Lucene search
K

529 matches found

Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.13 views

PT-2026-42674

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.04.1 Description The request-filtering-agent Server-Side Request Forgery SSRF protection is non-functional in the Slack, Discord, Mattermost, and Teams notification webhook plugins. This occurs because the httpAge...

4.3CVSS5.9AI score0.00176EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.8 views

PT-2026-42653

Summary A Server-Side Request Forgery SSRF vulnerability in get image info allows any authenticated user to force the server to send HTTP requests to arbitrary internal endpoints, including cloud metadata services e.g., AWS 169.254.169.254. This is a blind SSRF with confirmed internal port scanni...

6.5CVSS5.9AI score
Exploits0References3
OSV
OSV
added 2026/05/19 3:52 p.m.6 views

GHSA-J3FJ-QPPJ-FMMC Mailpit has an incomplete fix for GHSA-6jxm: HTML check still permits SSRF to private/loopback/IMDS via missing IP-filter dialer

Summary The fix for GHSA-6jxm-fv7w-rw5j CVE-2026-23845, "Server-Side Request Forgery SSRF via HTML Check API", shipped in mailpit v1.28.3, hardened internal/htmlcheck/css.go::downloadCSSToBytes with a 5MB size cap, a text/css content-type check, login-info stripping in isValidURL, and an opt-in...

5.8CVSS5.8AI score0.00037EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/15 5:53 p.m.9 views

Server-side Request Forgery (SSRF)

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the req function. An attacker can access internal services and sensitive cloud metadata by leveraging HTTP redirects through an attacker-controlled server,...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References2
OSV
OSV
added 2026/05/14 8:29 p.m.8 views

GHSA-96FF-GC8G-WPVG DeepSeek TUI has SSRF via HTTP Redirect Bypass in fetch_url Tool

Summary The fetchurl tool validates the initial URL's resolved IP address against a restricted-IP blocklist isrestrictedip to prevent SSRF attacks against internal services cloud metadata endpoints, localhost, private networks. However, the HTTP client reqwest is configured to automatically follo...

7.4CVSS5.8AI score0.00226EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/14 3:46 p.m.5 views

CVE-2026-42281 MagicMirror²: Unauthenticated SSRF via /cors endpoint

MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadat...

9.2CVSS6AI score0.01623EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

MagicMirror 代码问题漏洞

MagicMirror is an open-source modular smart mirror platform developed by MagicMirror. Versions of MagicMirror prior to 2.36.0 had code vulnerabilities. These vulnerabilities stemmed from unauthorized server-side request forgery through the /cors endpoint, which could allow any remote attacker to...

9.2CVSS6AI score0.01623EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.16 views

PT-2026-41165

Name of the Vulnerable Software and Affected Versions CodeWhale versions prior to 0.8.22 Description The fetch url tool implements a check using the is restricted ip function to validate the resolved IP address of an initial URL against a blocklist of restricted IPs, such as localhost, private...

7.4CVSS5.7AI score0.00226EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.22 views

PT-2026-41172

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description A Server-Side Request Forgery SSRF bypass exists in the validate url function located in backend/open webui/retrieval/web/utils.py. The function calls validators.ipv6ip, private=True, but because...

8.5CVSS5.8AI score0.00286EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.14 views

CVE-2026-42345

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...

7.7CVSS5.8AI score0.00213EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 6:17 p.m.39 views

CVE-2026-42141

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery SSRF vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests fr...

7.7CVSS0.00369EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/12 5:49 p.m.30 views

CVE-2026-43929 ssrfcheck: Server-Side Request Forgery (SSRF) and Incomplete List of Disallowed Inputs

ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address e.g. http://::ffff:127.0.0.1/. The WHATWG URL parser bui...

8.2CVSS0.00226EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 4:29 p.m.8 views

CVE-2026-43993 JunoClaw: SSRF in WAVS computeDataVerify allows cloud-metadata and internal-service access

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1...

8.2CVSS5.8AI score0.0023EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/12 4:29 p.m.35 views

CVE-2026-43993 JunoClaw: SSRF in WAVS computeDataVerify allows cloud-metadata and internal-service access

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1...

8.2CVSS0.0023EPSS
Exploits0References3
CVE
CVE
added 2026/05/12 4:29 p.m.15 views

CVE-2026-43993

CVE-2026-43993 : In JunoClaw’s WAVS bridge, the function computeDataVerify fetched agent-supplied URLs without validating the URL scheme, port, or resolved IP, enabling an SSRF vulnerability. Affected version range is prior to 0.x.y-security-1 . This could allow access to cloud-metadata and inter...

8.2CVSS5.8AI score0.0023EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/12 4:36 a.m.122 views

Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

CVE-2023-27163 — request-baskets SSRF Exploit I wrote this ex...

6.5CVSS6.7AI score0.07497EPSS
Exploits29
OSV
OSV
added 2026/05/11 6:31 p.m.5 views

GHSA-65H7-C7C4-MGHX MLflow Has a Server-Side Request Forgery (SSRF) Vulnerability

A Server-Side Request Forgery SSRF vulnerability exists in MLflow versions prior to 3.9.0. The createwebhook function in mlflow/server/handlers.py accepts a user-controlled url parameter without validation, and the sendwebhookrequest function in mlflow/webhooks/delivery.py sends HTTP POST request...

7.1CVSS6AI score0.00288EPSS
Exploits1References4
NVD
NVD
added 2026/05/11 6:16 p.m.19 views

CVE-2026-42858

Open edX Platform enables the authoring and delivery of online learning at any scale. The syncproviderdata endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL via the metadataurl POST parameter. This URL is passed directly to requests.get in...

9.9CVSS0.00374EPSS
Exploits1References3
NVD
NVD
added 2026/05/11 6:16 p.m.9 views

CVE-2026-2393

A Server-Side Request Forgery SSRF vulnerability exists in MLflow versions prior to 3.9.0. The createwebhook function in mlflow/server/handlers.py accepts a user-controlled url parameter without validation, and the sendwebhookrequest function in mlflow/webhooks/delivery.py sends HTTP POST request...

7.1CVSS0.00288EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/11 5:30 p.m.33 views

CVE-2026-42858 Open edX Platform: Server-Side Request Forgery (SSRF) in SAML Provider Data Sync Endpoint

Open edX Platform enables the authoring and delivery of online learning at any scale. The syncproviderdata endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL via the metadataurl POST parameter. This URL is passed directly to requests.get in...

8.5CVSS0.00374EPSS
Exploits1References3
Rows per page
Query Builder