Lucene search
K

83 matches found

Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.12 views

PT-2026-33540

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can trigger server-side requests to arbitrary internal targets through POST /settings/jellyfin/server-url-verify. The endpoint accepts a user-controlled URL, appends...

7.7CVSS5.8AI score0.00379EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/04/13 7:30 p.m.19 views

CVE-2026-6215 DbGate REST/GraphQL openApiDriver.ts apiServerUrl1 server-side request forgery

A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been...

6.5CVSS0.00195EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/13 7:30 p.m.1 views

CVE-2026-6215 DbGate REST/GraphQL openApiDriver.ts apiServerUrl1 server-side request forgery

A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been...

6.5CVSS6.2AI score0.00195EPSS
Exploits0References3
OSV
OSV
added 2026/03/31 4:56 p.m.6 views

CVE-2026-34361 HAPI FHIR: Unauthenticated SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the FHIR Validator HTTP service exposes an unauthenticated "/loadIG" endpoint that makes outbound HTTP requests to attacker-controlled URLs. Combined with a startsWith...

9.3CVSS5.8AI score0.00299EPSS
Exploits1References3
CVE
CVE
added 2026/03/31 4:56 p.m.15 views

CVE-2026-34359

Summary: CVE-2026-34359 affects HAPI FHIR Core prior to 6.9.4, where ManagedWebAccessUtils.getServer() used String.startsWith() to map request URLs to configured servers. This enables credential leakage via HTTP redirects to attacker-controlled domains that prefix-match configured URLs (e.g., htt...

9.1CVSS5.8AI score0.00158EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/01/27 7:16 p.m.9 views

CVE-2026-0746

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'getaudio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

6.4CVSS0.00181EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/01/13 8:36 p.m.24 views

Malicious website can execute commands on the local system through XSS in the OpenCode web UI

Summary A malicious website can abuse the server URL override feature of the OpenCode web UI to achieve cross-site scripting on http://localhost:4096. From there, it is possible to run arbitrary commands on the local system using the /pty/ endpoints provided by the OpenCode API. Code execution vi...

9.4CVSS6.6AI score0.00914EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2025/11/20 5:15 p.m.3 views

CVE-2025-62709

ClipBucket v5 is an open source video sharing platform. In ClipBucket version 5.5.2, a change to network.class.php causes the application to dynamically build the server URL from the incoming HTTP Host header when the configuration baseurl is not set. Because Host is a client-controlled header, a...

8.8CVSS0.00308EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/20 4:50 p.m.11 views

EUVD-2025-198296

ClipBucket v5 is an open source video sharing platform. In ClipBucket version 5.5.2, a change to network.class.php causes the application to dynamically build the server URL from the incoming HTTP Host header when the configuration baseurl is not set. Because Host is a client-controlled header, a...

6.8CVSS6.8AI score0.00308EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-30285

Malicious code in bioql PyPI...

7.8CVSS7.7AI score0.00166EPSS
Exploits0References1
CISA KEV Catalog
CISA KEV Catalog
added 2025/07/22 12:0 a.m.19 views

SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability

SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives...

9.8CVSS9.5AI score0.72971EPSS
In wildExploits2
RedhatCVE
RedhatCVE
added 2025/05/23 8:55 a.m.5 views

CVE-2024-29210

A local privilege escalation LPE vulnerability has been identified in Phish Alert Button for Outlook PAB, specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an...

6CVSS7AI score0.00374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:7 a.m.7 views

CVE-2023-5876

Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service...

5.3CVSS6.8AI score0.00494EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:28 a.m.10 views

CVE-2023-26466

A user with non-Admin access can change a configuration file on the client to modify the Server URL...

7.8CVSS6.8AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:25 p.m.5 views

CVE-2022-39280

dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version...

7.5CVSS7.5AI score0.00982EPSS
Exploits0References1
OSV
OSV
added 2025/05/07 3:15 p.m.5 views

CVE-2025-2776

SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives...

9.8CVSS5.8AI score0.72971EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2024/10/16 1:24 p.m.9 views

CVE-2024-22030 Rancher agents can be hijacked by taking over the Rancher Server URL

A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle MITM attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability. The...

8CVSS7.2AI score0.00377EPSS
Exploits0References2
OSV
OSV
added 2024/09/26 9:13 p.m.10 views

GHSA-H4H5-9833-V2P4 Rancher agents can be hijacked by taking over the Rancher Server URL

Impact A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle MITM attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability...

8CVSS8.1AI score0.00377EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/07/15 8:43 a.m.19 views

CVE-2024-39767 Spoofed push notifications from malicious server

Mattermost Mobile Apps versions =2.16.0 fail to validate that the push notifications received for a server actually came from this serve that which allows a malicious server to send push notifications with another server’s diagnostic ID or server URL and have them show up in mobile apps as that...

4.2CVSS0.00208EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2024/05/14 12:0 a.m.331 views

CrushFTP Directory Traversal

Exploit Title: CrushFTP Directory Traversal Google Dork: N/A Date: 2024-04-30 Exploit Author: Abdualhadi khalifa https://twitter.com/absholily Vendor Homepage: https://www.crushftp.com/ Software Link: https://www.crushftp.com/download/ Version: below 10.7.1 and 11.1.0 as well as legacy 9.x Tested...

7.4AI score
Exploits0
Rows per page
Query Builder