CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 5 days ago•7 views

CVE-2026-10581 DedeCMS download.php base64_decode server-side request forgery

6.5CVSS6.3AI score0.00029EPSS

Cvelist•added 5 days ago•39 views

CVE-2026-10581 DedeCMS download.php base64_decode server-side request forgery

6.5CVSS0.00029EPSS

Positive Technologies•added 5 days ago•7 views

PT-2026-45690

A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64 decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and...

6.5CVSS6.3AI score0.00029EPSS

Positive Technologies•added 5 days ago•8 views

PT-2026-45691

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts config.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate...

5.8CVSS5.4AI score0.00042EPSS

Exploits0References8

Positive Technologies•added 5 days ago•6 views

PT-2026-45884

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read file. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...

6.5CVSS6.2AI score0.00043EPSS

Exploits0References8

NVD•added 6 days ago•10 views

CVE-2026-49138

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the webfetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL that redirects to a loopback or private address via a 3xx Location header. Attackers can exploit the...

5.3CVSS0.00039EPSS

NVD•added 6 days ago•9 views

CVE-2026-49139

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...

7CVSS0.00132EPSS

Cvelist•added 6 days ago•23 views

CVE-2026-49139 Nanobot < 0.2.1 SSRF via Microsoft Teams Channel serviceUrl Poisoning

7CVSS0.00132EPSS

ATTACKERKB•added 6 days ago•7 views

CVE-2026-49139

CVE•added 6 days ago•10 views

CVE-2026-49139

Summary: Nanobot before 0.2.1 contains a server-side request forgery (SSRF) in the Microsoft Teams channel handler, enabling attackers to exfiltrate Bot Framework bearer tokens. By sending a forged inbound activity with an attacker-controlled serviceUrl, an adversary can poison the stored convers...

Vulnrichment•added 6 days ago•6 views

CVE-2026-49139 Nanobot < 0.2.1 SSRF via Microsoft Teams Channel serviceUrl Poisoning

EUVD•added 6 days ago•6 views

EUVD-2026-33759

EUVD•added 6 days ago•9 views

EUVD-2026-33758

A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function getheaders of the file /index.php. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

7.5CVSS5.6AI score0.00045EPSS

Exploits0References6

Vulnrichment•added 6 days ago•7 views

CVE-2026-49138 Nanobot < 0.2.1 SSRF via web_fetch Tool Redirect Following

EUVD•added 6 days ago•11 views

EUVD-2026-33757

ATTACKERKB•added 6 days ago•8 views

CVE-2026-49138

CVE•added 6 days ago•14 views

CVE-2026-49138

Nanobot prior to version 0.2.1 contains a server-side request forgery (SSRF) in the web_fetch tool. An attacker can supply a URL that redirects to a loopback or private address via a 3xx Location header, taking advantage of the httpx library’s automatic redirect-follow behavior to bypass initial ...