CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

31 matches found

EUVD-2026-33273

A Server-Side Request Forgery SSRF vulnerability exists in Mautic's Focus component. Due to insufficient validation of user-supplied URLs, an authenticated user can trigger outbound HTTP requests from the hosting server, enabling internal network reconnaissance or forcing requests to arbitrary...

6.4CVSS5.9AI score0.00025EPSS

Exploits0References1

RedhatCVE•added 2026/05/14 7:58 p.m.•5 views

CVE-2026-44258

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the elfindercheckRisk function validates target and targets for path traversal and home containment, but does not validate the dst destination parameter used by elfinderpaste. An attacker can copy or move files from within the home...

9.3CVSS5.9AI score0.00062EPSS

Exploits0References1

NVD•added 2026/04/13 7:16 a.m.•4 views

CVE-2026-5936

An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints e.g., cloud metadata services, or bypass...

8.5CVSS0.00036EPSS

Exploits0References1

CVE•added 2026/04/13 6:57 a.m.•4 views

CVE-2026-5936

CVE-2026-5936 pertains to Foxit PDF Services API and describes a server-side request forgery (SSRF) where an attacker can influence a server to perform HTTP requests to arbitrary destinations by supplying a crafted URL. Affects the component handling URL parameters; this can enable probing intern...

8.5CVSS5.8AI score0.00036EPSS

Exploits0References1

ATTACKERKB•added 2026/04/13 6:57 a.m.•2 views

CVE-2026-5936

8.5CVSS5.8AI score0.00036EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/04/13 12:0 a.m.•2 views

PT-2026-32283

8.5CVSS5.8AI score0.00036EPSS

Exploits0References2

ATTACKERKB•added 2026/04/09 5:41 p.m.•0 views

CVE-2026-40072

web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...

6.3CVSS6AI score0.0006EPSS

Exploits1References3Affected Software1

NVD•added 2026/04/01 11:15 a.m.•3 views

CVE-2026-0932

Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...

7.3CVSS0.00093EPSS

Exploits0References2

Cvelist•added 2026/02/19 6:38 p.m.•18 views

CVE-2026-27472 SPIP < 4.4.9 Blind Server-Side Request Forgery via Syndicated Sites

SPIP before 4.4.9 allows Blind Server-Side Request Forgery SSRF via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is a valid remote URL, allowing an authenticated attacker to make the server issue requests to arbitra...

5.3CVSS0.00063EPSS

Exploits0References3

Tenable Nessus•added 2026/02/19 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2026-27472

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 4.4.9 allows Blind Server-Side Request Forgery SSRF via syndicated sites in the private area. When editing a syndicated site, the application does n...

5.3CVSS6AI score0.00063EPSS

Exploits0References3

Positive Technologies•added 2026/02/19 12:0 a.m.•2 views

PT-2026-20845

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9 Description SPIP before version 4.4.9 contains a Blind Server-Side Request Forgery SSRF issue related to syndicated sites within the private area. The application does not validate the syndication URL when editing ...

4.3CVSS5.5AI score

Exploits0References6

Positive Technologies•added 2025/12/24 12:0 a.m.•1 views

PT-2025-53337

Name of the Vulnerable Software and Affected Versions Teradek VidiU Pro version 3.0.3 Description The software contains a server-side request forgery issue in the management interface. Attackers can manipulate GET parameters url and xml url to bypass firewalls, perform network enumeration, and...

6.9CVSS6.7AI score0.00017EPSS

Exploits2References5

RedhatCVE•added 2025/12/16 8:44 p.m.•2 views

CVE-2023-53893

Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter that allows attackers to bypass network restrictions. Attackers can exploit the unvalidated parameter to initiate file, service, and network enumeration by forcing the...

6.5CVSS7AI score0.00045EPSS

Exploits1References1

NVD•added 2025/12/15 9:15 p.m.•1 views

CVE-2023-53893

6.5CVSS0.00045EPSS

Exploits1References4

OSV•added 2025/12/15 9:15 p.m.•1 views

CVE-2023-53893

6.5CVSS5.9AI score

Exploits0References4

Veracode•added 2025/12/13 7:30 a.m.•1 views

Server-Side Request Forgery (SSRF)

Open WebUI is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs, allowing authenticated users to force the server to send HTTP requests to arbitrary destinations, which may enable access to internal services, cloud metadata...

8.5CVSS5.9AI score0.00041EPSS

Exploits1References2Affected Software1

NVD•added 2025/12/02 10:16 a.m.•2 views

CVE-2025-13872

Blind Server-Side Request Forgery SSRF in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination...

9.1CVSS0.00034EPSS

Exploits0References1