7165 matches found
CVE-2026-5126
A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function filegetcontents. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used...
CVE-2026-5126
CVE-2026-5126 affects SourceCodester RSS Feed Parser 1.0. The flaw is in the function file_get_contents , enabling a server-side request forgery (SSRF). The attack is possible to be carried out remotely, and the exploit has been published and may be used. This has been reflected across multiple s...
CVE-2026-5126 SourceCodester RSS Feed Parser file_get_contents server-side request forgery
A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function filegetcontents. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used...
Server-side Request Forgery (SSRF)
Overview crewai is a Cutting-edge framework for orchestrating role-playing, autonomous AI agents. By fostering collaborative intelligence, CrewAI empowers agents to work together seamlessly, tackling complex tasks. Affected versions of this package are vulnerable to Server-side Request Forgery SS...
Server-side Request Forgery (SSRF)
Overview crewai-tools is a Set of tools for the crewAI framework Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the RAG search tools not properly validating user-supplied URLs at runtime. An attacker can access internal or cloud resources by supplying...
FHIR Validator: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing
Summary The /loadIG HTTP endpoint in the FHIR Validator HTTP service accepts a user-supplied URL via JSON body and makes server-side HTTP requests to it without any hostname, scheme, or domain validation. An unauthenticated attacker with network access to the validator can probe internal network...
GHSA-X2F5-332J-9XWQ Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF)
Summary Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's WWW-Authenticate header without validating the scheme, hostname, or IP range. A malicious OCI registry can set the realm...
CVE-2026-33992
pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery SSRF attacks. An authenticated attacker can exploit this to access internal network service...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through improper handling of case-insensitive URL schemes in the FilterDeadline function. An attacker can access arbitrary files within the container by submitting URLs with mixed-case or uppercase schem...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through improper handling of case-insensitive URL schemes in the FilterDeadline function. An attacker can access arbitrary files within the container by submitting URLs with mixed-case or uppercase schem...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through improper handling of case-insensitive URL schemes in the FilterDeadline function. An attacker can access arbitrary files within the container by submitting URLs with mixed-case or uppercase schem...
CVE-2026-2286 CVE-2026-2286
CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime...
CVE-2026-2286
CVE-2026-2286 affects CrewAI ecosystem through a server-side request forgery (SSRF) vulnerability in the RAG search tooling, enabling an attacker to access internal and cloud resources by supplying crafted URLs at runtime. Connected advisories confirm the vulnerability in the CrewAI stack, includ...
CVE-2026-2286
CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime...
[SECURITY] [DLA 4517-1] roundcube security update
Debian LTS Advisory DLA-4517-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin March 30, 2026 https://wiki.debian.org/LTS Package : roundcube Version : 1.4.15+dfsg.1-1+deb11u8 CVE ID : not yet available Debian Bug : 1131182 1132268 Multiple vulnerabilities were...
Server-Side Request Forgery (SSRF)
github.com/zitadel/zitadel is vulnerable to an unauthenticated full-read Server-Side Request Forgery SSRF. The vulnerability is due to improper trust of the x-zitadel-forward-host header in the Login UI V2, which allows an attacker to force the server to make arbitrary HTTP requests and read...
CVE-2026-29954
In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator are affected by an SSRF vulnerability via the chartURL field of ResourceComposition resources. The field is only URL-encoded, with no validation of the target address. More critically, kubeconfiggenerator concatenates the chartURL di...
CVE-2026-29925
Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery SSRF in CheckDatabaseRequest.php...
Invoice Ninja 安全漏洞
Invoice Ninja is an open-source application developed by Invoice Ninja, featuring features for invoice management, quotation processing, project tracking, and time tracking. Versions 5.12.46 and 5.12.48 of Invoice Ninja contain security vulnerabilities, which stem from server-side request forgery...
CVE-2026-29925
Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery SSRF in CheckDatabaseRequest.php...