CVE-2026-3515

A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...

CVE-2026-42335

MaxKB (open-source AI assistant for enterprise) prior to 2.8.1 is vulnerable to an SSRF bypass in the OSS file service URL fetch endpoint (chat/api/oss/get_url). The issue stems from inconsistent URL parsing between the urlparse validation function and the requests HTTP client, enabling an attack...

EUVD-2026-31983

MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch chat/api/oss/geturl endpoint. The vulnerability exists due to inconsistent URL parsing between the urlparse...

CVE-2026-2264

A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery SSRF and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure configuration of the API...

EUVD-2025-203462

Weblate has a Server-Side Request Forgery issue...

CVE-2026-2264

A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery SSRF and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure configuration of the API...

CVE-2026-2264

CVE-2026-2264 describes a vulnerability in Google Cloud Apigee SetIntegrationRequest policy enabling remote SSRF and exfiltration of service account tokens. Exploitation required an insecure API proxy configuration; CVSS metrics indicate network access with low complexity, no privileges, and high...

CVE-2026-2264 Server-Side Request Forgery and Credential Exfiltration in Google Cloud Apigee via SetIntegrationRequest Policy.

A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery SSRF and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure configuration of the API...

CVE-2026-40564

Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...

CVE-2025-14290 IBM webMethods Integration Sever is vulnerable to server-side request forgery

IBM webMethods Integration on prem -Integration Server 10.15 through IS10.15CoreFix2611.1 to IS11.1CoreFix10 IBM webMethods Integration is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to...

CVE-2025-14290

IBM webMethods Integration Server (on premise) versions 10.15 to IS_10.15_Core_Fix2611.1 and 11.1 to IS_11.1_Core_Fix10 are affected by CVE-2025-14290, a server-side request forgery (SSRF) vulnerability in the Administration > Publishing > Add subscriber UI. An authenticated attacker could ...

EUVD-2025-209934

IBM webMethods Integration on prem -Integration Server 10.15 through IS10.15CoreFix2611.1 to IS11.1CoreFix10 IBM webMethods Integration is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to...

CVE-2025-14290

IBM webMethods Integration on prem -Integration Server 10.15 through IS10.15CoreFix2611.1 to IS11.1CoreFix10 IBM webMethods Integration is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to...

CVE-2026-45082

Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...

CVE-2026-45082

Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2026-1561) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-1561 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is...

Google Cloud Apigee 安全漏洞

Google Cloud Apigee is an API management platform provided by Google Inc. It supports features such as API gateways, traffic governance, and interface security management. There are security vulnerabilities in Google Cloud Apigee. These vulnerabilities stem from allowing remote attackers to execu...

MaxKB 代码问题漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.8.0 contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing bypass vulnerability in the OSS file service URL...

PT-2026-43284

Name of the Vulnerable Software and Affected Versions Google Cloud Apigee affected versions not specified Description A flaw in the SetIntegrationRequest policy allows remote attackers to perform Server-Side Request Forgery SSRF, which is a technique where an attacker forces a server to make...

karakeep 安全漏洞

Karakeep is an open-source bookmarking app developed by Karakeep App. Versions of Karakeep prior to 0.32.0 contained security vulnerabilities. These vulnerabilities stemmed from a SSRF protection that could be bypassed by carefully crafted HTTP redirection chains. Authentication users could enabl...