Lucene search
K

25853 matches found

EUVD
EUVD
added 3 days ago4 views

EUVD-2026-43084

Server-Side Request Forgery SSRF vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...

6.1AI score0.00133EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43057

Server-Side Request Forgery SSRF vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2...

6.1AI score0.00142EPSS
Exploits0References2
Nuclei
Nuclei
added 3 days ago70 views

vRealize Operations Manager API - Server-Side Request Forgery

vRealize Operations Manager API is susceptible to server-side request forgery. A malicious actor with network access to the vRealize Operations Manager API can steal administrative credentials or trigger remote code execution using CVE-2021-21983. id: CVE-2021-21975 info: name: vRealize Operation...

8.5CVSS7.2AI score0.7829EPSS
Exploits12References3
Nuclei
Nuclei
added 3 days ago105 views

XStream <1.4.15 - Server-Side Request Forgery

XStream before 1.4.15 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorize...

7.7CVSS6.9AI score0.82238EPSS
Exploits4References5
Nuclei
Nuclei
added 3 days ago177 views

Apache Solr <=8.8.1 - Server-Side Request Forgery

Apache Solr versions 8.8.1 and prior contain a server-side request forgery vulnerability. The ReplicationHandler normally registered at "/replication" under a Solr core in Apache Solr has a "masterUrl" also "leaderUrl" alias parameter that is used to designate another ReplicationHandler on anothe...

9.8CVSS7AI score0.93053EPSS
Exploits5References5
Nuclei
Nuclei
added 3 days ago22 views

Oracle E-Business Suite - Server-Side Request Forgery

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: Runtime UI. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. id:...

7.5CVSS7AI score0.97788EPSS
Exploits6References5
Positive Technologies
Positive Technologies
added 3 days ago11 views

PT-2026-57397

Name of the Vulnerable Software and Affected Versions Planyo Online Reservation System plugin for WordPress versions prior to 3.1 Description An unauthenticated Server-Side Request Forgery SSRF exists that leads to Local File Inclusion LFI. The ulap.php file functions as an AJAX proxy and is...

7.2CVSS6.1AI score0.00357EPSS
Exploits0References15
NVD
NVD
added 4 days ago7 views

CVE-2026-55807

Server-Side Request Forgery SSRF vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...

3.1CVSS0.00133EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-49213

TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in packages/lib/src/ssrf/validateHttpReqUrl.ts can be bypassed with the IPv6 unspecified address :: because validateIPAddress blocks local, metadata, and private ranges but does not block :: or its expanded form. ...

8.1CVSS0.00319EPSS
Exploits0References4
CVE
CVE
added 4 days ago445 views

CVE-2026-55807

Drupal core is affected by CVE-2026-55807 via a Server-Side Request Forgery (SSRF) in the Media module’s oEmbed URL discovery, allowing the server to be induced to fetch arbitrary URLs. Affected versions include Drupal core from 0.0.0 up to 10.5.12, 10.6.0–10.6.11, 11.2.0–11.2.14, 11.3.0–11.3.12,...

3.1CVSS6.1AI score0.00133EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-55807 Drupal core - Moderately critical - Server-side request forgery - SA-CORE-2026-008

Server-Side Request Forgery SSRF vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...

0.00133EPSS
Exploits0References1
OSV
OSV
added 4 days ago3 views

CVE-2026-55807 Drupal core - Moderately critical - Server-side request forgery - SA-CORE-2026-008

Server-Side Request Forgery SSRF vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...

3.1CVSS6.1AI score0.00133EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-13233 OpenAI Provider - Moderately critical - Server-side Request Forgery - SA-CONTRIB-2026-053

Server-Side Request Forgery SSRF vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2...

0.00142EPSS
Exploits0References1
CVE
CVE
added 4 days ago12 views

CVE-2026-13233

The CVE-2026-13233 entry describes a Server-Side Request Forgery (SSRF) in the Drupal OpenAI Provider module. Affected are Drupal OpenAI Provider versions 0.0.0–1.1.1 and 1.2.0–1.2.2. Root cause: insufficient sanitization of user-supplied URLs, enabling SSRF. Impact is limited to the described vu...

3.3CVSS6.1AI score0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-55187 Mailpit: Incomplete SSRF protection in Link Check API via IPv6 transition mechanisms (follow-up to CVE-2026-27808)

Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shipped for CVE-2026-27808 is incomplete because the tools.IsInternalIP deny-list in internal/tools/net.go relies on Go's standard library classification helpers and does not block IPv6 transition mechanisms...

5.8CVSS0.00282EPSS
Exploits0References3
OSV
OSV
added 4 days ago3 views

CVE-2026-55187 Mailpit: Incomplete SSRF protection in Link Check API via IPv6 transition mechanisms (follow-up to CVE-2026-27808)

Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shipped for CVE-2026-27808 is incomplete because the tools.IsInternalIP deny-list in internal/tools/net.go relies on Go's standard library classification helpers and does not block IPv6 transition mechanisms...

5.8CVSS6.1AI score0.00282EPSS
Exploits0References5
NVD
NVD
added 4 days ago6 views

CVE-2026-57575

Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a Server-Side Request Forgery SSRF vulnerability in URL preview functionality in UrlPreviewService. Due to missing network restrictions before establishing outbound connections, a remote attacker can...

6.9CVSS0.00347EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-57575 Misskey: SSRF bypass in URL Preview

Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a Server-Side Request Forgery SSRF vulnerability in URL preview functionality in UrlPreviewService. Due to missing network restrictions before establishing outbound connections, a remote attacker can...

6.9CVSS0.00347EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-55229 Gotenberg: SSRF via LibreOffice document processing

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.34.0, Gotenberg's /forms/libreoffice/convert endpoint allows a specially crafted document to cause LibreOffice to automatically retrieve external HTTPS resources and local file resources during document conversion, enabling bli...

7.5CVSS0.00355EPSS
Exploits0References3
OSV
OSV
added 4 days ago1 views

GHSA-WM45-QH3G-V83F mcp-atlassian: Arbitrary server-side file read via attachment upload

Summary A client that can invoke MCP tools can read arbitrary files from the server host and exfiltrate them as Atlassian attachments. The attachment-upload tools take a client-supplied filepath and open it on the server's filesystem. The upload tools are meant to attach a file from the caller's...

7.7CVSS6.1AI score
Exploits0References2
Rows per page
Query Builder