Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CVE
CVEadded 2026/05/24 10:0 a.m.17 views

CVE-2026-9372

ItzCrazyKns Vane (up to 1.12.1) contains a server-side request forgery in src/app/api/providers/route.ts via baseURL argument manipulation. Remote exploitation is possible and the exploit has been published. The project was informed early via an issue report but has not responded. No remediation ...

7.5CVSS6.7AI score0.00053EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/04/27 7:23 p.m.1 views

CVE-2026-7021

A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...

5.1CVSS4.8AI score0.00029EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/26 5:30 a.m.29 views

CVE-2026-7021 SmythOS sre Connector Service utils.ts information disclosure

A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...

5.1CVSS0.00029EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/04/26 12:0 a.m.1 views

PT-2026-35202

A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...

5.1CVSS4.8AI score0.00029EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2026/04/16 9:52 p.m.4 views

Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains

Summary A Server-Side Request Forgery SSRF vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests to internal and external systems. By injecting malicious prompt templates, attackers can bypass th...

8.3CVSS6AI score0.00115EPSS
Exploits1References3Affected Software2
Cvelist
Cvelistadded 2025/10/05 6:32 a.m.6 views

CVE-2025-11286 samanhappy MCPHub MCPRouter Service serverController.ts server-side request forgery

A vulnerability was determined in samanhappy MCPHub up to 0.9.10. This affects an unknown part of the file src/controllers/serverController.ts of the component MCPRouter Service. This manipulation of the argument baseUrl causes server-side request forgery. The attack may be initiated remotely. Th...

5.8CVSS0.00052EPSS
Exploits1References4
CNNVD
CNNVDadded 2024/06/17 12:0 a.m.1 views

Lobe Chat Security Vulnerability

Lobe Chat is an open source, high performance chatbot framework. A security vulnerability exists in Lobe Chat versions prior to 0.162.25, which stems from the fact that if an attacker is able to successfully authenticate via SSO/Access Code, they can obtain the real back-end API key by modifying...

5.7CVSS6.7AI score0.00467EPSS
Exploits1References2
Rows per page
Query Builder