Lucene search
K

239 matches found

Veracode
Veracode
added 2026/01/20 1:20 p.m.8 views

Server-Side Request Forgery (SSRF)

Umbraco CMS is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of the baseUrl parameter in dashboard and help controller endpoints, which allows an attacker to craft requests that force the server to make unauthorized requests to external hosts...

6.9CVSS5.5AI score0.00343EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/15 3:52 p.m.6 views

CVE-2021-47776

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...

6.9CVSS5.5AI score0.00343EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.4 views

Umbraco CMS code-related vulnerabilities

Umbraco CMS is a content management system developed by the Danish company Umbraco. Version 8.14.1 of Umbraco CMS has a code vulnerability that stems from improper handling of the baseUrl parameter, which may lead to server-side request forgeing...

6.9CVSS5.8AI score0.00343EPSS
Exploits1References3
NVD
NVD
added 2026/01/13 11:15 p.m.7 views

CVE-2022-50899

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...

8.7CVSS0.00463EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.9 views

CVE-2026-22794

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If an attacker controls the Origin, password reset / email verification links in emails can be...

9.6CVSS7.1AI score0.00393EPSS
Exploits3References1
OSV
OSV
added 2026/01/13 10:51 p.m.5 views

CVE-2022-50899 Geonetwork 4.2.0 - XML External Entity (XXE)

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...

8.7CVSS6.1AI score0.00463EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.8 views

PT-2026-2375

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...

8.7CVSS7AI score0.00463EPSS
Exploits1References4
NVD
NVD
added 2026/01/12 10:16 p.m.8 views

CVE-2026-22794

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If an attacker controls the Origin, password reset / email verification links in emails can be...

9.6CVSS0.00393EPSS
Exploits3References2
CVE
CVE
added 2026/01/12 9:54 p.m.21 views

CVE-2026-22794

Appsmith prior to version 1.93 is vulnerable to Origin header injection. The server previously used the Origin value from request headers as the base URL for password reset and email verification links without validation, allowing an attacker who controls Origin to craft links that point to the a...

9.6CVSS6.7AI score0.00393EPSS
Exploits3References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/09 6:29 p.m.5 views

CVE-2025-66405

Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch...

6.9CVSS6.8AI score0.00323EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/08 11:6 a.m.7 views

Server-Side Request Forgery (SSRF)

apache.nms.amqp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper URL resolution in the createRequestUrl function that treats paths beginning with // or \ as schema-relative URLs, which allows an attacker to override the intended base URL and force the server...

9.8CVSS7AI score0.02016EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/12/01 10:25 p.m.6 views

CVE-2025-66405 Portkey.ai Gateway: Server-Side Request Forgery (SSRF) in Custom Host

Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch...

6.9CVSS6.7AI score0.00323EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/01 10:25 p.m.3 views

CVE-2025-66405 Portkey.ai Gateway: Server-Side Request Forgery (SSRF) in Custom Host

Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch...

6.9CVSS6.3AI score0.00323EPSS
Exploits0References3
OSV
OSV
added 2025/12/01 9:29 p.m.5 views

GHSA-569Q-MPPH-WGWW Better Auth affected by external request basePath modification DoS

Summary Affected versions of Better Auth allow an external request to configure baseURL when it isn’t defined through any other means. This can be abused to poison the router’s base path, causing all routes to return 404 for all users. This issue is only exploitable when baseURL is not explicitly...

6.3CVSS6AI score
Exploits0References4
Snyk
Snyk
added 2025/12/01 9:29 p.m.4 views

External Control of File Name or Path

Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to External Control of File Name or Path via the getBaseURL function. An attacker can cause all routes to return 404 errors for all users by sending a crafted...

6.3CVSS7.2AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/12/01 9:29 p.m.20 views

Better Auth affected by external request basePath modification DoS

Summary Affected versions of Better Auth allow an external request to configure baseURL when it isn’t defined through any other means. This can be abused to poison the router’s base path, causing all routes to return 404 for all users. This issue is only exploitable when baseURL is not explicitly...

7.2AI score
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/01 12:0 a.m.4 views

PT-2025-48576

Name of the Vulnerable Software and Affected Versions Portkey.ai Gateway versions prior to 1.14.0 Description The Portkey.ai Gateway, a fast AI Gateway with integrated guardrails, is susceptible to Server-Side Request Forgery SSRF attacks in versions before 1.14.0. The gateway determines the...

9.8CVSS6.5AI score0.00323EPSS
Exploits0References11
Cvelist
Cvelist
added 2025/10/27 7:32 a.m.9 views

CVE-2025-12245 chatwoot Widget IFrameHelper.js initPostMessageCommunication origin validation

A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to origin validation error. Remote exploitation of th...

6.9CVSS0.00293EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/10/17 7:46 p.m.9 views

CVE-2025-62427

The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-Side Request Forgery SSRF flaw within the URL resolution mechanism of Angular's Server-Side Rendering package @angular/ssr before 19.2.18, 20.3.6, and 21.0.0-next.8. The function createRequestU...

8.7CVSS7AI score0.00397EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/05 9:30 a.m.3 views

EUVD-2025-32452

A vulnerability was determined in samanhappy MCPHub up to 0.9.10. This affects an unknown part of the file src/controllers/serverController.ts of the component MCPRouter Service. This manipulation of the argument baseUrl causes server-side request forgery. The attack may be initiated remotely. Th...

5.8CVSS6.2AI score0.00287EPSS
Exploits1References5
Rows per page
Query Builder