Lucene search
K

25457 matches found

Nuclei
Nuclei
added 2 days ago9 views

mcp-atlassian < 0.17.0 - Server-Side Request Forgery

MCP Atlassian 0.17.0 contains a server-side request forgery caused by improper validation of custom HTTP headers in the HTTP middleware, letting unauthenticated attackers force outbound requests to arbitrary URLs, exploit requires access to the mcp-atlassian HTTP endpoint. id: CVE-2026-27826 info...

9CVSS6.2AI score0.13589EPSS
Exploits2References4
Nuclei
Nuclei
added 2 days ago42 views

OsTicket < 1.14.3 - Server Side Request Forgery

SSRF vulnerability exists in osTicket before 1.14.3, allowing an attacker to add malicious files to the server or perform port scanning. id: CVE-2020-24881 info: name: OsTicket 1.14.3 - Server Side Request Forgery author: hnd3884 severity: critical description: | SSRF vulnerability exists in...

9.8CVSS7.2AI score0.73267EPSS
Exploits3References2
Nuclei
Nuclei
added 2 days ago345 views

Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request Forgery

WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value in com/wavemaker/studio/StudioService.java, leading to disclosure of local files and server-side request forgery. id: CVE-2019-8982 info: name: Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request...

9.6CVSS7.2AI score0.25563EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago43 views

Ignite Realtime Openfire <=4.4.2 - Server-Side Request Forgery

Ignite Realtime Openfire through version 4.4.2 allows attackers to send arbitrary HTTP GET requests in FaviconServlet.java, resulting in server-side request forgery. id: CVE-2019-18394 info: name: Ignite Realtime Openfire =4.4.3 to fix this vulnerability. reference: -...

9.8CVSS7.4AI score0.32304EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago82 views

WordPress JSmol2WP <=1.07 - Local File Inclusion

WordPress JSmol2WP plugin 1.07 is susceptible to local file inclusion via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context...

7.5CVSS6.9AI score0.13078EPSS
Exploits4References5
Nuclei
Nuclei
added 2 days ago12 views

BMC FootPrints 'searchWeb' - Server-Side Request Forgery

BMC FootPrints versions 20.20.02 through 20.24.01.001 contain a Server-Side Request Forgery SSRF vulnerability in the /footprints/servicedesk/import/searchWeb endpoint. The 'url' parameter allows unauthenticated attackers to force the server to make HTTP requests to arbitrary URLs, enabling acces...

8.8CVSS6.2AI score0.3436EPSS
Exploits2References2
Nuclei
Nuclei
added 2 days ago147 views

WordPress Paytm Payment Gateway <=2.7.0 - Server-Side Request Forgery

WordPress Paytm Payment Gateway plugin through 2.7.0 contains a server-side request forgery vulnerability. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized...

7.2CVSS6.8AI score0.40506EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago77 views

XStream <1.4.18 - Server-Side Request Forgery

XStream before 1.4.18 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream with a Java runtime version 14 to 8. This makes it possible to obtain sensitive information, modify...

8.5CVSS6.9AI score0.11468EPSS
Exploits2References5
Nuclei
Nuclei
added 2 days ago52 views

MinIO Browser API - Server-Side Request Forgery

MinIO Browser API before version RELEASE.2021-01-30T00-20-58Z contains a server-side request forgery vulnerability. id: CVE-2021-21287 info: name: MinIO Browser API - Server-Side Request Forgery author: pikpikcu severity: high description: MinIO Browser API before version...

7.7CVSS7.1AI score0.24784EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago28 views

Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Remote File Inclusion/Server-Side Request Forgery

Onair2 3.9.9.2 and KenthaRadio 2.0.2 have exposed proxy functionality to unauthenticated users. Sending requests to this proxy functionality will have the web server fetch and display the content from any URI, allowing remote file inclusion and server-side request forgery. id: CVE-2021-24472 info...

9.8CVSS7.3AI score0.56614EPSS
Exploits2References4
Nuclei
Nuclei
added 3 days ago33 views

vRealize Operations Manager API - Server-Side Request Forgery

vRealize Operations Manager API is susceptible to server-side request forgery. A malicious actor with network access to the vRealize Operations Manager API can steal administrative credentials or trigger remote code execution using CVE-2021-21983. id: CVE-2021-21975 info: name: vRealize Operation...

8.5CVSS7.7AI score0.7829EPSS
Exploits12References3
Nuclei
Nuclei
added 3 days ago76 views

Oracle Weblogic - Server-Side Request Forgery

An unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services. id: CVE-2014-4210 info: name: Oracle Weblogic - Server-Side Request Forgery author:...

5CVSS7.3AI score0.38152EPSS
Exploits8References5
Nuclei
Nuclei
added 3 days ago91 views

GeoServer WPS - Server Side Request Forgery

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service WPS specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request...

9.8CVSS7.1AI score0.67715EPSS
Exploits0References4
Snyk
Snyk
added 4 days ago3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the repository migration process when handling HTTP redirects. An attacker can access internal network resources by supplying a crafted URL that triggers the application to follow redirects to...

7.1CVSS6AI score0.00243EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the repository migration process when handling HTTP redirects. An attacker can access internal network resources by supplying a crafted URL that triggers the application to follow redirects to...

7.1CVSS6AI score0.00243EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the repository migration process when handling HTTP redirects. An attacker can access internal network resources by supplying a crafted URL that triggers the application to follow redirects to...

7.1CVSS6AI score0.00243EPSS
Exploits0References2
NVD
NVD
added 4 days ago5 views

CVE-2026-57993

Server-side request forgery ssrf in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

7.4CVSS0.00631EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-58278

Server-side request forgery ssrf in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

5.4CVSS0.00323EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-57987

Server-side request forgery ssrf in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

6.5CVSS0.00631EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-22874

Gitea versions up to and including 1.26.2 have incomplete SSRF protection in webhook and migration allow-list filtering...

9.6CVSS0.00464EPSS
Exploits1References5
Rows per page
Query Builder