Lucene search
K

25821 matches found

CVE
CVE
added 2 hours ago8 views

CVE-2026-15668

A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotel...

6.5CVSS6.2AI score
Exploits0References6
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43613

A vulnerability has been found in nextlevelbuilder GoClaw 3.13.3-beta.3. Affected by this vulnerability is the function bytePlusDownloadVideo of the file internal/tools/createvideobyteplus.go of the component invoke Endpoint. The manipulation of the argument output.videourl leads to server-side...

6.5CVSS6.2AI score
Exploits0References7
CVE
CVE
added 3 hours ago7 views

CVE-2026-15628

A security flaw has been discovered in zhayujie chatgpt-on-wechat CowAgent up to 2.1.1. This issue affects the function Vision.downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Performing a manipulation of the argument image results in server-side request...

6.5CVSS6.3AI score
Exploits0References8
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-43555

CrewAI before 1.15.1 contains a server-side request forgery vulnerability in the validateurl function that performs one-shot DNS resolution and blocklist checks before returning the original URL unchanged. Attackers can bypass the security filter by supplying URLs that redirect to internal...

8.3CVSS6.1AI score
Exploits0References6
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-43556

Spring Boot Admin Server before 4.1.2 contains a server-side request forgery vulnerability that allows unauthenticated attackers to register instances with attacker-controlled healthUrl and managementUrl parameters without validation against private IP ranges or metadata endpoints. Attackers can...

8.6CVSS6.2AI score
Exploits0References6
CVE
CVE
added yesterday9 views

CVE-2026-49969

Vulnerability overview: Laravel-Mediable

7.4CVSS6.2AI score
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added yesterday10 views

Security Bulletin: Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2026-10845, CVE-2026-8646, CVE-2026-9320, CVE-2026-9071 and CVE-2026-9006)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about multiple vulnerabilities affecting WebSphere Application Server have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in...

9.1CVSS5.5AI score0.00338EPSS
Exploits0Affected Software1
NVD
NVD
added yesterday5 views

CVE-2026-61970

Server-Side Request Forgery SSRF vulnerability in Themeisle Auto Featured Image Auto Post Thumbnail auto-post-thumbnail allows Server Side Request Forgery.This issue affects Auto Featured Image Auto Post Thumbnail: from n/a through = 5.0.4...

4.9CVSS0.00188EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57413

Server-Side Request Forgery SSRF vulnerability in bdthemes Instant Image Generator ai-image allows Server Side Request Forgery.This issue affects Instant Image Generator: from n/a through = 2.1.4...

6.4CVSS0.0023EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57407

Server-Side Request Forgery SSRF vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Server Side Request Forgery.This issue affects PDF Generator for WordPress: from n/a through = 1.6.2...

7.2CVSS0.00266EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57372

Server-Side Request Forgery SSRF vulnerability in denishua WPJAM Basic wpjam-basic allows Server Side Request Forgery.This issue affects WPJAM Basic: from n/a through = 7.0...

7.2CVSS0.00266EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-49876

Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 through 1.2.1. Users are recommended to upgrade to...

6.5CVSS0.00204EPSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-43306

A Server-Side Request Forgery SSRF protection bypass existed in the htmltomarkdown expansion module of misp-modules. The module attempts to prevent requests to loopback, private, link-local, and other restricted IP address ranges. However, IP addresses were compared against the blocked ranges...

8.3CVSS6.1AI score0.00239EPSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-43316

This vulnerability is a critical Server-Side Template Injection SSTI in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The messageconfirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to...

9.6CVSS6.4AI score0.00478EPSS
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-62143

A Server-Side Request Forgery SSRF protection bypass existed in the htmltomarkdown expansion module of misp-modules. The module attempts to prevent requests to loopback, private, link-local, and other restricted IP address ranges. However, IP addresses were compared against the blocked ranges...

8.3CVSS0.00239EPSS
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-49876

CVE-2026-49876 describes an authenticated SSRF in the Gravitino JobManager. The issue allows server-side HTTP requests to internal networks and cloud metadata endpoints via unvalidated job template URIs. Affected software: Apache Gravitino 1.0.0 through 1.2.1. Impact is tied to the ability to rea...

6.5CVSS6.1AI score0.00204EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added yesterday11 views

CVE-2026-49876 Apache Gravitino: Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs

Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 through 1.2.1. Users are recommended to upgrade to...

0.00204EPSS
Exploits0References1
CVE
CVE
added yesterday12 views

CVE-2026-57793

CVE-2026-57793 affects the Flow WordPress theme by Elated-Themes. The issue is an improper filename control in Include/Require statements, resulting in a PHP Local File Inclusion (LFI). Affected versions are Flow:

7.5CVSS6.1AI score0.00496EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday11 views

CVE-2026-61970 WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 5.0.4 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Themeisle Auto Featured Image Auto Post Thumbnail auto-post-thumbnail allows Server Side Request Forgery.This issue affects Auto Featured Image Auto Post Thumbnail: from n/a through = 5.0.4...

4.9CVSS0.00188EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-57407 WordPress PDF Generator for WordPress plugin <= 1.6.2 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Server Side Request Forgery.This issue affects PDF Generator for WordPress: from n/a through = 1.6.2...

7.2CVSS0.00266EPSS
Exploits0References1
Rows per page
Query Builder