Lucene search
K

7389 matches found

EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-40431

Crawl4AI before 0.8.7 contains an arbitrary JavaScript execution vulnerability in the Docker API server's /executejs endpoint, which accepts and executes arbitrary user-supplied JavaScript in the server's browser context with --disable-web-security enabled. An attacker can execute arbitrary...

9.2CVSS6.2AI score
Exploits0References4
CVE
CVE
added yesterday6 views

CVE-2026-56399

Open WebUI (pre-0.6.27) contains a server-side request forgery in the /api/v1/retrieval/process/web endpoint. The vulnerability allows authenticated users to bypass SSRF protections by manipulating URL parameters with location redirect headers, enabling access to internal services and potentially...

5.3CVSS5.8AI score
Exploits0References3
EUVD
EUVD
added yesterday4 views

EUVD-2025-210379

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

4.3CVSS5.8AI score
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-40402

IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery SSRF vulnerability in the URL component src/lfx/src/lfx/components/datasource/url.py due to a Time-of-Check/Time-of-Use TOCTOU race condition that can be exploited via DNS rebinding...

7.1CVSS5.8AI score
Exploits0References1
EUVD
EUVD
added yesterday2 views

EUVD-2026-40395

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled...

8.5CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday13 views

CVE-2026-13773 IBM WebSphere eXtreme Scale is affected by server side request forgery when ORB is used as Transport Protocol

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.stringtoobject on an attacker-controlled IOR string during Java deserialization, turning any unfiltered ObjectInputStream sink in WAS into outbound...

6CVSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added yesterday6 views

Security Bulletin: IBM WebSphere Application Server is affected by server-side request forgery (CVE-2026-9006)

Summary IBM WebSphere Application Server is affected by a server-side request forgery vulnerability with the Ajax Proxy configured. Vulnerability Details CVEID:CVE-2026-9006 DESCRIPTION: IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery SSRF with the Ajax...

9.1CVSS5.7AI score0.00221EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: IBM WebSphere eXtreme Scale is affected by server side request forgery when ORB is used as Transport Protocol

Summary IBM WebSphere eXtremes Scale is affected by server side request forgery when ORB is used as Transport Protocol CVE-2026-13773 Vulnerability Details CVEID:CVE-2026-13773 DESCRIPTION: Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call...

6CVSS6.2AI score
Exploits0Affected Software1
NVD
NVD
added yesterday7 views

CVE-2026-48285

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue...

8.6CVSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-48285

CVE-2026-48285 affects ColdFusion versions 2025.9, 2023.20 and earlier. It describes a Server-Side Request Forgery (SSRF) that can bypass security features and grant unauthorized read access without user interaction. The Bug’s scope is reported as changed, and the CVSS v3.1 base score is 8.6 (HIG...

8.6CVSS5.8AI score
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-13316

A flaw has been found in foreman when HTTP parameters are modified in httpproxiescontroller and httpproxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component...

4.4CVSS5.7AI score
Exploits0References3
Nuclei
Nuclei
added yesterday12 views

ChanCMS <= 3.3.0 - Server-Side Request Forgery

yanyutao0402 ChanCMS 3.3.0 contains a server-side request forgery caused by manipulation of the "taskUrl" argument in /cms/collect/getArticle, letting remote attackers make arbitrary requests, exploit requires no special privileges. id: CVE-2025-10211 info: name: ChanCMS = 3.3.0 - Server-Side...

6.5CVSS6.7AI score0.00655EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday12 views

WSO2 - Server Side Request Forgery

WSO2 products contain SSRF and reflected XSS vulnerabilities in the deprecated Try-It feature accessible only to administrative users, caused by improper URL validation and direct content reflection, letting attackers trick admins into executing arbitrary JavaScript and querying internal services...

5.9CVSS5.9AI score0.00583EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday12 views

BMC FootPrints 'searchWeb' - Server-Side Request Forgery

BMC FootPrints versions 20.20.02 through 20.24.01.001 contain a Server-Side Request Forgery SSRF vulnerability in the /footprints/servicedesk/import/searchWeb endpoint. The 'url' parameter allows unauthenticated attackers to force the server to make HTTP requests to arbitrary URLs, enabling acces...

8.8CVSS6.2AI score0.3436EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday17 views

Astro Cloudflare Adapter - Server Side Request Forgery

Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...

7.2CVSS5.8AI score0.00773EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday14 views

LoLLMs WEBUI - Server-Side Request Forgery

LoLLMs WEBUI contains a server-side request forgery caused by unauthenticated access to the /api/proxy endpoint, letting attackers force the server to make arbitrary GET requests, exploit requires no authentication. id: CVE-2026-33340 info: name: LoLLMs WEBUI - Server-Side Request Forgery author:...

9.1CVSS5.9AI score0.21629EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday15 views

MagicMirror <= 2.35.0 - Server-Side Request Forgery

An unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment...

9.2CVSS6AI score0.01623EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday13 views

WordPress FluentCRM <= 2.9.87 - Unauthenticated Blind SSRF

FluentCRM WordPress plugin = 2.9.87 contains a blind server-side request forgery caused by improper validation of the 'SubscribeURL' parameter, letting unauthenticated attackers make arbitrary web requests, exploit requires unconfigured SES bounce handling key. id: CVE-2026-7798 info: name:...

5.4CVSS5.9AI score0.00645EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday9 views

LolLMS < 2.2.0 - Server-Side Request Forgery

A Server-Side Request Forgery SSRF vulnerability exists in parisneo/lollms versions prior to 2.2.0. The /api/files/export-content endpoint processes Markdown image URLs by downloading them via downloadimagetotemp in backend/routers/files.py without any validation, allowing an unauthenticated...

7.5CVSS7.4AI score0.01765EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday17 views

SillyTavern - Server-Side Request Forgery

SillyTavern versions up to and including 1.17.0 expose the /api/search/searxng endpoint, which accepts an attacker-controlled baseUrl parameter and uses it directly to build outbound server-side fetch requests. An authenticated low-privilege user can point baseUrl at an internal or loopback HTTP...

8.5CVSS5.7AI score0.00866EPSS
Exploits0References2
Rows per page
Query Builder