Lucene search
K

65 matches found

RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.4 views

CVE-2026-35461

Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, the Papra webhook system allows authenticated users to register arbitrary URLs as webhook endpoints with no validation of the destination address. The server makes outbound HTTP POST requests to registered URLs,...

5CVSS6.1AI score0.00213EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/07 2:49 p.m.16 views

CVE-2026-35486 text-generation-webui has a SSRF in superbooga/superboogav2 extensions — no URL validation

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, he superbooga and superboogav2 RAG extensions fetch user-supplied URLs via requests.get with zero validation — no scheme check, no IP filtering, no hostname allowlist. An attacker can access clo...

7.5CVSS0.004EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-30859

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, he superbooga and superboogav2 RAG extensions fetch user-supplied URLs via requests.get with zero validation — no scheme check, no IP filtering, no hostname allowlist. An attacker can access clo...

7.5CVSS5.9AI score0.004EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/03 10:54 p.m.6 views

CVE-2026-34954

PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.downloadfile in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream with followredirects=True. An attacker who controls the URL can reach any...

8.6CVSS5.8AI score0.00405EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/04/02 6:16 p.m.6 views

CVE-2026-34577

Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the GET /public/stream endpoint in PublicController accepts a user-supplied url query parameter and proxies the full HTTP response back to the caller. The only validation is url.endsWith'mp4', which is trivially bypassable by...

8.6CVSS0.00474EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/30 5:21 p.m.10 views

FHIR Validator: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing

Summary The /loadIG HTTP endpoint in the FHIR Validator HTTP service accepts a user-supplied URL via JSON body and makes server-side HTTP requests to it without any hostname, scheme, or domain validation. An unauthenticated attacker with network access to the validator can probe internal network...

5.8CVSS6AI score0.00235EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/30 5:6 p.m.6 views

CVE-2026-33992

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery SSRF attacks. An authenticated attacker can exploit this to access internal network service...

9.3CVSS6AI score0.00397EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/29 12:0 a.m.13 views

LoLLMs 代码问题漏洞

LoLLMs is a large language and multimodal system developed by Saifeddine ALOUI as an individual project. Versions of LoLLMs prior to 2.2.0 contained code vulnerabilities. These vulnerabilities stemmed from the API/export-content endpoint, which did not validate the URLs controlled by users,...

7.5CVSS7.2AI score0.01765EPSS
Exploits1References3
NVD
NVD
added 2026/03/27 11:17 p.m.4 views

CVE-2026-33992

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery SSRF attacks. An authenticated attacker can exploit this to access internal network service...

9.3CVSS0.00397EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.10 views

PT-2026-28586

Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev97 Description pyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery SSRF attacks. An authenticated attacker can exploit this to access internal network...

9.3CVSS6AI score0.00397EPSS
Exploits1References19
NVD
NVD
added 2026/03/24 4:16 p.m.5 views

CVE-2026-33335

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper passes URLs from window.open calls directly to shell.openExternal without any validation or protocol allowlisting. An attacker who can place ...

8CVSS0.00248EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/24 3:7 p.m.4 views

EUVD-2026-14909

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper passes URLs from window.open calls directly to shell.openExternal without any validation or protocol allowlisting. An attacker who can place ...

6.4CVSS5.9AI score0.00248EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.10 views

WordPress plugin Content Syndication Toolkit 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.2CVSS5.9AI score0.00272EPSS
Exploits0References7
PyPA
PyPA
added 2026/03/12 5:16 p.m.16 views

PYSEC-2026-118

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration allowAbsoluteUrls: true...

7.7CVSS5.9AI score0.00212EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/03/12 5:0 p.m.22 views

CVE-2026-21887

OpenCTI platform (data ingestion feature) is vulnerable prior to 6.8.16 due to accepting user-supplied URLs without validation and using Axios with allowAbsoluteUrls: true, enabling semi-blind SSRF to internal endpoints. Impact reported as HIGH (CVSS 3.1: 7.7) with network attack vector and low p...

7.7CVSS5.8AI score0.00212EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/12 5:0 p.m.27 views

CVE-2026-21887 OpenCTI has a Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration allowAbsoluteUrls: true...

7.7CVSS0.00212EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-25009

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 6.8.16 Description OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. The platform’s data ingestion feature accepts user-supplied URLs without validation and utilizes...

7.7CVSS6AI score0.00212EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/03/11 12:37 a.m.10 views

Quill vulnerable to SSRF via unvalidated URL from Apple notarization log retrieval

Impact Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not possible under standard network...

5.3CVSS5.9AI score0.00097EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/02/26 3:18 p.m.7 views

EUVD-2026-8775

Mailpit is Vulnerable to Server-Side Request Forgery SSRF via Link Check API...

5.8CVSS5.5AI score0.00468EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/16 12:10 p.m.28 views

CVE-2026-1046 Arbitrary application execution via unvalidated server-controlled URLs in Help menu

Mattermost Desktop App versions =6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577...

7.6CVSS0.00235EPSS
Exploits0References1
Rows per page
Query Builder