Lucene search
K

72 matches found

OSV
OSV
added 2026/04/01 11:27 p.m.2 views

GHSA-44C2-3RW4-5GVH PraisonAI Has SSRF in FileTools.download_file() via Unvalidated URL

Summary FileTools.downloadfile in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream with followredirects=True. An attacker who controls the URL can reach any host accessible from the server including cloud metadata...

8.6CVSS5.9AI score0.00405EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/01 11:27 p.m.6 views

PraisonAI Has SSRF in FileTools.download_file() via Unvalidated URL

Summary FileTools.downloadfile in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream with followredirects=True. An attacker who controls the URL can reach any host accessible from the server including cloud metadata...

8.6CVSS5.9AI score0.00405EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.7 views

PT-2026-29830

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.95 Description PraisonAI's FileTools.download file function does not validate the url parameter before passing it to httpx.stream with follow redirects=True. This allows an attacker controlling the URL to access...

8.6CVSS6AI score0.00405EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.3 views

PT-2026-29303

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the enter action in StaticController reads the sso destination url cookie and redirects to it with allow other host: true...

6.1CVSS5.7AI score0.00193EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:27 a.m.4 views

CVE-2026-3478

The Content Syndication Toolkit plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3 via the reduxp AJAX action in the bundled ReduxFramework library. The plugin registers a proxy endpoint wpajaxnoprivreduxp that is accessible to...

7.2CVSS5.9AI score0.00272EPSS
Exploits0References8
OSV
OSV
added 2026/03/12 8:57 p.m.4 views

GO-2026-4671 Quill vulnerable to SSRF via unvalidated URL from Apple notarization log retrieval in github.com/anchore/quill

Quill vulnerable to SSRF via unvalidated URL from Apple notarization log retrieval in github.com/anchore/quill...

5.3CVSS5.8AI score0.00097EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/11 7:30 p.m.2 views

CVE-2026-31959 SSRF in Quill via unvalidated URL from Apple notarization log retrieval

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple'...

5.3CVSS5.9AI score0.00097EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/11 7:30 p.m.27 views

CVE-2026-31959 SSRF in Quill via unvalidated URL from Apple notarization log retrieval

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple'...

5.3CVSS0.00097EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/10 12:17 a.m.30 views

CVE-2026-0489 DOM-based Cross-Site Scripting (XSS) Vulnerability in SAP Business One (Job Service)

Due to insufficient validation of user-controlled input in the URLs query parameter. SAP Business One Job Service could allow an unauthenticated attacker to inject specially crafted input which upon user interaction could result in a DOM-based Cross-Site Scripting XSS vulnerability. This issue ha...

6.1CVSS0.00215EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/08 1:44 a.m.5 views

CVE-2026-30844

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...

9.3CVSS5.8AI score0.00235EPSS
Exploits0References1
Huntr
Huntr
added 2026/02/10 4:29 p.m.12 views

SSRF in MLflow via user-controlled webhook URL parameter

Description A Server-Side Request Forgery SSRF vulnerability exists in the webhook creation functionality of MLflow. The createwebhook handler accepts a user-controlled url parameter and stores it without any validation. When webhooks are tested or triggered, the sendwebhookrequest function sends...

7.1CVSS7.3AI score0.0037EPSS
Exploits1
OSV
OSV
added 2026/02/03 6:16 p.m.6 views

CVE-2025-67186

TOTOLINK A950RG V4.1.2cu.5204B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of /lib/cstemodules/firewall.so. The vulnerability occurs because the url parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow,...

9.8CVSS6.6AI score0.00694EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 12:0 a.m.3 views

CVE-2025-67186

TOTOLINK A950RG V4.1.2cu.5204B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of /lib/cstemodules/firewall.so. The vulnerability occurs because the url parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow,...

6.6AI score0.00694EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/03 12:0 a.m.3 views

CVE-2025-67186

TOTOLINK A950RG V4.1.2cu.5204B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of /lib/cstemodules/firewall.so. The vulnerability occurs because the url parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow,...

6.6AI score0.00694EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:25 p.m.8 views

CVE-2018-12301

Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 allows attackers to access the loopback interface via a Download URL of 127.0.0.1 or localhost...

7.5CVSS6.9AI score0.01408EPSS
Exploits0References1
OSV
OSV
added 2025/12/16 12:16 a.m.8 views

PYSEC-2025-231

Weblate is a web based localization tool. The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, prior to version 5.15, the repository URL field is...

5CVSS5.9AI score0.00182EPSS
Exploits0References3
CVE
CVE
added 2025/12/15 11:36 p.m.16 views

CVE-2025-66407

Weblate before v5.15 is vulnerable to SSRF and local file enumeration when creating a Component with Mercurial as VCS. The repository URL field is not validated/sanitized, allowing arbitrary protocols/hosts, including localhost and file://, which can expose internal endpoints and filesystem layou...

5CVSS6.1AI score0.00182EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/15 11:36 p.m.4 views

CVE-2025-66407 Weblate has Server-Side Request Forgery vulnerability

Weblate is a web based localization tool. The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, prior to version 5.15, the repository URL field is...

5CVSS6.1AI score0.00182EPSS
Exploits0References3
CVE
CVE
added 2025/11/18 8:55 a.m.9 views

CVE-2025-40545

Affected product: SolarWinds Observability Self-Hosted. Vulnerability: Open redirection due to improper URL sanitization in the application. Root cause / nature: URL handling allows manipulation of the redirect target. Impact (as stated): Potential to redirect users to a malicious site (confident...

4.8CVSS6.4AI score0.00205EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.12 views

EUVD-2021-21684

Malware in sbrugna...

6.1CVSS6.3AI score0.00587EPSS
Exploits0References3
Rows per page
Query Builder