Lucene search
K

90 matches found

Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-15508 Helicone ai-gateway AWS Metadata Service service.rs build_target_url server-side request forgery

A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function buildtargeturl of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata Service. Executing a manipulation of the argument extractedpathandquery can lead to server-side request forgery...

6.5CVSS0.00333EPSS
Exploits0References5
CVE
CVE
added 2 days ago15 views

CVE-2026-15508

Helicone ai-gateway (up to 0.2.0-beta.30) is affected. The flaw is in the AWS Metadata Service component, specifically the build_target_url function in ai-gateway/src/dispatcher/service.rs, where manipulating extracted_path_and_query can trigger server-side request forgery. Exploitation is possib...

6.5CVSS6.3AI score0.00333EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-57575

A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function build target url of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata Service. Executing a manipulation of the argument extracted path and query can lead to server-side request...

6.5CVSS6.3AI score0.00333EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 6:37 p.m.19 views

Malicious code in @solana-labs/web3.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91b0523027116b3981b0f1dfe925f01d8956eb19817aae6ea7d0022d5357fba4 Package @solana-labs/web3.js impersonates the legitimate @solana/web3.js and re-exports it as cover while running a malicious postinstall node...

5.5AI score
Exploits0References6
CVE
CVE
added 2026/05/22 5:27 p.m.35 views

CVE-2026-39965

Summary: CVE-2026-39965 affects TypeBot (versions ≤ 3.15.2). The HTTP Request and Code blocks validate the initial URL but the HTTP clients (ky and fetch) do not re-validate redirect destinations on 302 responses, enabling an authenticated user to point a block to an attacker-controlled server th...

7.7CVSS5.8AI score0.00239EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.13 views

PT-2026-42818

TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl to block private IPs and cloud metadata hostnames. However, the HTTP clients ky and fetch follow 3...

7.7CVSS5.8AI score0.00239EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.10 views

CVE-2026-42141

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery SSRF vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests fr...

7.7CVSS5.9AI score0.00369EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/12 5:14 p.m.10 views

CVE-2026-42141 Xibo: Authenticated Server-Side Request Forgery (SSRF) in Library Upload via URL functionality

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery SSRF vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests fr...

7.7CVSS5.9AI score0.00369EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/07 9:28 p.m.14 views

Ech0 has Server-Side Request Forgery (SSRF) via Connect Handler fetchPeerConnectInfo

Summary The fetchPeerConnectInfo function in internal/service/connect/connect.go:214-239 uses httpUtil.SendRequest no SSRF protection instead of SendSafeRequest which has ValidatePublicHTTPURL with private IP blocking. This allows authenticated users to make the server request arbitrary URLs...

5.9AI score
Exploits0References3Affected Software1
GithubExploit
GithubExploit
added 2026/04/12 5:26 p.m.240 views

Exploit for Server-Side Request Forgery in Vercel Next.Js

CVE-2024-34351 Demo Minimal Next.js 14.0.0 application for de...

7.5CVSS5.9AI score0.05453EPSS
Exploits3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-7033

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00646EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-47022

Malicious code in bioql PyPI...

8.6CVSS8.8AI score0.00554EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-45343

Malicious code in bioql PyPI...

8.5CVSS6.6AI score0.00472EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-7008

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00703EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-7035

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.0056EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-6877

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00671EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-4073

Malicious code in bioql PyPI...

9.4CVSS6.6AI score0.0069EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-7017

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00561EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-32646

Malicious code in bioql PyPI...

7.7CVSS7.7AI score0.00487EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:18 p.m.13 views

CVE-2022-38298

Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery SSRF via redirecting incoming requests to the AWS internal metadata endpoint...

8.8CVSS7.4AI score0.0064EPSS
Exploits0References1
Rows per page
Query Builder