CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7250 matches found

Cvelist•added 2026/05/26 3:49 p.m.•30 views

CVE-2025-14290 IBM webMethods Integration Sever is vulnerable to server-side request forgery

IBM webMethods Integration on prem -Integration Server 10.15 through IS10.15CoreFix2611.1 to IS11.1CoreFix10 IBM webMethods Integration is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to...

5.4CVSS0.00182EPSS

Exploits0References1

CVE•added 2026/05/26 3:49 p.m.•13 views

CVE-2025-14290

IBM webMethods Integration Server (on premise) versions 10.15 to IS_10.15_Core_Fix2611.1 and 11.1 to IS_11.1_Core_Fix10 are affected by CVE-2025-14290, a server-side request forgery (SSRF) vulnerability in the Administration > Publishing > Add subscriber UI. An authenticated attacker could ...

5.4CVSS5.8AI score0.00182EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/26 3:49 p.m.•6 views

CVE-2025-14290

5.4CVSS5.8AI score0.00182EPSS

Exploits0References2Affected Software1

NVD•added 2026/05/26 3:16 p.m.•13 views

CVE-2026-45082

Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...

7.6CVSS0.003EPSS

Exploits0References1

ATTACKERKB•added 2026/05/26 1:45 p.m.•5 views

CVE-2026-45082

7.6CVSS5.8AI score0.003EPSS

Exploits0References2Affected Software1

IBM Security Bulletins•added 2026/05/26 7:32 a.m.•15 views

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2026-1561) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-1561 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is...

5.4CVSS7.3AI score0.00284EPSS

Exploits0Affected Software1

CNNVD•added 2026/05/26 12:0 a.m.•12 views

Google Cloud Apigee 安全漏洞

Google Cloud Apigee is an API management platform provided by Google Inc. It supports features such as API gateways, traffic governance, and interface security management. There are security vulnerabilities in Google Cloud Apigee. These vulnerabilities stem from allowing remote attackers to execu...

9.2CVSS6AI score0.0036EPSS

Exploits0References1

Positive Technologies•added 2026/05/26 12:0 a.m.•7 views

PT-2026-43284

Name of the Vulnerable Software and Affected Versions Google Cloud Apigee affected versions not specified Description A flaw in the SetIntegrationRequest policy allows remote attackers to perform Server-Side Request Forgery SSRF, which is a technique where an attacker forces a server to make...

9.2CVSS5.9AI score0.0036EPSS

Exploits0References3

Positive Technologies•added 2026/05/26 12:0 a.m.•7 views

PT-2026-43278

IBM webMethods Integration on prem -Integration Server 10.15 through IS 10.15 Core Fix2611.1 to IS 11.1 Core Fix10 IBM webMethods Integration is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially...

5.4CVSS5.8AI score0.00182EPSS

Exploits0References2

CNNVD•added 2026/05/26 12:0 a.m.•7 views

karakeep 安全漏洞

Karakeep is an open-source bookmarking app developed by Karakeep App. Versions of Karakeep prior to 0.32.0 contained security vulnerabilities. These vulnerabilities stemmed from a SSRF protection that could be bypassed by carefully crafted HTTP redirection chains. Authentication users could enabl...

7.6CVSS5.8AI score0.003EPSS

Exploits0References1

Redos•added 2026/05/26 12:0 a.m.•11 views

ROS-20260526-73-0014

Vulnerability in registry related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow a remote attacker to launch an ssrf attack...

7.5CVSS5.8AI score0.00274EPSS

Exploits1

CNNVD•added 2026/05/26 12:0 a.m.•7 views

MaxKB 代码问题漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.8.0 contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing bypass vulnerability in the OSS file service URL...

5.1CVSS5.9AI score0.00187EPSS

Exploits0References1

Positive Technologies•added 2026/05/26 12:0 a.m.•11 views

PT-2026-43396

Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.8.1 Description An issue exists in the OSS file service URL fetch endpoint "chat/api/oss/get url" where inconsistent URL parsing between the urlparse validation function and the requests HTTP client allows for a...

6.3CVSS5.8AI score0.0022EPSS

Exploits0References3

RedhatCVE•added 2026/05/25 11:11 p.m.•13 views

CVE-2026-41682

A flaw was found in pupnp, an SDK for developing Universal Plug and Play UPnP applications. This vulnerability, known as Server-Side Request Forgery SSRF, arises from port truncation in the parseuri function. A remote attacker can exploit this flaw to confuse port assignments, potentially enablin...

6.9CVSS5.7AI score0.00346EPSS

Exploits0References2

NVD•added 2026/05/25 9:16 p.m.•16 views

CVE-2026-44598

With valid login credentials, URL Redirection to Untrusted Site 'Open Redirect', Server-Side Request Forgery SSRF vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended t...

5.4CVSS0.00383EPSS

Exploits0References2