Lucene search
K

7420 matches found

EUVD
EUVD
added 2026/05/02 4:15 a.m.5 views

EUVD-2026-26738

A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This manipulation of the argument files causes server-side request forgery. It is possible to initiate the...

6.5CVSS6.2AI score0.00268EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.9 views

JeecgBoot 代码问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Versions of JeecgBoot 3.9.1 and earlier contain code vulnerabilities. These vulnerabilities stem from improper handling of the...

6.5CVSS6.7AI score0.00214EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.5 views

PT-2026-36579

The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the ona activate child theme. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations...

4.4CVSS5.9AI score0.0025EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.9 views

PT-2026-36571

Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.9.2 Description An issue in the OpenApi Service component allows remote attackers to perform server-side request forgery SSRF, a flaw where the server is coerced into making unintended requests. This occurs throug...

6.5CVSS5.8AI score0.00214EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.9 views

WordPress plugin PixelYourSite Pro 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.2CVSS6AI score0.00577EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.5 views

PT-2026-36570

A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This manipulation of the argument files causes server-side request forgery. It is possible to initiate the...

6.5CVSS5.5AI score0.00268EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.16 views

JeecgBoot 代码问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of parameters in the OpenApiController.add/OpenApiController.call...

6.5CVSS6.7AI score0.00214EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.12 views

PT-2026-36590

Name of the Vulnerable Software and Affected Versions Royal Elementor Addons versions prior to 1.7.1058 Description The Royal Elementor Addons plugin for WordPress contains a Server-Side Request Forgery SSRF issue. This occurs because the render csv data function does not sufficiently validate...

7.2CVSS5.9AI score0.00379EPSS
Exploits0References17
Snyk
Snyk
added 2026/05/01 11:24 a.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the PolicyReference API when fetching remote policy references. An attacker can access internal resources or arbitrary protocols by supplying a crafted URI. Remediation Upgrade org.apache.neethi:neet...

7.2CVSS6AI score0.00497EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/01 12:0 a.m.5 views

WordPress Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin <= 1.7.1057 - Authenticated (Contributor+) Server-Side Request Forgery vulnerability

Authenticated Contributor+ Server-Side Request Forgery vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Royal Elementor Addons versions = 1.7.1057...

7.2CVSS5.8AI score0.00379EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/30 9:16 p.m.7 views

CVE-2026-3340

IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

6.5CVSS0.00167EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/30 9:4 p.m.4 views

CVE-2026-3340 Server-Side Request Forgery (SSRF) in Langflow URL Component

IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

6.5CVSS5.8AI score0.00167EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/30 9:4 p.m.3 views

CVE-2026-3340

IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

6.5CVSS5.3AI score0.00167EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/30 9:4 p.m.4 views

EUVD-2026-26419

IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

6.5CVSS5.2AI score0.00167EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/30 6:12 p.m.5 views

Server-side Request Forgery (SSRF)

Overview n8n-mcp is an Integration between n8n workflow automation and Model Context Protocol MCP Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the SSRFProtection.validateUrlSync function in the src/utils/ssrf-protection.ts component. An attacker can rea...

8.5CVSS5.8AI score0.00206EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/30 5:28 p.m.10 views

Weblate Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url

Impact An authenticated user with project.add permission default on hosted Weblate SaaS and for any user holding an active billing/trial plan can import a crafted project backup ZIP whose components/.json contains an attacker-chosen repo URL pointing at a private address e.g. http://127.0.0.1:999...

8.1CVSS5.2AI score0.00371EPSS
Exploits0References8Affected Software1
Snyk
Snyk
added 2026/04/30 5:24 p.m.9 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the FilterDeadline function. An attacker can force the application to make arbitrary outbound HTTP POST requests to internal or external destinations by supplying a crafted URL in the...

7.2CVSS6AI score0.00236EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/30 5:24 p.m.7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the FilterDeadline function. An attacker can force the application to make arbitrary outbound HTTP POST requests to internal or external destinations by supplying a crafted URL in the...

7.2CVSS6AI score0.00236EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/30 5:24 p.m.9 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the FilterDeadline function. An attacker can force the application to make arbitrary outbound HTTP POST requests to internal or external destinations by supplying a crafted URL in the...

7.2CVSS6AI score0.00236EPSS
Exploits1References2
OSV
OSV
added 2026/04/30 5:24 p.m.5 views

GHSA-5VH4-RGV7-P9G4 Gotenberg Vulnerable to Unauthenticated SSRF via Unfiltered Webhook URL

CVE Report — Unauthenticated SSRF via Unfiltered Webhook URL in Gotenberg Severity | Field | Value | |-----------|----------------------------------------| | CVSS v3.1 | 8.6 High | | Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N | | CWE | CWE-918 — Server-Side Request Forgery | | Auth | None |...

8.6CVSS6AI score0.00236EPSS
Exploits1References4
Rows per page
Query Builder