Lucene search
K

320 matches found

RedhatCVE
RedhatCVE
added 2026/01/20 11:26 p.m.8 views

CVE-2026-22219

Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy...

8.3CVSS5.8AI score0.04439EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.4 views

PT-2026-1702

Name of the Vulnerable Software and Affected Versions Featured Image from URL FIFU plugin for WordPress versions up to and including 5.3.1 Description The software contains a Server-Side Request Forgery issue due to inadequate validation of user-supplied URLs before they are passed to the...

4.3CVSS6.2AI score0.00221EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/01/09 10:48 a.m.7 views

CVE-2022-31386

A Server-Side Request Forgery SSRF in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter...

9.1CVSS7.4AI score0.00977EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:49 a.m.9 views

CVE-2020-24601

In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page...

6.1CVSS6.9AI score0.0062EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:30 a.m.7 views

CVE-2019-16681

The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to the opening of arbitrary URLs, which can inject deceptive content into the UI. When in physical possession of the device, opening local files is also possible. NOTE: As of...

4.7CVSS6.5AI score0.00696EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/05 9:52 p.m.6 views

EUVD-2026-0845

Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, the Craft CMS GraphQL saveAsset mutation is vulnerable to Server-Side Request Forgery SSRF. This vulnerability arises because the file input, specifically its url parameter,...

5.9CVSS6.7AI score0.00427EPSS
Exploits1References4
NVD
NVD
added 2025/12/18 5:15 p.m.6 views

CVE-2025-14896

due to insufficient sanitazation in Vega’s convert function when safeMode is enabled and the spec variable is an array. An attacker can craft a malicious Vega diagram specification that will allow them to send requests to any URL, including local file system paths, leading to exposure of sensitiv...

8.7CVSS0.0025EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 4:20 p.m.9 views

CVE-2025-14896

CVE-2025-14896 affects Vega. The issue is insufficient sanitization in Vega’s convert() function when safeMode is enabled and the diagram spec is an array. An attacker can craft a malicious Vega diagram specification that can cause requests to arbitrary URLs, including local filesystem paths, pot...

8.7CVSS6.2AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/14 5:3 a.m.3 views

CVE-2025-11970

The Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.9 via the emplibotcallwebhookwitherror and emplibotprocesszipdata...

4.4CVSS5.8AI score0.00158EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/12/04 10:3 p.m.15 views

Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web

Summary A Server-Side Request Forgery SSRF vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This can be exploited to access cloud metadata endpoints AWS/GCP/Azure, scan internal networks, access internal services behind...

8.5CVSS7.1AI score0.03965EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/12/04 7:55 p.m.6 views

CVE-2025-65958 Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Server-Side Request Forgery SSRF vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This can be exploited to...

8.5CVSS6.8AI score0.03965EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/11/19 2:10 p.m.4 views

CVE-2025-55179

Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen...

5.4CVSS6.7AI score0.00149EPSS
Exploits0References1
CVE
CVE
added 2025/11/18 1:56 p.m.24 views

CVE-2025-55179

WhatsApp family apps (iOS and Mac) are affected by incomplete validation of rich response messages that could allow processing of media content from an arbitrary URL on another user’s device. Affected versions: iOS WhatsApp pre-2.25.23.73, iOS WhatsApp Business pre-2.25.23.82, and Mac WhatsApp pr...

5.4CVSS6.4AI score0.00149EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2025/11/18 1:56 p.m.10 views

CVE-2025-55179

Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen...

5.4CVSS0.00149EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.9 views

PT-2025-47320

Name of the Vulnerable Software and Affected Versions WhatsApp for iOS versions prior to 2.25.23.73 WhatsApp Business for iOS versions prior to 2.25.23.82 WhatsApp for Mac versions prior to 2.25.23.83 Description A flaw exists in the validation of rich response messages. This could allow a user t...

5.4CVSS6.5AI score0.00149EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/14 12:1 a.m.6 views

CVE-2025-52186

Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c 2025-06-02 contains a Server-Side Request Forgery SSRF vulnerability in the game export API. The players parameter is passed directly to an internal HTTP client without validation, allowing remote attackers to force the server to...

6.5CVSS7.1AI score0.00287EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/12 9:24 p.m.5 views

EUVD-2025-50820

changedetection.io: Stored XSS in Watch update via API...

3.5CVSS5.4AI score0.00402EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/10/24 11:25 a.m.10 views

CVE-2025-10861 Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.4 - Unauthenticated Server-Side Request Forgery

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.1.4. This is due to insufficient validation on the URLs supplied via the URL parameter...

7.5CVSS0.0035EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-8158

Malware in sbrugna...

7.5CVSS7.6AI score0.01967EPSS
Exploits3References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-2991

Malware in sbrugna...

4.3CVSS6.4AI score0.01046EPSS
Exploits0References4
Rows per page
Query Builder