Lucene search
K

25586 matches found

Nuclei
Nuclei
added 19 hours ago15 views

WSO2 - Server Side Request Forgery

WSO2 products contain SSRF and reflected XSS vulnerabilities in the deprecated Try-It feature accessible only to administrative users, caused by improper URL validation and direct content reflection, letting attackers trick admins into executing arbitrary JavaScript and querying internal services...

5.9CVSS6AI score0.00583EPSS
Exploits0References1
Nuclei
Nuclei
added 19 hours ago8 views

Stirling-PDF < 1.1.0 - Server-Side Request Forgery

Stirling-PDF 1.1.0 contains a server side request forgery caused by bypassing the sanitizer in the /api/v1/convert/html/pdf endpoint when processing HTML to PDF conversion, letting attackers perform SSRF, exploit requires local access. id: CVE-2025-55150 info: name: Stirling-PDF 1.1.0 - Server-Si...

9.8CVSS6AI score0.01587EPSS
Exploits0References2
Nuclei
Nuclei
added 19 hours ago17 views

BMC FootPrints 'feedUrl' - Server-Side Request Forgery

BMC FootPrints versions 20.20.02 through 20.24.01.001 contain a Server-Side Request Forgery SSRF vulnerability in the /footprints/servicedesk/externalfeed/RSS endpoint. The 'feedUrl' parameter allows unauthenticated attackers to force the server to make HTTP requests to arbitrary URLs, enabling...

8.8CVSS6.2AI score0.3436EPSS
Exploits2References3
Nuclei
Nuclei
added 19 hours ago8 views

LobeHub LobeChat <= 2.1.56 - Server-Side Request Forgery

LobeHub LobeChat versions up to and including 2.1.56 are vulnerable to an unauthenticated server-side request forgery vulnerability in the /webapi/proxy endpoint. The endpoint accepts a URL in the POST request body and fetches it server-side without authentication. id: CVE-2026-54157 info: name:...

9CVSS5.9AI score0.0178EPSS
Exploits0References2
Nuclei
Nuclei
added 19 hours ago54 views

EspoCRM <= 9.3.3 - Server-Side Request Forgery

EspoCRM = 9.3.3 contains an authenticated server-side request forgery caused by improper internal-host validation using alternative IPv4 formats in HostCheck::isNotInternalHost, letting authenticated users access internal resources via /api/v1/Attachment/fromImageUrl endpoint. id: CVE-2026-33534...

4.3CVSS5.9AI score0.01978EPSS
Exploits5References2
Nuclei
Nuclei
added 19 hours ago23 views

WordPress CAS Theme <= 1.0.0 - Server-Side Request Forgery

The CAS WordPress theme through version 1.0.0 is vulnerable to Server-Side Request Forgery SSRF via the 'url' parameter in the getremotedata.php script. This vulnerability allows unauthenticated attackers to make the server perform requests to arbitrary URLs. id: CVE-2024-4399 info: name: WordPre...

9.1CVSS6AI score0.01836EPSS
Exploits2References2
Nuclei
Nuclei
added 19 hours ago64 views

kkFileView 4.0 - Server-Side Request Forgery

kkFileView 4.0 contains a server-side request forgery caused by improper validation in OnlinePreviewController.java, letting attackers induce the server to make arbitrary requests, exploit requires sending crafted requests. id: CVE-2022-42149 info: name: kkFileView 4.0 - Server-Side Request Forge...

9.8CVSS7.3AI score0.0219EPSS
Exploits0References2
Nuclei
Nuclei
added 19 hours ago27 views

WordPress <= 6.2 - Server Side Request Forgery

WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. id: CVE-2022-3590 info: name: WordPress = 6.2 - Server Side...

5.9CVSS6.3AI score0.0315EPSS
Exploits5References2
Nuclei
Nuclei
added 19 hours ago39 views

Elestio Memos <= v0.24.0 - Server-Side Request Forgery

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery SSRF due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks. id: CVE-2025-22952 info: name: Elestio Memos = v0.24.0 - Server-Side Request Forgery author: iamnoooob,rootxharsh,pdresearc...

9.8CVSS6.1AI score0.02818EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago53 views

rConfig 3.9.4 - Server-Side Request Forgery

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the patha parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs. id: CVE-2023-39109 info: name: rConf...

8.8CVSS7.3AI score0.02965EPSS
Exploits1References4
Nuclei
Nuclei
added 19 hours ago44 views

Ignite Realtime Openfire <=4.4.2 - Server-Side Request Forgery

Ignite Realtime Openfire through version 4.4.2 allows attackers to send arbitrary HTTP GET requests in FaviconServlet.java, resulting in server-side request forgery. id: CVE-2019-18394 info: name: Ignite Realtime Openfire =4.4.3 to fix this vulnerability. reference: -...

9.8CVSS7.4AI score0.32304EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago15 views

BrightSign Digital Signage 8.2.26 - Server-Side Request Forgery

Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in the BrightSign digital signage media player affecting the Diagnostic Web Server DWS. The application parses user supplied data in the 'url' GET parameter to construct a diagnostics request to the Download Speed Test service...

6.9CVSS6AI score0.0083EPSS
Exploits0References3
Nuclei
Nuclei
added 19 hours ago92 views

Owncast - Server Side Request Forgery

Server-Side Request Forgery SSRF in GitHub repository owncast/owncast prior to 0.1.0. id: CVE-2023-3188 info: name: Owncast - Server Side Request Forgery author: DhiyaneshDk severity: medium description: | Server-Side Request Forgery SSRF in GitHub repository owncast/owncast prior to 0.1.0. impac...

8.3CVSS7AI score0.01356EPSS
Exploits1References2
Nuclei
Nuclei
added 19 hours ago56 views

Ligeo Archives Ligeo Basics - Server Side Request Forgery

Ligeo Archives Ligeo Basics as of 0201-2022 is vulnerable to Server Side Request Forgery SSRF which allows an attacker to read any documents via the download features. id: CVE-2021-46107 info: name: Ligeo Archives Ligeo Basics - Server Side Request Forgery author: ritikchaddha severity: high...

7.5CVSS7.1AI score0.07408EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago63 views

Gitlab CE/EE 10.5 - Server-Side Request Forgery

GitLab CE/EE versions starting from 10.5 are susceptible to a server-side request forgery vulnerability when requests to the internal network for webhooks are enabled, even on a GitLab instance where registration is limited. The same vulnerability actually spans multiple CVEs, due to similar...

9.8CVSS7.3AI score0.53372EPSS
Exploits2References5
Nuclei
Nuclei
added 19 hours ago48 views

Imgproxy < 3.27.2 - Server-Side Request Forgery (SSRF)

imgproxy contains an issue caused by not blocking the 0.0.0.0 address even when IMGPROXYALLOWLOOPBACKSOURCEADDRESSES is set to false, letting local services be exposed, exploit requires network access. id: CVE-2025-24354 info: name: Imgproxy 3.27.2 - Server-Side Request Forgery SSRF author:...

5.3CVSS7AI score0.00844EPSS
Exploits0References2
Nuclei
Nuclei
added 19 hours ago97 views

Drawio <18.0.4 - Server-Side Request Forgery

Drawio prior to 18.0.4 is vulnerable to server-side request forgery. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information. id: CVE-2022-1713 info: name: Drawio 18.0.4 - Server-Side Request Forgery author: pikpikcu severity: high...

7.5CVSS7.1AI score0.08667EPSS
Exploits1References4
Nuclei
Nuclei
added 19 hours ago54 views

Hurrakify <= 2.4 - Server-Side Request Forgery

The Hurrakify plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application which can be used to query and modify...

7.2CVSS7.2AI score0.01461EPSS
Exploits1References4
Nuclei
Nuclei
added 19 hours ago106 views

Imgproxy <= 3.14.0 - Server-side request forgery (SSRF)

imgproxy =3.14.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter. id: CVE-2023-30019 info: name: Imgproxy = 3.14.0 - Server-side request forgery SSRF author: DhiyaneshDK severity: medium description: | imgproxy =3.14.0 is vulnerable to...

5.3CVSS6.1AI score0.02214EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-55471

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, org.hl7.fhir.utilities.XsltUtilities saxonTransform... overloads instantiated a bare net.sf.saxon.TransformerFactoryImpl without ACCESSEXTERNALDTD or ACCESSEXTERNALSTYLESHEET...

8.7CVSS6AI score
Exploits0References4Affected Software1
Rows per page
Query Builder