Lucene search
K

25669 matches found

CVE
CVE
added yesterday7 views

CVE-2026-15146

GNU Wget is vulnerable in FTP passive mode due to not validating the IP address in the PASV response, enabling potential SSRF to localhost/internal resources via a malicious FTP/redirected HTTP server. The issue is addressed in the 4f85853f... commit, which validates the PASV address against the ...

5.9CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added yesterday23 views

CVE-2026-15146 CVE-2026-15146

GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...

Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-55641

9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key authentication. In the default configuration, this...

8.2CVSS
Exploits0References3
NVD
NVD
added yesterday6 views

CVE-2026-15143

A flaw was found in the filetype content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition XSD string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file...

9.3CVSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-55641

9router (affected component: /v1 LLM proxy logic) had an unauthenticated bypass due to client-controlled Host header processing before version 0.5.2. This allowed a remote attacker to craft Host: localhost to bypass API-key checks, potentially enabling upstream provider calls with stored credenti...

8.2CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added yesterday22 views

CVE-2026-55641 9router: Unauthenticated `/v1` proxy access via `Host`-header spoofing → open AI relay + SSRF

9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key authentication. In the default configuration, this...

8.2CVSS
Exploits0References3
CVE
CVE
added yesterday10 views

CVE-2026-56676

9router is affected by an image prefetch DNS rebinding vulnerability (CVE-2026-56676). Prior to v0.5.2, the application validates the image URL by DNS resolution but then performs a server-side fetch with a separate DNS lookup, enabling an authenticated attacker with access to the LLM proxy to tr...

7.4CVSS6.1AI score
Exploits0References3
CVE
CVE
added yesterday9 views

CVE-2026-15143

CVE-2026-15143 affects guardrails-detectors' file_type content detector. An attacker can supply an arbitrary XML Schema (XSD) string, processed without proper restrictions, enabling server-side requests to arbitrary URLs or local file reads and risking disclosure of sensitive information.

9.3CVSS6.1AI score
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-60091

PraisonAI before 4.6.78 contains an unauthenticated server-side request forgery vulnerability in the Jobs API /api/v1/runs endpoint. The webhookurl parameter is validated at request time but re-resolved at connection time, allowing attackers to use DNS rebinding to reach internal services with a...

7.2CVSS
Exploits0References2
NVD
NVD
added yesterday7 views

CVE-2026-56261

Crawl4AI before 0.8.7 contains a server-side request forgery SSRF vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation. An attacker can supply webhook URLs pointing to private or internal IP ranges, Docker networks, o...

9.2CVSS
Exploits0References3
CVE
CVE
added yesterday5 views

CVE-2026-60091

PraisionAI before 4.6.78 is affected by an unauthenticated SSRF in the Jobs API /api/v1/runs. The webhook_url parameter is validated at request time but re-resolved at connection time, enabling DNS rebinding to reach internal services via a blind SSRF attack. CVSS metrics: CVSSv3.1 base score 7.2...

7.2CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added yesterday20 views

CVE-2026-60091 PraisonAI before 4.6.78 Unauthenticated SSRF via webhook_url

PraisonAI before 4.6.78 contains an unauthenticated server-side request forgery vulnerability in the Jobs API /api/v1/runs endpoint. The webhookurl parameter is validated at request time but re-resolved at connection time, allowing attackers to use DNS rebinding to reach internal services with a...

7.2CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday22 views

CVE-2026-56261 Crawl4AI - Server-Side Request Forgery via Webhook URLs

Crawl4AI before 0.8.7 contains a server-side request forgery SSRF vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation. An attacker can supply webhook URLs pointing to private or internal IP ranges, Docker networks, o...

9.2CVSS
Exploits0References3
CVE
CVE
added yesterday10 views

CVE-2026-56261

CVE-2026-56261 affects Crawl4AI prior to 0.8.7. The Docker API server endpoints /crawl/job and /llm/job accept webhook URLs without destination validation, allowing SSRF to private/internal IP ranges, Docker networks, or cloud metadata endpoints (e.g., 169.254.169.254). Potential impact is exposu...

9.2CVSS6.1AI score
Exploits0References3
NVD
NVD
added yesterday7 views

CVE-2026-15378

A flaw was found in the guardrails-detectors component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery SSRF by submitting a specially crafted XML Schema Definition XSD string. This can lead to unauthorized access to sensitive information, including...

9.3CVSS0.00424EPSS
Exploits0References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-42858

A flaw was found in the guardrails-detectors component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery SSRF by submitting a specially crafted XML Schema Definition XSD string. This can lead to unauthorized access to sensitive information, including...

9.3CVSS6.1AI score0.00424EPSS
Exploits0References2
CVE
CVE
added yesterday17 views

CVE-2026-15378

The CVE-2026-15378 entry concerns the guardrails-detectors component where a flaw allows remote attackers to perform a blind Server-Side Request Forgery (SSRF) by submitting a crafted XML Schema Definition string. This can lead to unauthorized access to sensitive information (e.g., credentials fr...

9.3CVSS6.1AI score0.00424EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-15378

A flaw was found in the guardrails-detectors component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery SSRF by submitting a specially crafted XML Schema Definition XSD string. This can lead to unauthorized access to sensitive information, including...

9.3CVSS6.1AI score0.00424EPSS
Exploits0References3
NVD
NVD
added yesterday7 views

CVE-2026-12123

The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locatio...

6.4CVSS0.00246EPSS
Exploits0References12
Patchstack
Patchstack
added yesterday3 views

WordPress All-in-One Video Gallery plugin <= 4.8.5 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by KoreaInfoSec - Korea University in WordPress Plugin All-in-One Video Gallery versions = 4.8.5...

6.4CVSS6.1AI score0.00246EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder