA Megatron Bridge for Linux affected versions not specified Description An issue exists that allows an attacker to perform server-side request forgery SSRF, a technique where the attacker induces the server-side application to make reques...

7.8CVSS6AI score0.00148EPSS
Exploits0References4
Rows per page
Query Builder