Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

91 matches found

Nuclei
Nucleiadded yesterday28 views

Academy LMS 6.0 - Cross-Site Scripting

Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting XSS vulnerability through query parameter. id: CVE-2023-38964 info: name: Academy LMS 6.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Creative Item Academy LMS 6.0 was discovered to...

6.1CVSS6.2AI score0.01056EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2026/06/11 5:10 p.m.7 views

Kolibri has Unauthenticated Server-Side Request Forgery (SSRF) in RemoteFacilityUserViewset

Summary Several Kolibri API endpoints accept an unvalidated baseurl parameter and fetch attacker-controlled URLs from the Kolibri server, reflecting the response body back to the caller. The original report identified two endpoints on the RemoteFacilityUser viewsets; remediation review found two...

5.8AI score0.00047EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2026/06/11 5:10 p.m.3 views

GHSA-4MJ9-PF4R-CQRC Kolibri has Unauthenticated Server-Side Request Forgery (SSRF) in RemoteFacilityUserViewset

Summary Several Kolibri API endpoints accept an unvalidated baseurl parameter and fetch attacker-controlled URLs from the Kolibri server, reflecting the response body back to the caller. The original report identified two endpoints on the RemoteFacilityUser viewsets; remediation review found two...

5.8CVSS5.8AI score0.00047EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/06/11 12:0 a.m.8 views

PT-2026-48808

Summary Several Kolibri API endpoints accept an unvalidated baseurl parameter and fetch attacker-controlled URLs from the Kolibri server, reflecting the response body back to the caller. The original report identified two endpoints on the RemoteFacilityUser viewsets; remediation review found two...

5.8CVSS5.8AI score0.00047EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/06/05 7:39 p.m.9 views

CVE-2026-7223

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:15 p.m.6 views

CVE-2026-46372

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern exposes /api/search/searxng, which accepts attacker-controlled baseUrl and uses it...

8.5CVSS5.5AI score0.00866EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/02 4:1 p.m.11 views

CVE-2026-10240

A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly...

6.5CVSS5.6AI score0.0027EPSS
Exploits0References1
NVD
NVDadded 2026/06/01 9:16 a.m.12 views

CVE-2026-10240

A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly...

6.5CVSS0.0027EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/06/01 8:15 a.m.8 views

CVE-2026-10240 JeecgBoot test server-side request forgery

A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly...

6.5CVSS6.3AI score0.0027EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/06/01 8:15 a.m.30 views

CVE-2026-10240 JeecgBoot test server-side request forgery

A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly...

6.5CVSS0.0027EPSS
Exploits0References6
EUVD
EUVDadded 2026/06/01 8:15 a.m.10 views

EUVD-2026-33603

A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly...

6.5CVSS6.3AI score0.0027EPSS
Exploits0References6
CVE
CVEadded 2026/06/01 8:15 a.m.19 views

CVE-2026-10240

JeecgBoot up to 3.9.2 contains a server-side request forgery (SSRF) vulnerability in an unknown function of /airag/airagModel/test, triggered by manipulating the baseUrl argument. It is exploitable remotely and a public exploit exists. A fix is planned for the upcoming release.

6.5CVSS6.3AI score0.0027EPSS
Exploits0References6
CNNVD
CNNVDadded 2026/06/01 12:0 a.m.9 views

JeecgBoot 代码问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.2 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect operations with the parameter baseUrl in the /airag/airagModel/test file, which...

6.5CVSS6.6AI score0.0027EPSS
Exploits0References7
ATTACKERKB
ATTACKERKBadded 2026/05/29 5:41 p.m.8 views

CVE-2026-46372

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern exposes /api/search/searxng, which accepts attacker-controlled baseUrl and uses it...

8.5CVSS5.8AI score0.00866EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/29 5:41 p.m.10 views

CVE-2026-46372 SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern exposes /api/search/searxng, which accepts attacker-controlled baseUrl and uses it...

8.5CVSS5.8AI score0.00866EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/29 5:41 p.m.41 views

CVE-2026-46372 SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern exposes /api/search/searxng, which accepts attacker-controlled baseUrl and uses it...

8.5CVSS0.00866EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/27 8:14 p.m.9 views

CVE-2026-9372

A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery. Remote exploitation of the attack is...

7.5CVSS6.7AI score0.00278EPSS
Exploits0References1
SUSE CVE
SUSE CVEadded 2026/05/27 3:5 a.m.7 views

SUSE CVE-2025-27152

axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue...

7.5CVSS6.3AI score0.00759EPSS
Exploits1References6
NVD
NVDadded 2026/05/24 11:16 a.m.12 views

CVE-2026-9372

A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery. Remote exploitation of the attack is...

7.5CVSS0.00278EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/05/24 10:0 a.m.8 views

CVE-2026-9372 ItzCrazyKns Vane Model Provider API route.ts server-side request forgery

A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery. Remote exploitation of the attack is...

7.5CVSS6.7AI score0.00278EPSS
Exploits0References5
Rows per page
Query Builder