Lucene search
K

1435 matches found

CVE
CVE
added 2026/05/11 4:30 p.m.27 views

CVE-2026-2393

CVE-2026-2393: MLflow prior to 3.9.0 is vulnerable to SSRF via a user-controlled webhook URL. The _create_webhook() handler stores the URL without validation, and _send_webhook_request() POSTs to that URL, enabling an authenticated attacker to cause the MLflow backend to reach internal services, ...

7.1CVSS7.3AI score0.00288EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.18 views

PT-2026-39713

Open edX Platform enables the authoring and delivery of online learning at any scale. The sync provider data endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL via the metadata url POST parameter. This URL is passed directly to requests.get ...

8.5CVSS6AI score0.00374EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.7 views

Unity Linux 20.1060e / 20.1070e Security Update: php (UTSA-2026-017575)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017575 advisory. In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filtervar function with FILTERVALIDATEURL...

5.3CVSS6.8AI score0.01945EPSS
Exploits1References4
NVD
NVD
added 2026/05/09 12:16 a.m.18 views

CVE-2026-44313

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery SSRF vulnerability in the fetchTitleAndHeaders function allows authenticated users to make arbitrary HTTP requests to internal...

9.1CVSS0.00285EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 1:26 p.m.22 views

CVE-2026-44335

CVE-2026-44335 concerns PraisonAI prior to 1.6.32 with an SSRF bypass in the URL validation logic. The vulnerability arises from a discrepancy between Python urlparse() parsing and the requests library when handling certain URLs (e.g., http://127.0.0.1:[email protected]). urlparse() may extract a publ...

9.8CVSS5.7AI score0.00378EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/05/07 7:16 p.m.17 views

CVE-2026-41905

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl but then re-validates the original URL instead of the final redirect destination. An...

7.7CVSS0.00209EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 6:54 p.m.18 views

CVE-2026-42259

Technical details are not publicly available in the provided Connected documents. Monitor for updates on Saltcorn CVE-2026-42259 for any vendor advisories or patches beyond the initial description.

5.1CVSS5.7AI score0.00339EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/07 1:48 p.m.13 views

EUVD-2026-28383

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTERFLAGNOPRIVRANGE | FILTERFLAGNORESRANGE that does not block...

4.3CVSS5.7AI score0.00204EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

Admidio 输入验证错误漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a vulnerability related to input validation errors. This...

8.2CVSS5.8AI score0.0028EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.12 views

PT-2026-38614

Name of the Vulnerable Software and Affected Versions Cinny versions prior to 4.10.3 Description A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes can cause the victim's client to send their Matrix access token to an attacker-controlled...

7.1CVSS5.9AI score0.00302EPSS
Exploits0References6
OSV
OSV
added 2026/05/06 10:31 p.m.4 views

GHSA-FHQ3-2GF3-8F3J misp-modules has nsafe remote resource fetching in expansion

An unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allow Server-Side Request Forgery against loopback, private, or link-local network resources. Additionally...

5.8CVSS6AI score0.00102EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/06 10:31 p.m.9 views

misp-modules has nsafe remote resource fetching in expansion

An unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allow Server-Side Request Forgery against loopback, private, or link-local network resources. Additionally...

5.8CVSS6AI score0.00102EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/06 9:31 p.m.22 views

EUVD-2026-28199

OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia and uploadGroupMedia endpoints to relay unintended requests...

6.3CVSS5.8AI score0.00236EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.15 views

Duplicate Advisory: OpenClaw: QQBot direct media upload skipped URL SSRF validation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c4qg-j8jg-42q5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skip...

6.3CVSS5.7AI score0.00236EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:49 p.m.6 views

CVE-2026-44117

OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia and uploadGroupMedia endpoints to relay unintended requests...

6.3CVSS5.8AI score0.00236EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/06 7:49 p.m.7 views

CVE-2026-44116 OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo Photo URL Validation

OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass SSRF protection by providing malicious photo URLs to the Zalo Bot API, enabling unauthoriz...

8.6CVSS5.8AI score0.00291EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.15 views

PT-2026-38255

Name of the Vulnerable Software and Affected Versions Slider Revolution versions 7.0.0 through 7.0.10 Description Insufficient file type validation in the get media url and check file path functions allows authenticated attackers with subscriber-level access or higher to perform an Arbitrary File...

8.8CVSS6.5AI score0.00815EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/05/05 10:16 p.m.9 views

AVideo has SSRF Protection Bypass via HTTP Redirect and DNS Rebinding in isSSRFSafeURL()

Summary Two endpoints in AVideo call isSSRFSafeURL to validate user-supplied URLs, then fetch them using bare filegetcontents without disabling PHP's automatic redirect following. An attacker can supply a URL pointing to a server they control that returns a 302 redirect to an...

7.7CVSS6AI score0.00348EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 9:49 p.m.10 views

AVideo has Blind SSRF in YPTWallet Donation Webhook via Missing isSSRFSafeURL() Check and CURLOPT_FOLLOWLOCATION Redirect Bypass

Summary An authenticated user can configure their own donation-notification webhook URL to point at internal/loopback/metadata hosts e.g. http://127.0.0.1:8080/..., http://169.254.169.254/latest/..., RFC1918 addresses. When any other user including a second account owned by the same attacker...

5.4CVSS6AI score0.00165EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.18 views

PT-2026-37252

Name of the Vulnerable Software and Affected Versions Geyser versions prior to 2.9.3 Description A server-side request forgery SSRF exists in the handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the '/give' command, an attacker can cause the...

2.4CVSS5.9AI score0.00158EPSS
Exploits0References5
Rows per page
Query Builder