CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

126 matches found

CVE-2026-40961 Apache Airflow: Open Redirect Bypass Vulnerability

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

0.00085EPSS

Exploits0References2

Cvelist•added 2026/05/19 9:21 a.m.•31 views

CVE-2026-31378 Apache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execution

Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

0.00296EPSS

Exploits0References1

Github Security Blog•added 2026/05/14 8:29 p.m.•7 views

DeepSeek TUI has SSRF‌ IPV6 bypass

Summary Although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as http://::1, the SSRF defenses do not work. Details...

7.4CVSS5.8AI score0.00032EPSS

Exploits0References3Affected Software1

OSV•added 2026/05/14 6:26 p.m.•2 views

GHSA-7RX4-C5VX-G8W3 Karakeep SDK has SSRF via metascraper-logo-favicon that bypasses validateUrl protections

Summary The metascraper-logo-favicon plugin makes HTTP requests to URLs extracted from attacker-controlled HTML without going through the application's validateUrl SSRF protections. This allows any authenticated user to make the server fetch arbitrary internal URLs by bookmarking a page containin...

7.1CVSS6AI score

Exploits0References5

Github Security Blog•added 2026/05/14 6:26 p.m.•4 views

Karakeep SDK has SSRF via metascraper-logo-favicon that bypasses validateUrl protections

6AI score

Exploits0References5Affected Software1

Vulnrichment•added 2026/05/11 9:42 p.m.•7 views

CVE-2026-43899 DeepChat: Incomplete Fix for CVE-2025-55733 leads to Remote Code Execution via Markdown Links bypassing `isValidExternalUrl`

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerable to an arbitrary protocol execution bypass RCE. While the patch correctly restricted...

9.6CVSS6AI score0.00081EPSS

Exploits0References1

Snyk•added 2026/05/04 8:21 p.m.•5 views

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the sendPhoto process. An attacker can cause unauthorized requests to internal or external resources by supplying a crafted outbound photo URL tha...

8.6CVSS5.8AI score0.00044EPSS

Exploits0References2

EUVD•added 2026/04/14 12:31 a.m.•1 views

EUVD-2026-22134

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7CVSS5.8AI score0.00021EPSS

Exploits0References4

Vulnrichment•added 2026/04/13 9:52 p.m.•1 views

CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()

7CVSS5.9AI score0.00021EPSS

Exploits0References8

Tenable Nessus•added 2026/01/20 12:0 a.m.•3 views

MiracleLinux 8 : nodejs:18 (AXSA:2024-8777:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8777:01 advisory. node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import restrictio...

6.5CVSS6.6AI score0.00663EPSS

Exploits1References3

Vulnrichment•added 2025/12/03 4:43 p.m.•2 views

CVE-2024-32643 Masa CMS vulnerable to authentication bypass with /tag/

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, if the URL to the page is modified to include a /tag/ declaration, the CMS will render the page regardless of group restrictions. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6...

7.5CVSS6.4AI score0.00063EPSS

Exploits1References2

Vulnrichment•added 2025/11/19 4:40 p.m.•2 views

CVE-2025-65019 Astro Cloudflare adapter has a Stored Cross Site Scripting vulnerability in /_image endpoint

Astro is a web framework. Prior to version 5.15.9, when using Astro's Cloudflare adapter @astrojs/cloudflare with output: 'server', the image optimization endpoint /image contains a critical vulnerability in the isRemoteAllowed function that unconditionally allows data: protocol URLs. This enable...

5.4CVSS5.7AI score0.00033EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2007-6477

Malware in sbrugna...

5CVSS6.4AI score0.00632EPSS

Exploits0References10

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-1085

Malware in sbrugna...

6.1CVSS5.3AI score0.00255EPSS

Exploits0References5