3 matches found
CVE-2026-33205
Calibre (cross‑platform e‑book manager) has a Server-Side Request Forgery in the ebook viewer’s web view, exposed via the background-image endpoint. Prior to version 9.6.0, an attacker could perform blind GET requests to arbitrary URLs and exfiltrate data from the ebook sandbox. The issue is fixe...
EXNESS: SSRF in graphQL query (pwapi.ex2b.com)
An SSRF vulnerability was discovered in the GraphQL query for allTicks on the pwapi.ex2b.com website. This vulnerability allowed an attacker to set the source parameter to perform arbitrary GET requests, potentially compromising internal services exposed to internal network requests...
Nord Security: Blind SSRF on debug.nordvpn.com due to misconfigured sentry instance
Summary: The debug subdomain uses Sentry for application monitoring and error tracking. This software comes with a feature known as source code scraping turned on by default which makes it is possible to make blind get requests from the server on which it is running. Steps To Reproduce: add detai...