Lucene search
K

239 matches found

EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42106

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS6AI score0.00259EPSS
Exploits0References5
NVD
NVD
added 5 days ago8 views

CVE-2026-59706

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS0.00259EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago24 views

CVE-2026-59706 mem0 - Unauthenticated Config API Exposure and SSRF via ollama_base_url

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS0.00259EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-59706

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...

9.3CVSS6AI score0.00259EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:50 p.m.7 views

CVE-2026-54033

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation — no private IP check, no scheme...

7.7CVSS5.9AI score0.00207EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 3:50 p.m.34 views

CVE-2026-54033 LibreChat: SSRF via User-Provided Custom Endpoint baseURL — no private IP validation on user-configured API base URLs

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation — no private IP check, no scheme...

7.7CVSS0.00207EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 3:50 p.m.5 views

EUVD-2026-39460

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation — no private IP check, no scheme...

7.7CVSS5.9AI score0.00207EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 1:16 p.m.10 views

CVE-2026-56275

Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud...

7.1CVSS0.00183EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/23 12:13 p.m.40 views

CVE-2026-56275 Flowise - Server-Side Request Forgery via Execute Flow Base URL

Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud...

6CVSS0.00183EPSS
Exploits1References2
CVE
CVE
added 2026/06/23 12:13 p.m.13 views

CVE-2026-56275

CVE-2026-56275 concerns Flowise prior to 3.1.0, where the Execute Flow node is vulnerable to a server-side request forgery (SSRF). By supplying intranet addresses in the base URL field, an attacker can bypass security validation and initiate HTTP requests to internal network addresses, potentiall...

7.1CVSS5.9AI score0.00183EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:13 p.m.6 views

CVE-2026-56275

Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud...

6CVSS5.9AI score0.00183EPSS
Exploits1References3
NVD
NVD
added 2026/06/18 4:16 p.m.10 views

CVE-2025-58175

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a GeoServer that uses ENTITYRESOLUTIONALLOWLIST may allow attacker to perform unauthenticated Server-Side Request Forgery SSRF. This vulnerability requires that GeoServer i...

8.2CVSS0.00287EPSS
Exploits0References3
CVE
CVE
added 2026/06/18 2:31 p.m.27 views

CVE-2025-58175

CVE-2025-58175 affects GeoServer prior to 2.26.4 and 2.27.3. When GeoServer is configured to use a proxy base URL and ENTITY_RESOLUTION_ALLOWLIST, an unauthenticated Server-Side Request Forgery (SSRF) can be triggered. The issue only affects installations where the proxy base URL lacks a URL path...

8.2CVSS5.3AI score0.00287EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/12 6:28 p.m.20 views

GHSA-J9GF-VW2F-9HRW Appsmith: Configuration-dependent origin validation bypass in password reset and email verification link generation

Summary A configuration-dependent origin validation bypass was identified in Appsmith’s password reset and email verification flows on current release. Both flows derive the email-link base URL from the request Origin header. The current validation only enforces a trusted base URL when...

8.1CVSS5.6AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/12 6:28 p.m.17 views

Appsmith: Configuration-dependent origin validation bypass in password reset and email verification link generation

Summary A configuration-dependent origin validation bypass was identified in Appsmith’s password reset and email verification flows on current release. Both flows derive the email-link base URL from the request Origin header. The current validation only enforces a trusted base URL when...

5.5AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/12 6:28 p.m.17 views

Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL

Summary Budibase stores external REST datasource credentials server-side and documents that database credentials are applied server-side and are not exposed in the UI. The REST datasource implementation redacts stored Basic/Bearer/OAuth2 auth secrets before returning datasource data to clients...

8.1CVSS5.7AI score0.00257EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/12 6:23 p.m.26 views

GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution

Summary A GeoServer that uses ENTITYRESOLUTIONALLOWLIST may allow attacker to perform unauthenticated Server-Side Request Forgery SSRF. Details This vulnerability requires that GeoServer is set up to use a proxy base URL and the ENTITYRESOLUTIONALLOWLIST default since 2.25.0: Impact This...

8.2CVSS5.3AI score0.00287EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2026/06/12 6:23 p.m.10 views

GHSA-X4R9-GMW3-HXWW GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution

Summary A GeoServer that uses ENTITYRESOLUTIONALLOWLIST may allow attacker to perform unauthenticated Server-Side Request Forgery SSRF. Details This vulnerability requires that GeoServer is set up to use a proxy base URL and the ENTITYRESOLUTIONALLOWLIST default since 2.25.0: Impact This...

6.5CVSS5.4AI score0.00287EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.12 views

PT-2026-49054

Name of the Vulnerable Software and Affected Versions GeoServer versions prior to 2.26.4 GeoServer versions prior to 2.27.3 Description GeoServer allows unauthenticated Server-Side Request Forgery SSRF, a condition where an attacker can cause the server to make requests to an unintended location...

6.5CVSS5.3AI score0.00287EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.11 views

CVE-2026-35400

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, an endpoint in the publication module was incorrectly trusting the baseURL submitted by a user's PO...

4.3CVSS5.5AI score0.00201EPSS
Exploits0References1
Rows per page
Query Builder