Lucene search
+L

48 matches found

osv
osv
added 2026/07/08 3:7 p.m.2 views

CVE-2026-59702 repomix - Server-Side Request Forgery via Unvalidated Repository URLs in POST /api/pack

repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers t...

9.2CVSS6.2AI score0.00324EPSS
Exploits0References6
osv
osv
added 2026/07/08 12:10 a.m.6 views

CVE-2026-55431 Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, coder open app opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the $SESSIONTOKEN placeholder the...

7.7CVSS6AI score0.00336EPSS
Exploits0References8
nvd
nvd
added 2026/06/20 4:17 p.m.14 views

CVE-2026-56330

Capgo before 12.128.2 contains an open redirect vulnerability in stripeportal and stripecheckout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft malicious billing URLs to redirect users to attacker-controlled domains for...

4.8CVSS0.00152EPSS
Exploits0References2
osv
osv
added 2026/06/20 3:24 p.m.5 views

CVE-2026-56330 Capgo - Open Redirect via Unvalidated Stripe Billing URLs

Capgo before 12.128.2 contains an open redirect vulnerability in stripeportal and stripecheckout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft malicious billing URLs to redirect users to attacker-controlled domains for...

4.8CVSS6AI score0.00152EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/12 12:0 a.m.25 views

PT-2026-48881

Name of the Vulnerable Software and Affected Versions Nuxt versions prior to 3.21.7 Nuxt versions prior to 4.4.7 Description The component fails to validate the URL scheme of values bound to its to or href props before rendering them into the href attribute of the underlying element. If an...

5.4CVSS5AI score0.00198EPSS
Exploits0References8
redhatcve
redhatcve
added 2026/06/05 7:50 p.m.11 views

CVE-2026-7890

In Concrete CMS 9.5.0 and below, the RSS Displayer block accepts a feed URL from any page editor and fetches it server-side without validation enabling redirect-to-internal bypasses. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.1 with a vector...

6.4CVSS5.4AI score0.00152EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/29 12:0 a.m.12 views

PT-2026-44801

Name of the Vulnerable Software and Affected Versions Mautic affected versions not specified Description A Server-Side Request Forgery SSRF exists in the Focus component. Due to insufficient validation of user-supplied URLs, an authenticated user can trigger outbound HTTP requests from the hostin...

6.4CVSS5.9AI score0.00138EPSS
Exploits0References6
cvelist
cvelist
added 2026/05/26 12:17 a.m.102 views

CVE-2026-42497 Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

0.00417EPSS
Exploits0References3
patchstack
patchstack
added 2026/05/19 3:47 p.m.11 views

NPM: auth-fetch-mcp: SSRF and disk exfiltration via unvalidated auth_fetch and download_media URLs

NPM: auth-fetch-mcp: SSRF and disk exfiltration via unvalidated authfetch and downloadmedia URLs vulnerability discovered by ? in WordPress Npm auth-fetch-mcp versions = 3.0.0...

5.8AI score
Exploits0References3Affected Software1
osv
osv
added 2026/05/19 3:47 p.m.10 views

GHSA-HV85-774V-26FG auth-fetch-mcp: SSRF and disk exfiltration via unvalidated auth_fetch and download_media URLs

SSRF + disk-exfil in downloadmedia and authfetch tools — ymw0407/auth-fetch-mcp Severity The downloadmedia and authfetch MCP tools accept arbitrary URLs and reach them as the MCP server process, with downloadmedia additionally persisting the fetched response body to a user-controlled output...

8.2CVSS6AI score
Exploits0References3
nvd
nvd
added 2026/05/15 5:16 p.m.47 views

CVE-2026-45037

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted termina...

7.1CVSS0.00137EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/15 4:40 p.m.8 views

CVE-2026-45037

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted termina...

7.1CVSS6AI score0.00137EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2026/05/15 12:0 a.m.9 views

Open WebUI 代码问题漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 had code vulnerabilities. These vulnerabilities stemmed from the processpictureurl function, which extracted arbitrary URLs from OAuth image claims without...

7.7CVSS6AI score0.00381EPSS
Exploits1References1
veracode
veracode
added 2026/05/07 8:45 a.m.17 views

Server-Side Request Forgery (SSRF)

Apache Neethi is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to lack of validation of URIs in the PolicyReference API, allowing applications to fetch policies from arbitrary protocols or internal addresses, enabling attackers to trigger outbound requests to internal o...

7.2CVSS5.9AI score0.00497EPSS
Exploits0References3Affected Software1
cnnvd
cnnvd
added 2026/05/04 12:0 a.m.11 views

PlantUML Macro 代码问题漏洞

PlantUML Macro is an open-source tool developed by XWiki Contrib that generates chart images from textual definitions. Versions of PlantUML Macro prior to 2.4.1 had code vulnerabilities; these vulnerabilities stemmed from the lack of validation of the URLs provided by server parameters, which cou...

4.4CVSS5.9AI score0.00151EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/04/20 12:0 a.m.11 views

lmdeploy 安全漏洞

lmdeploy is a toolkit developed by InternLM for compressing, deploying, and serving LLMs. Versions of LMDeploy prior to 0.12.3 contained security vulnerabilities; these vulnerabilities stemmed from the vision-language module’s loadimage function, which did not validate URLs, potentially allowing...

7.5CVSS6AI score0.4525EPSS
Exploits2References2
github
github
added 2026/04/10 7:28 p.m.12 views

PraisonAIAgents: SSRF via unvalidated URL in `web_crawl` httpx fallback

| Field | Value | |---|---| | Severity | High | | Type | SSRF -- unvalidated URL in webcrawl httpx fallback allows internal network access | | Affected | src/praisonai-agents/praisonaiagents/tools/webcrawltools.py:133-180 | Summary webcrawl's httpx fallback path passes user-supplied URLs directly...

7.1CVSS5.9AI score0.00281EPSS
Exploits1References3Affected Software1
nvd
nvd
added 2026/04/09 10:16 p.m.4 views

CVE-2026-40150

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the webcrawl function in praisonaiagents/tools/webcrawltools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. Thi...

7.7CVSS0.00269EPSS
Exploits1References1
nvd
nvd
added 2026/04/06 5:17 p.m.4 views

CVE-2026-34981

The whisperX API is a tool for enhancing and analyzing audio content. From 0.3.1 to 0.5.0, FileService.downloadfromurl in app/services/fileservice.py calls requests.geturl with zero URL validation. The file extension check occurs AFTER the HTTP request is already made, and can be bypassed by...

5.8CVSS0.00252EPSS
Exploits1References3
redhatcve
redhatcve
added 2026/03/30 10:52 p.m.3 views

CVE-2026-0560

A Server-Side Request Forgery SSRF vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the /api/files/export-content endpoint. The downloadimagetotemp function in backend/routers/files.py fails to validate user-controlled URLs, allowing attackers to make arbitrary HTT...

7.5CVSS7.4AI score0.01765EPSS
Exploits1References1
Rows per page
Query Builder