7150 matches found
CVE-2026-6215
CVE-2026-6215 affects DbGate up to 7.1.4, specifically the REST/GraphQL component and its function apiServerUrl1 in packages/rest/src/openApiDriver.ts. The underlying issue enables server-side request forgery (SSRF) and may be triggered remotely. An exploit has been publicly available, and the ve...
CVE-2026-39521
Server-Side Request Forgery SSRF vulnerability in Nelio Software Nelio Content nelio-content allows Server Side Request Forgery.This issue affects Nelio Content: from n/a through = 4.3.1...
CVE-2026-33534
EspoCRM
EUVD-2026-21918
Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking MCP: 0.1.0. Users are recommended to upgrade to version 0.2.0, which fixes this issue...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the SW-URL header in the MCP server. An attacker can access internal resources and potentially exfiltrate sensitive information by sending crafted requests that are processed by the server. Remediati...
Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server
Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking MCP: 0.1.0. Users are recommended to upgrade to version 0.2.0, which fixes this issue...
GHSA-C4HG-6933-X62X Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server
Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking MCP: 0.1.0. Users are recommended to upgrade to version 0.2.0, which fixes this issue...
CVE-2026-6111
A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...
CVE-2026-34476
Apache SkyWalking MCP (0.1.0) is affected by a Server-Side Request Forgery vulnerability exposed via the SW-URL header in the MCP Server. The issue affects MCP 0.1.0 and upgrading to 0.2.0 is recommended as the fix. No exploitation details are provided in the sources.
CVE-2026-34476 Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server
Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking MCP: 0.1.0. Users are recommended to upgrade to version 0.2.0, which fixes this issue...
CVE-2026-34476 Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server
Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking MCP: 0.1.0. Users are recommended to upgrade to version 0.2.0, which fixes this issue...
Server-Side Request Forgery (SSRF)
Axios is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper hostname normalization when evaluating NOPROXY rules, where crafted loopback addresses e.g., localhost. or ::1 bypass proxy exclusions and are routed through the proxy, allowing attackers to access...
CVE-2026-5936 Server-Side Request Forgery (SSRF) via URL Parameter in Foxit PDF Services API
An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints e.g., cloud metadata services, or bypass...
CVE-2026-5936 Server-Side Request Forgery (SSRF) via URL Parameter in Foxit PDF Services API
An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints e.g., cloud metadata services, or bypass...
CVE-2026-5936
CVE-2026-5936 pertains to Foxit PDF Services API and describes a server-side request forgery (SSRF) where an attacker can influence a server to perform HTTP requests to arbitrary destinations by supplying a crafted URL. Affects the component handling URL parameters; this can enable probing intern...
BIT-ELK-2026-33458 Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure
Server-Side Request Forgery CWE-918 in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data...
HummerCloud HummerRisk 代码问题漏洞
HummerCloud HummerRisk is an open-source cloud-native security platform developed by HummerCloud Technology in China. It addresses security and governance issues in cloud-native environments in a non-invasive manner. Its core capabilities include security governance for hybrid clouds and...
PT-2026-32517
EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery SSRF via a DNS rebinding TOCTOU condition. Host validation uses dns get record but the actual HTTP...
DbGate 代码问题漏洞
DbGate is an open-source database manager developed by DbGate. Versions of DbGate 7.1.4 and earlier contained a code vulnerability. This vulnerability stemmed from a server-side request forgery issue in the apiServerUrl1 function within the REST/GraphQL component’s...
PT-2026-32510
A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been...