Lucene search
K

321 matches found

CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

FireFighter 访问控制错误漏洞

FireFighter is an event management tool developed by ManoMano Tech. Versions of FireFighter prior to 0.0.54 contained an access control vulnerability. This vulnerability stemmed from the POST /api/v2/firefighter/raid/jirabot endpoint, which allowed unauthorized access without authentication...

9.9CVSS5.9AI score0.00272EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/05 6:21 p.m.9 views

Server-side Request Forgery (SSRF)

Overview firefighter-incident is an Incident Management tool made for Slack using Django Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CreateJiraBotView class. An attacker can access internal resources and exfiltrate sensitive data by submitting...

9.9CVSS5.9AI score0.00272EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/05 5:51 p.m.14 views

Server-side Request Forgery (SSRF)

Overview edx-enterprise is a Your project description goes here Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the syncproviderdata function. An attacker can cause the server to make arbitrary HTTP requests to internal or external resources by supplying a...

8.5CVSS5.9AI score0.00301EPSS
Exploits1References2
NVD
NVD
added 2026/05/01 4:16 p.m.6 views

CVE-2026-23866

Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device, including triggerin...

4.3CVSS0.00464EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/01 4:2 p.m.3 views

CVE-2026-23866

Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device, including triggerin...

4.3CVSS6AI score0.00464EPSS
Exploits0References3Affected Software2
RedhatCVE
RedhatCVE
added 2026/04/30 2:47 p.m.9 views

CVE-2026-3861

LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially causing the iOS device to become temporarily...

7.1CVSS5.3AI score0.00305EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/22 9:22 p.m.12 views

EUVD-2026-25106

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, an SSRF vulnerability allows a user with asset upload permission to force the server to fetch arbitrary URLs, including localhost/private network targets, and persist the response as ...

8.6CVSS5.8AI score0.00215EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/20 4:4 p.m.4 views

CVE-2026-25883 Vexa Webhook Feature has a SSRF Vulnerability

Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa webhook feature allows authenticated users to configure an arbitrary URL that receives HTTP POST requests when meetings complete. The application performs no validation on th...

5.8CVSS5.9AI score0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/20 4:4 p.m.31 views

CVE-2026-25883 Vexa Webhook Feature has a SSRF Vulnerability

Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa webhook feature allows authenticated users to configure an arbitrary URL that receives HTTP POST requests when meetings complete. The application performs no validation on th...

5.8CVSS0.00203EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.7 views

PT-2026-33211

Name of the Vulnerable Software and Affected Versions NocoBase versions prior to 2.0.37 Description The workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without protection against Server-Side Request Forgery SSRF, a flaw where an...

6.5CVSS5.8AI score0.00384EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.7 views

PT-2026-32582

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in the functionality that allows editing an image via a prompt. The affected function performs a GET request to a user-provided U...

4.3CVSS5.7AI score0.00227EPSS
Exploits1References2
CVE
CVE
added 2026/04/10 4:39 p.m.13 views

CVE-2026-40100

CVE-2026-40100 affects FastGPT prior to version 4.14.10.3. The /api/core/app/mcpTools/runTool endpoint accepts arbitrary URLs without authentication; the internal IP check in isInternalAddress() only blocks private IPs when CHECK_INTERNAL_IP is true (not the default), enabling unauthenticated SSR...

5.3CVSS5.9AI score0.00253EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/09 10:16 p.m.3 views

CVE-2026-40114

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhookurl in the request body with no URL validation. When a submitted job completes success or failure, the server makes an HTTP POST request to this URL using httpx.AsyncClient. An...

10CVSS0.0028EPSS
Exploits1References1
NVD
NVD
added 2026/04/09 5:16 p.m.11 views

CVE-2026-39974

n8n-MCP is a Model Context Protocol MCP server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, an authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to iss...

8.5CVSS0.00316EPSS
Exploits0References3
CVE
CVE
added 2026/04/09 4:45 p.m.12 views

CVE-2026-39974

CVE-2026-39974 affects the n8n-mcp component (Model Context Protocol server). In multi-tenant HTTP mode, an authenticated caller with a valid AUTH_TOKEN can trigger SSRF to arbitrary URLs supplied via per-request headers (instance-URL headers). The server reflects HTTP responses back through JSON...

8.5CVSS6.1AI score0.00316EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 7:53 p.m.6 views

n8n-mcp has authenticated SSRF via instance-URL header in multi-tenant HTTP mode

Impact An authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to issue HTTP requests to arbitrary URLs supplied through multi-tenant HTTP headers. Response bodies are reflected back through JSON-RPC, so an attacker can read the conten...

8.5CVSS6AI score0.00316EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/08 7:53 p.m.3 views

GHSA-4GGG-H7PH-26QR n8n-mcp has authenticated SSRF via instance-URL header in multi-tenant HTTP mode

Impact An authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to issue HTTP requests to arbitrary URLs supplied through multi-tenant HTTP headers. Response bodies are reflected back through JSON-RPC, so an attacker can read the conten...

8.5CVSS5.8AI score0.00316EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/06 7:33 p.m.6 views

CVE-2026-35187

pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the parseurls API function in src/pyload/core/api/init.py fetches arbitrary URLs server-side via geturlurl pycurl without any URL validation, protocol restriction, or IP blacklist. An authenticated...

7.7CVSS6AI score0.00269EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/04/03 9:51 p.m.2 views

Server-side Request Forgery (SSRF)

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadbytesfromurl function. An attacker can cause the server to make arbitrary HTTP or HTTPS requests to...

5.4CVSS6AI score0.00246EPSS
Exploits1References2
OSV
OSV
added 2026/04/03 3:33 a.m.7 views

GHSA-CQGF-F4X7-G6WC Ech0: Unauthenticated SSRF in GetWebsiteTitle allows access to internal services and cloud metadata

Summary The GET /api/website/title endpoint accepts an arbitrary URL via the websiteurl query parameter and makes a server-side HTTP request to it without any validation of the target host or IP address. The endpoint requires no authentication. An attacker can use this to reach internal network...

7.2CVSS6AI score0.00289EPSS
Exploits2References3
Rows per page
Query Builder