628 matches found
mcp-atlassian < 0.17.0 - Server-Side Request Forgery
MCP Atlassian 0.17.0 contains a server-side request forgery caused by improper validation of custom HTTP headers in the HTTP middleware, letting unauthenticated attackers force outbound requests to arbitrary URLs, exploit requires access to the mcp-atlassian HTTP endpoint. id: CVE-2026-27826 info...
BMC FootPrints 'searchWeb' - Server-Side Request Forgery
BMC FootPrints versions 20.20.02 through 20.24.01.001 contain a Server-Side Request Forgery SSRF vulnerability in the /footprints/servicedesk/import/searchWeb endpoint. The 'url' parameter allows unauthenticated attackers to force the server to make HTTP requests to arbitrary URLs, enabling acces...
CVE-2026-57770
creationtimestamp| type| source ---|---|--- 2026-07-13 10:41:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjiyawyja25 2026-07-13 11:26:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqjlhmqfs62r...
CVE-2026-3552
SurfLink
GHSA-489G-7RXV-6C8Q MCP Atlassian: DNS-rebinding TOCTOU bypass of the SSRF fix (CVE-2026-27826)
Summary GHSA-7r34-79r5-rcc9's fix added validateurlforssrf, which resolves the attacker-controlled X-Atlassian-Jira,Confluence-Url header host once at middleware time and trusts the result. But the outbound request is later built with the raw hostname and re-resolves at connect time with no IP...
CVE-2026-53962 Discourse: Insufficient SVG sanitization logic
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, insufficient SVG sanitization in upload and user avatar handling could lead to cross-site scripting when a user visited specific URLs that are not normally part of community browsing. This issue ...
OESA-2026-2968 rubygem-faraday security update
HTTP/REST API client library Security Fixes: Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a...
CVE-2026-42147
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, S3 storage endpoint validation only checks URL format and testConnection sends a server-side request to the configured endpoint, allowing an authenticated user with storage...
CVE-2026-50134 Hugo: security.http.urls allow-list bypass via HTTP redirects
Hugo is a static site generator. From 0.91.0 until 0.162.0, resources.GetRemote enforces security.http.urls on the URL it is called with, but it did not re-validate intermediate URLs on HTTP 3xx redirects. An allowed server or an attacker controlling its DNS or response could therefore redirect t...
CVE-2026-55661
Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing javascript: or data:text/html URLs — including case-variant,...
PT-2026-53321
Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper handling of untrusted remote references allows server-side request forgery SSRF, a condition where a server is coerced into making requests to an unintended destination. The SQL stateme...
CVE-2026-47214
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...
CVE-2026-12473
OHIF Viewers are affected: two default-configured data sources, DICOMWebProxy and DICOMJSON, fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the user's OIDC Bearer token into those requests and transmits it to an attacker-controll...
OpenAI Provider - Moderately critical - Server-side Request Forgery - SA-CONTRIB-2026-053
This module enables you to use OpenAI as a provider for the AI module. The module doesn't sufficiently sanitize user-supplied URLs, leading to a Server-side request forgery SSRF vulnerability. This vulnerability is mitigated by the fact that an attacker must have the access to change the host url...
EUVD-2026-38379
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the navigateTo open option, allowing client-side script execution. Attackers can supply javascript: URLs through the open parameter to execute arbitrary scripts in the application's origin when...
CVE-2026-46417 Angular: SSRF via Hostname Hijacking in @angular/platform-server
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.12, 21.2.13, 20.3.21, and 19.2.22, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server. The issue stems from how...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the data-mw-iframeconfig attribute when handling malformed URLs or IDs containing single quotes. An attacker can execute arbitrary JavaScript in the context of the affected site by injecting malicious payloa...
CVE-2026-49359
PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, pontedilana/php-weasyprint fetches the content of option values server-side via filegetcontents when the value looks like a URL, without restricting the URL scheme. The attachment option of...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the processing of user-supplied URLs in outgoing HTTP components, including notification channels, OIDC backchannel logout, and SAML metadata fetches. An attacker can access internal network resources...
CVE-2026-8024
creationtimestamp| type| source ---|---|--- 2026-06-18 10:01:16+00:00| seen| https://infosec.exchange/users/certvde/statuses/116770529327887486 2026-06-18 10:01:32+00:00| seen| https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3mokl2y64ikr2 2026-06-18 12:19:34+00:00| seen|...