Lucene search
K

381 matches found

Github Security Blog
Github Security Blog
added 2026/02/17 9:30 p.m.8 views

OpenClaw affected by SSRF via attachment/media URL hydration

Summary Versions of the openclaw npm package prior to 2026.2.2 could be coerced into fetching arbitrary https URLs during attachment/media hydration. An attacker who can influence the media URL for example via model-controlled sendAttachment or auto-reply media URLs could trigger SSRF to internal...

8.6CVSS6.6AI score0.00397EPSS
Exploits1References7Affected Software1
EUVD
EUVD
added 2026/02/06 9:19 p.m.5 views

EUVD-2026-5564

Homarr is an open-source dashboard. Prior to 1.52.0, a public unauthenticated tRPC endpoint widget.app.ping accepts an arbitrary url and performs a server-side request to that URL. This allows an unauthenticated attacker to trigger outbound HTTP requests from the Homarr server, enabling SSRF...

5.3CVSS5.7AI score0.00264EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.9 views

PT-2026-6801

Name of the Vulnerable Software and Affected Versions Homarr versions prior to 1.52.0 Description Homarr is an open-source dashboard susceptible to Server-Side Request Forgery SSRF. A public, unauthenticated tRPC endpoint, widget.app.ping, accepts an arbitrary URL and makes a server-side request ...

5.3CVSS5.7AI score0.00264EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.13 views

SAMSUNG Members 安全漏洞

Samsung Members is a community platform app developed by South Korea’s Samsung Corporation. Versions of Samsung Members prior to 5.6.00.11 contained security vulnerabilities. These vulnerabilities stemmed from improper input validation, potentially allowing remote attackers to connect to arbitrar...

7CVSS6.1AI score0.00276EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/20 12:30 a.m.11 views

Chainlit contain a server-side request forgery (SSRF) vulnerability

Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy...

8.3CVSS5.8AI score0.04439EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2026/01/19 11:15 p.m.28 views

CVE-2026-22219 Chainlit < 2.9.4 SQLAlchemy Data Layer SSRF via /project/element

Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy...

8.3CVSS0.04439EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.12 views

PT-2026-3516

Name of the Vulnerable Software and Affected Versions Chainlit versions prior to 2.9.4 Description Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated...

8.3CVSS6.3AI score0.04439EPSS
Exploits1References26
OSV
OSV
added 2026/01/16 6:15 a.m.4 views

CVE-2026-23768

lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file extension...

6.1CVSS5.9AI score0.00216EPSS
Exploits1References2
NVD
NVD
added 2026/01/16 6:15 a.m.5 views

CVE-2026-23768

lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file extension...

6.1CVSS0.00216EPSS
Exploits1References2
CVE
CVE
added 2026/01/16 5:20 a.m.15 views

CVE-2026-23768

CVE-2026-23768 concerns the Lucy-XSS-Filter project. The vulnerability exists in the code path prior to commit 7c1de6d and allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener options are enabled and an embed or object t...

6.1CVSS6.6AI score0.00216EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/01/16 5:20 a.m.33 views

CVE-2026-23768

lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file extension...

0.00216EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/14 12:26 p.m.6 views

CVE-2025-59021

Backend users with access to the redirects module and write permission on the sysredirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs...

6.4CVSS6.9AI score0.00246EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/13 11:53 a.m.2 views

CVE-2025-59021 TYPO3 CMS Allows Broken Access Control in Redirects Module

Backend users with access to the redirects module and write permission on the sysredirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs...

5.3CVSS6.6AI score0.00246EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.5 views

TYPO3 CMS 安全漏洞

TYPO3 CMS is a content management system from TYPO3 open source. A security vulnerability exists in TYPO3 CMS that originates from a back-end user with access to the redirection module being able to read, create, and modify any redirection record without restriction, which could result in the...

6.4CVSS6AI score0.00246EPSS
Exploits0References4
OSV
OSV
added 2026/01/05 6:2 p.m.4 views

GHSA-X27P-WFQW-HFCC Craft CMS vulnerable to Server-Side Request Forgery (SSRF) via GraphQL Asset Upload Mutation

The Craft CMS GraphQL saveAsset mutation is vulnerable to Server-Side Request Forgery SSRF. This vulnerability arises because the file input, specifically its url parameter, allows the server to fetch content from arbitrary remote locations without proper validation. Attackers can exploit this by...

5.9CVSS7.3AI score0.00446EPSS
Exploits3References5
Veracode
Veracode
added 2025/12/24 9:39 a.m.6 views

Server-Side Request Forgery (SSRF)

@lobehub/chat is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation and restriction of user-supplied URLs in the tools.search.crawlPages tRPC endpoint, which allows an attacker with a valid token to supply arbitrary URLs and force the server to mak...

3CVSS5.8AI score0.00294EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/19 4:23 p.m.17 views

CVE-2025-14896

due to insufficient sanitazation in Vega’s convert function when safeMode is enabled and the spec variable is an array. An attacker can craft a malicious Vega diagram specification that will allow them to send requests to any URL, including local file system paths, leading to exposure of sensitiv...

8.7CVSS6.5AI score0.0025EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/04 10:3 p.m.4 views

EUVD-2025-201264

Open WebUI vulnerable to Server-Side Request Forgery SSRF via Arbitrary URL Processing in /api/v1/retrieval/process/web...

8.5CVSS6.5AI score0.04117EPSS
Exploits1References4
NVD
NVD
added 2025/12/04 8:16 p.m.6 views

CVE-2025-65958

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Server-Side Request Forgery SSRF vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This can be exploited to...

8.5CVSS0.04117EPSS
Exploits1References2
CVE
CVE
added 2025/12/04 7:55 p.m.22 views

CVE-2025-65958

Open WebUI (self-hosted offline AI platform) is affected by a Server-Side Request Forgery (SSRF) in the /api/v1/retrieval/process/web endpoint. The vulnerability allows any authenticated user to force the server to fetch arbitrary URLs, enabling access to internal/cloud metadata endpoints (e.g., ...

8.5CVSS6.5AI score0.04117EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder