7306 matches found
CVE-2026-25528
CVE-2026-25528 affects LangSmith Client SDKs with distributed tracing. The baggage header in HTTP requests could inject replica configurations (api_url/api_key), causing the SDK to send trace data to attacker-controlled endpoints via post()/patch() after a traced operation. Root cause: RunTree.fr...
CVE-2026-25528 LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to...
CVE-2026-25528 LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to...
CVE-2026-25528 LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to...
CVE-2026-25528
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to...
Server-Side Request Forgery (SSRF)
NocoDB is vulnerable to a Server-Side Request Forgery SSRF. The vulnerability is due to an unprotected HEAD request in the uploadViaURL functionality, which allows an attacker to trigger limited outbound requests to arbitrary URLs before SSRF validation is enforced...
CVE-2026-25493
Craft CMS versions 4.0.0-RC1–4.16.17 and 5.0.0-RC1–5.8.21 contain an SSRF bypass in the saveAsset GraphQL mutation: the hostname/IP blocklist check is bypassed because Guzzle follows redirects by default, allowing an attacker to point redirects to cloud metadata endpoints or internal addresses. A...
CVE-2026-0632
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...
CVE-2026-0632 Fluent Forms Pro Add On Pack <= 6.1.12 - Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource'
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...
CVE-2026-0632
CVE-2026-0632 affects the Fluent Forms Pro Add On Pack for WordPress. All versions up to and including 6.1.12 are vulnerable to Server-Side Request Forgery via the saveDataSource function. Authenticated users with Subscriber-level access or higher can cause the web application to make requests to...
Server-Side Request Forgery (SSRF)
Webpack is vulnerable to Server-Side Request Forgery SSRF . The vulnerability is due to missing re-validation of allowedUris after HTTP 30x redirects in the HttpUriPlugin, allowing imports initially constrained to trusted URLs to be redirected to untrusted or internal endpoints, resulting in...
CVE-2026-25904 Overly permissive Deno configuration in mcp-run-python leads to SSRF
The Pydantic-AI MCP Run Python tool configures the Deno sandbox with an overly permissive configuration that allows the underlying Python code to access the localhost interface of the host to perform SSRF attacks. Note - the "mcp-run-python" project is archived and unlikely to receive a fix...
PT-2026-7149
Name of the Vulnerable Software and Affected Versions LangSmith Client SDKs versions prior to 0.6.3 LangSmith Client SDKs versions prior to 0.4.6 Description The LangSmith SDK’s distributed tracing feature is susceptible to Server-Side Request Forgery SSRF through manipulation of HTTP headers. An...
PT-2026-7153
Name of the Vulnerable Software and Affected Versions Faraday versions prior to 2.14.1 Description Faraday is an HTTP client library abstraction layer. A flaw exists in the build exclusive url method located in lib/faraday/connection.rb due to the use of Ruby’s URImerge function. This allows an...
WordPress plugin Fluent Forms Pro Add On Pack 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...
pydantic-ai 代码问题漏洞
Pydantic-ai is a generative AI framework developed by Pydantic for building production-level applications and workflows. Pydantic-ai has code vulnerabilities, which stem from overly permissive Deno sandbox configurations. These vulnerabilities may lead to server-side request forgeing attacks...
Linux Distros Unpatched Vulnerability : CVE-2026-22247
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook...
SUSE CVE-2026-23845
Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery SSRF via HTML Check CSS Download. The HTML Check feature /api/v1/message/ID/html-check is designed to analyze HTML emails for compatibility. During this process, the...
CVE-2026-25123 Homarr affected by Unauthenticated SSRF / Port-Scan Primitive via widget.app.ping
Homarr is an open-source dashboard. Prior to 1.52.0, a public unauthenticated tRPC endpoint widget.app.ping accepts an arbitrary url and performs a server-side request to that URL. This allows an unauthenticated attacker to trigger outbound HTTP requests from the Homarr server, enabling SSRF...
CVE-2026-25580
Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 0.0.26 to before 1.56.0, aServer-Side Request Forgery SSRF vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources,...