Lucene search
K

333 matches found

Vulnrichment
Vulnrichment
added 2026/05/09 5:5 a.m.8 views

CVE-2025-15634 HCL BigFix WebUI is affected by a missing authorization vulnerability

A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page...

5.3CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/05/09 5:5 a.m.20 views

CVE-2025-15634

CVE-2025-15634: In HCL BigFix WebUI, a missing authorization flaw lets an authenticated user with LOW privileges view sensitive environmental information via direct URL access to an unauthorized page. Impact: confidentiality (environmental data) exposed; attack vector: network; complexity: low; r...

5.3CVSS5.8AI score0.0018EPSS
Exploits0References1Affected Software21
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.13 views

HCL BigFix WebUI 安全漏洞

HCL BigFix WebUI is a web-based administration page from HCL India. A security vulnerability exists in HCL BigFix WebUI, which stems from an authorization gap that could result in an authenticated user without appropriate privileges accessing an unauthorized page to view sensitive environmental...

5.3CVSS5.8AI score0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.15 views

PT-2026-38387

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.32.0 Description Anonymous callers can access the '/forms/chromium/convert/url' and '/forms/chromium/screenshot/url' endpoints using the url parameter with the file:///tmp/ scheme. While a deny-list exists to...

5.9CVSS5.9AI score0.00251EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.11 views

PT-2026-39184

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.5 Description An authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node that points to an arbitrary internal URL and sending API requests with the X-Node-ID header. The Proxy...

9.9CVSS5.9AI score0.00318EPSS
Exploits1References11
ATTACKERKB
ATTACKERKB
added 2026/04/16 5:8 p.m.2 views

CVE-2026-24749

The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which...

5.3CVSS5.7AI score0.00398EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.7 views

PT-2026-33211

Name of the Vulnerable Software and Affected Versions NocoBase versions prior to 2.0.37 Description The workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without protection against Server-Side Request Forgery SSRF, a flaw where an...

6.5CVSS5.8AI score0.00384EPSS
Exploits1References10
NVD
NVD
added 2026/04/09 5:16 p.m.11 views

CVE-2026-39974

n8n-MCP is a Model Context Protocol MCP server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, an authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to iss...

8.5CVSS0.00316EPSS
Exploits0References3
CVE
CVE
added 2026/04/09 4:45 p.m.13 views

CVE-2026-39974

CVE-2026-39974 affects the n8n-mcp component (Model Context Protocol server). In multi-tenant HTTP mode, an authenticated caller with a valid AUTH_TOKEN can trigger SSRF to arbitrary URLs supplied via per-request headers (instance-URL headers). The server reflects HTTP responses back through JSON...

8.5CVSS6.1AI score0.00316EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/08 7:53 p.m.3 views

GHSA-4GGG-H7PH-26QR n8n-mcp has authenticated SSRF via instance-URL header in multi-tenant HTTP mode

Impact An authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to issue HTTP requests to arbitrary URLs supplied through multi-tenant HTTP headers. Response bodies are reflected back through JSON-RPC, so an attacker can read the conten...

8.5CVSS5.8AI score0.00316EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/08 7:53 p.m.6 views

n8n-mcp has authenticated SSRF via instance-URL header in multi-tenant HTTP mode

Impact An authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to issue HTTP requests to arbitrary URLs supplied through multi-tenant HTTP headers. Response bodies are reflected back through JSON-RPC, so an attacker can read the conten...

8.5CVSS6AI score0.00316EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

whisperX REST API 代码问题漏洞

WhisperX REST API is an audio transcription and analysis enhancement tool developed by Pavel Zbornik. Versions of the WhisperX REST API from 0.3.1 to 0.5.0 have code vulnerabilities. These vulnerabilities stem from the FileService.downloadfromurl function, which performs a file extension check...

5.8CVSS5.9AI score0.00252EPSS
Exploits1References3
CVE
CVE
added 2026/03/27 12:0 a.m.5 views

CVE-2026-30637

CVE-2026-30637 is an SSRF vulnerability in OTCMS prior to V7.66, affecting the AnnounContent in /admin/read.php. The issue allows unauthenticated attackers to craft HTTP requests to internal or arbitrary remote URLs. The CVSS v3.1 base score is 7.5 (HIGH) with network access, low attack complexit...

7.5CVSS6AI score0.00499EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.6 views

CVE-2026-26801

Server-Side Request Forgery SSRF vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy method allowing server operato...

7.5CVSS5.8AI score0.00481EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/03/11 12:0 a.m.3 views

CVE-2025-66956

Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL...

5.9AI score0.00485EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/10 9:32 p.m.3 views

Server-side Request Forgery (SSRF)

Overview org.webjars.npm:pdfmake is a Client/server side PDF printing in pure JavaScript Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URLResolver component. An attacker can obtain sensitive information by making crafted requests to internal or...

8.7CVSS5.4AI score0.00481EPSS
Exploits2References2
EUVD
EUVD
added 2026/03/10 9:32 p.m.6 views

EUVD-2026-10756

Server-Side Request Forgery SSRF vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy method allowing server operato...

7.5CVSS5.8AI score0.00481EPSS
Exploits2References5
OSV
OSV
added 2026/03/10 9:32 p.m.4 views

GHSA-WP52-R2FP-4VMR pdfmake is vulnerable to server-side request forgery (SSRF)

Server-Side Request Forgery SSRF vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy method allowing server operato...

7.5CVSS5.9AI score0.00481EPSS
Exploits2References6
Snyk
Snyk
added 2026/03/10 9:32 p.m.6 views

Server-side Request Forgery (SSRF)

Overview pdfmake is a Client/server side PDF printing in pure JavaScript Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URLResolver component. An attacker can obtain sensitive information by making crafted requests to internal or external resources...

8.7CVSS5.8AI score0.00481EPSS
Exploits2References2
EUVD
EUVD
added 2026/03/10 9:32 p.m.3 views

EUVD-2026-10757

Server-Side Request Forgery SSRF vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy method allowing server operato...

7.5CVSS5.8AI score0.00481EPSS
Exploits2References5
Rows per page
Query Builder