9787 matches found
PT-2026-32027
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...
CVE-2026-40089
Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery SSRF vulnerability in its API client apps/dashboard/lib/api.ts. Installations created using the provided install.sh script includi...
CVE-2026-40089 Sonicverse has Server-Side Request Forgery via user-controlled URLs in dashboard API client
Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery SSRF vulnerability in its API client apps/dashboard/lib/api.ts. Installations created using the provided install.sh script includi...
CVE-2026-40072
CVE-2026-40072 – SSRF via CCIP Read in web3.py Affected: web3.py (Python library) versions 6.0.0b3 through before 7.15.0 and 8.0.0b2. The CCIP Read / OffchainLookup (EIP-3668) implementation fetches URLs supplied by contracts without destination validation and with default-on exposure (global_cci...
CVE-2026-39985
LORIS (Longitudinal Online Research and Imaging System) has an open redirect flaw in the login redirect parameter that could cause users to visit arbitrary URLs. Root cause: the redirect value was not validated to be within LORIS prior to versions 27.0.3 and 28.0.1. Impact: potential user redirec...
CVE-2026-39985
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, the redirect parameter upon login to LORIS was not validating the value of the redirect as being within LORIS,...
CVE-2026-39974 n8n-MCP has an Authenticated SSRF via instance-URL header in multi-tenant HTTP mode
n8n-MCP is a Model Context Protocol MCP server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, an authenticated Server-Side Request Forgery in n8n-mcp allows a caller holding a valid AUTHTOKEN to cause the server to iss...
Sonicverse 代码问题漏洞
Sonicverse is an open-source, hosted real-time radio audio streaming solution developed by Sonicverse. There are code-related vulnerabilities in Sonicverse; these vulnerabilities stem from the API client accepting user-controlled URLs with insufficient validation. This could allow authenticated...
LORIS Neuroimaging Platform 输入验证错误漏洞
LORIS Neuroimaging Platform is a neuroimaging platform open source developed by ACElab. Versions of LORIS Neuroimaging Platform prior to 27.0.3 and 28.0.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the login redirection parameters not verifying...
n8n-MCP 代码问题漏洞
n8n-MCP is a model context protocol server developed by Romuald Członkowski, an individual developer. Versions of n8n-MCP prior to 2.47.4 contained code vulnerabilities. These vulnerabilities stemmed from authenticated server-side request forgery attacks, which could allow callers with a valid...
CVE-2026-34753
vLLM is an inference and serving engine for large language models LLMs. From 0.16.0 to before 0.19.0, a server-side request forgery SSRF vulnerability in downloadbytesfromurl allows any actor who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests from t...
CVE-2026-34753
The CVE-2026-34753 issue is an SSRF in vLLM’s download_bytes_from_url used by the batch runner. Attacker-controlled batch input JSON can set file_url to arbitrary HTTP(S) URLs, and the code fetches them without URL validation, allowing requests from the vLLM host to internal or external targets (...
CVE-2026-34753 vLLM affected by Server-Side Request Forgery (SSRF) in `download_bytes_from_url `
vLLM is an inference and serving engine for large language models LLMs. From 0.16.0 to before 0.19.0, a server-side request forgery SSRF vulnerability in downloadbytesfromurl allows any actor who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests from t...
Bynder 安全漏洞
Bynder is a brand content management platform used by Bynder Inc. for the centralized management and distribution of digital media assets. Version 0.1.394 of Bynder contains a security vulnerability, which stems from a storage-side cross-site scripting issue. This vulnerability could allow for th...
CVE-2026-22664 prompts.chat SSRF via Fal.ai Media Status Polling
prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack ...
PT-2026-30275
Name of the Vulnerable Software and Affected Versions vLLM versions 0.16.0 through 0.18.99 Description vLLM, an inference and serving engine for large language models, contains a server-side request forgery SSRF flaw in the download bytes from url function. This allows an attacker who can control...
PT-2026-29741
Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is possible to change the URL HTTP Origin of the application call location. An unauthenticated attacker can craft a website that is able to launch...
CVE-2026-34746 Payload has Authenticated SSRF via Upload Functionality
Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery SSRF vulnerability exists in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the serve...
CVE-2026-20041
The CVE-2026-20041 entry concerns Cisco Nexus Dashboard and Nexus Dashboard Insights with a server-side request forgery (SSRF) vulnerability due to improper input validation in specific HTTP requests. The flaw could allow an attacker to persuade an authenticated user of the device management inte...
PT-2026-29163
Name of the Vulnerable Software and Affected Versions HAPI FHIR versions prior to 6.9.4 Description The /loadIG API endpoint in the FHIR Validator HTTP service does not properly validate user-supplied URLs provided via a JSON body before making server-side HTTP requests. This allows an...