CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/04/14 4:14 p.m.•7 views

Server-side Request Forgery (SSRF)

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the...

8.5CVSS5.8AI score0.00036EPSS

Cvelist•added 2026/04/14 3:38 p.m.•28 views

CVE-2025-59809

A server-side request forgery ssrf vulnerability CWE-918 vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise 7.6.0...

4.3CVSS0.00035EPSS

Exploits0References1

Veracode•added 2026/04/14 7:35 a.m.•2 views

Server-Side Request Forgery (SSRF)

github.com/jon4hz/jellysweep is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of the URL parameter in the /api/images/cache endpoint, which allows an authenticated attacker to make the server download arbitrary content from attacker-controlled URL...

8.9CVSS5.9AI score0.00072EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/04/14 1:39 a.m.•25 views

CVE-2026-34225 Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in the functionality that allows editing an image via a prompt. The affected function performs a GET request to a user-provided U...

4.3CVSS0.00036EPSS

EUVD•added 2026/04/14 1:39 a.m.•3 views

EUVD-2026-22188

4.3CVSS5.7AI score0.00036EPSS

RedhatCVE•added 2026/04/14 1:22 a.m.•3 views

CVE-2026-39647

Server-Side Request Forgery SSRF vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through = 5.11...

5.4CVSS5.8AI score0.00038EPSS

Exploits0References1

RedhatCVE•added 2026/04/14 1:22 a.m.•3 views

CVE-2026-40242

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.17.3, the /api/templates/fetch endpoint accepts a caller-supplied url parameter and performs a server-side HTTP GET request to that URL without authentication and without URL scheme or host validation...

7.2CVSS5.8AI score0.00932EPSS

RedhatCVE•added 2026/04/14 1:22 a.m.•1 views

CVE-2026-40089

Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery SSRF vulnerability in its API client apps/dashboard/lib/api.ts. Installations created using the provided install.sh script includi...

9.9CVSS5.9AI score0.00055EPSS

Exploits0References1

RedhatCVE•added 2026/04/14 1:22 a.m.•6 views

CVE-2026-39843

Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of GHSA-jcc6-f9v6-f7jw is incomplete which could lead to the same full read Server-Side Request Forgery when a normal html page contains a link tag with an href that redirects to a private IP address ...

7.7CVSS5.9AI score0.00038EPSS

CNNVD•added 2026/04/14 12:0 a.m.•4 views

Webkul Krayin CRM 安全漏洞

Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses developed by the Indian company Webkul. Version 2.2.x of Webkul Krayin CRM contains a security vulnerability. This vulnerability stems from an issue with server-side request forgeing in the...

8.5CVSS5.8AI score0.00036EPSS

Cvelist•added 2026/04/14 12:0 a.m.•21 views

CVE-2026-38527

A Server-Side Request Forgery SSRF in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request...

8.5CVSS0.00036EPSS

CNNVD•added 2026/04/14 12:0 a.m.•5 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI 0.7.2 and earlier contain security vulnerabilities. These vulnerabilities stem from a feature that allows for image editing through prompts, which enables blind server-side...

4.3CVSS5.8AI score0.00036EPSS

Positive Technologies•added 2026/04/14 12:0 a.m.•4 views

PT-2026-32681

CVE-2026-38527 A Server-Side Request Forgery SSRF in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying … https://t.co/UnVbPvc3Tv...

8.5CVSS5.7AI score0.00036EPSS

Exploits1References5

EUVD•added 2026/04/13 9:30 p.m.•2 views

EUVD-2026-22085

A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been...

6.5CVSS5.4AI score0.00041EPSS

ATTACKERKB•added 2026/04/13 9:0 p.m.•2 views

CVE-2026-6220

A vulnerability was identified in HummerRisk up to 1.5.0. This vulnerability affects the function ServerService.addServer of the file ServerService.java of the component Video File Download URL Handler. Such manipulation of the argument streamIp leads to server-side request forgery. It is possibl...

5.8CVSS5.5AI score0.00047EPSS

Cvelist•added 2026/04/13 9:0 p.m.•18 views

CVE-2026-6220 HummerRisk Video File Download URL ServerService.java ServerService.addServer server-side request forgery

5.8CVSS0.00047EPSS

Vulnrichment•added 2026/04/13 9:0 p.m.•2 views

CVE-2026-6220 HummerRisk Video File Download URL ServerService.java ServerService.addServer server-side request forgery

5.8CVSS5.5AI score0.00047EPSS