Lucene search
+L

9787 matches found

RedhatCVE
RedhatCVE
added 2026/03/28 4:59 p.m.9 views

CVE-2026-33284

GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validation on user-submitted support requests. As a result, arbitrary URLs can be included in support emails sent to administrators. Version 5.0.89 patches...

5.1CVSS6AI score0.00196EPSS
Exploits1References1
Veracode
Veracode
added 2026/03/28 5:25 a.m.10 views

Server-Side Request Forgery

pyLoad is vulnerable to Server-Side Request Forgery. The vulnerability is due to the download engine accepting arbitrary URLs without validation, where an authenticated attacker can exploit this to access internal network services and exfiltrate cloud provider metadata...

9.3CVSS5.8AI score0.00397EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 6:0 p.m.37 views

pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration

Summary PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery SSRF attacks. An authenticated attacker can exploit this to access internal network services and exfiltrate cloud provider metadata. On DigitalOcean droplets, this exposes sensitive...

9.3CVSS6.1AI score0.00397EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/03/27 3:16 p.m.14 views

CVE-2026-33284

GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validation on user-submitted support requests. As a result, arbitrary URLs can be included in support emails sent to administrators. Version 5.0.89 patches...

5.1CVSS0.00196EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/27 1:52 p.m.2 views

CVE-2026-33205 calibre has Server-Side Request Forgery in ebook viewer backend

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitra...

4.8CVSS6AI score0.00173EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.15 views

Calibre 代码问题漏洞

Calibre is an open-source, free tool developed by Kovid Goyal, a personal developer in India. It serves as a comprehensive e-book reading management and format conversion tool. Prior to Calibre 9.6.0, there were code-related vulnerabilities. These vulnerabilities stemmed from a server-side reques...

5.5CVSS6AI score0.00173EPSS
Exploits1References1
NVD
NVD
added 2026/03/23 5:16 p.m.8 views

CVE-2026-33502

WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated server-side request forgery vulnerability in plugin/Live/test.php allows any remote user to make the AVideo server send HTTP requests to arbitrary URLs. This can be used to probe...

9.3CVSS0.00442EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.14 views

PT-2026-26216

Name of the Vulnerable Software and Affected Versions Budibase versions 3.30.6 and prior Description Budibase is a low code platform that allows the creation of internal tools, workflows, and admin panels. A flaw exists in the REST datasource query preview endpoint POST /api/queries/preview where...

8.7CVSS6AI score0.00367EPSS
Exploits1References10
EUVD
EUVD
added 2026/03/12 2:23 p.m.5 views

EUVD-2026-11381

SiYuan has a Full-Read SSRF via /api/network/forwardProxy...

8.3CVSS5.8AI score0.00278EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/11 8:38 p.m.1 views

CVE-2026-32110 SiYuan has a Full-Read SSRF via /api/network/forwardProxy

SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and...

8.3CVSS5.9AI score0.00278EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/11 8:38 p.m.32 views

CVE-2026-32110 SiYuan has a Full-Read SSRF via /api/network/forwardProxy

SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and...

8.3CVSS0.00278EPSS
Exploits1References1
CVE
CVE
added 2026/03/11 8:38 p.m.17 views

CVE-2026-32110

SiYuan (personal knowledge management system) suffers a Full-Read SSRF via the /api/network/forwardProxy endpoint prior to version 3.6.0. Authenticated users can supply a user-controlled URL and trigger the server to fetch arbitrary HTTP resources, with the system returning the full response body...

8.3CVSS5.9AI score0.00278EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/06 7:33 p.m.16 views

CVE-2026-30844

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...

9.3CVSS5.8AI score0.00235EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/06 6:40 p.m.9 views

GHSA-RW8P-C6HF-Q3PG PinchTab has SSRF with Full Response Exfiltration via Download Handler

SSRF with Full Response Exfiltration via Download Handler Summary A Server-Side Request Forgery SSRF vulnerability in the /download endpoint allows any user with API access to induce the PinchTab server to make requests to arbitrary URLs, including internal network services and local system files...

7.5CVSS5.9AI score0.00423EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/05 9:59 p.m.6 views

EUVD-2026-9913

OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTPS URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can...

6.9CVSS6AI score0.00397EPSS
Exploits1References4
CVE
CVE
added 2026/03/05 9:59 p.m.15 views

CVE-2026-28467

OpenClaw (npm package) before 2026.2.2 is affected by a server-side request forgery in attachment/media URL hydration. An attacker who can influence media URLs via model-controlled sendAttachment or auto-reply could trigger SSRF to internal resources and exfiltrate fetched bytes as outbound attac...

8.6CVSS6AI score0.00397EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/05 9:59 p.m.3 views

CVE-2026-28467 OpenClaw < 2026.2.2 - SSRF via Attachment Media URL Hydration

OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTPS URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can...

6.3CVSS6.1AI score0.00397EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.9 views

OpenClaw 代码问题漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw there is a code problem vulnerability , the vulnerability stems from the attachment and media URL hydration exists server-side request forgery , an attacker can use the vulnerability to obtain arbitrary HTTPS URL...

8.6CVSS6AI score0.00397EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/04 12:27 a.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the notifier functionality. An attacker can enumerate internal services by supplying arbitrary URLs, causing the application to send HTTP POST requests and observing UI behavior differences based on...

5.3CVSS6AI score0.00187EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/04 12:27 a.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the notifier functionality. An attacker can enumerate internal services by supplying arbitrary URLs, causing the application to send HTTP POST requests and observing UI behavior differences based on...

5.3CVSS6AI score0.00187EPSS
Exploits0References2
Rows per page
Query Builder