Lucene search
+L

42 matches found

Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50154

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.8.1 Description When opening a WebSocket connection, the runtime validates the destination hostname against --deny-net rules but fails to re-verify the IP addresses the hostname resolves to. This allows an...

5.2CVSS5.9AI score0.00101EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.14 views

CVE-2026-41272

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers secureAxiosRequest and secureFetch intended to prevent Server-Side Request Forgery SSRF contain multiple logic flaws. These flaws allow attackers to bypass the...

7.1CVSS7.1AI score0.00232EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42595

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint /forms/chromium/convert/url has no default protection against HTTP/HTTPS-based SSRF. The default deny-list regex only blocks file:// URIs. An unauthenticated attacker can point...

8.6CVSS5.5AI score0.00313EPSS
Exploits1References1
NVD
NVD
added 2026/05/14 4:16 p.m.25 views

CVE-2026-42596

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is regex-based and case-sensitive, an unauthenticated attacker can supply URLs such as...

9.4CVSS0.00352EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/14 3:33 p.m.43 views

CVE-2026-42595 Gotenberg: Server-Side Request Forgery via Chromium URL Endpoint with Redirect-Based Deny-List Bypass

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint /forms/chromium/convert/url has no default protection against HTTP/HTTPS-based SSRF. The default deny-list regex only blocks file:// URIs. An unauthenticated attacker can point...

8.6CVSS0.00313EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:33 p.m.6 views

CVE-2026-42595

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint /forms/chromium/convert/url has no default protection against HTTP/HTTPS-based SSRF. The default deny-list regex only blocks file:// URIs. An unauthenticated attacker can point...

8.6CVSS5.8AI score0.00313EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/14 3:33 p.m.4 views

CVE-2026-42595 Gotenberg: Server-Side Request Forgery via Chromium URL Endpoint with Redirect-Based Deny-List Bypass

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint /forms/chromium/convert/url has no default protection against HTTP/HTTPS-based SSRF. The default deny-list regex only blocks file:// URIs. An unauthenticated attacker can point...

8.6CVSS6AI score0.00313EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/14 3:19 p.m.9 views

CVE-2026-42596 Gotenberg: Unauthenticated SSRF via default deny-list bypass in downloadFrom and webhook

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is regex-based and case-sensitive, an unauthenticated attacker can supply URLs such as...

9.4CVSS5.8AI score0.00352EPSS
Exploits1References1
OSV
OSV
added 2026/05/14 3:19 p.m.4 views

CVE-2026-42596 Gotenberg: Unauthenticated SSRF via default deny-list bypass in downloadFrom and webhook

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is regex-based and case-sensitive, an unauthenticated attacker can supply URLs such as...

9.4CVSS6AI score0.00352EPSS
Exploits1References3
CVE
CVE
added 2026/05/14 3:19 p.m.26 views

CVE-2026-42596

CVE-2026-42596 describes an unauthenticated SSRF vulnerability in Gotenberg’s default deny-list filtering for the downloadFrom and webhook features. The issue arises because the deny-lists are regex-based and case-sensitive, allowing attacker-controlled URLs (e.g., IPv4-mapped IPv6 loopback forms...

9.4CVSS5.8AI score0.00352EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 1:51 p.m.16 views

Gotenberg: Server-Side Request Forgery via Chromium URL Endpoint with Redirect-Based Deny-List Bypass

A review of 4 published Gotenberg security advisories exposed an SSRF issue. GHSA-pjrr-jgp4-v2fm covers SSRF via the downloadFrom endpoint. GHSA-pcrp-7g9h-7qhp covers SSRF via the webhook endpoint. Neither advisory addresses SSRF through the primary Chromium URL-to-PDF conversion endpoint...

8.6CVSS6AI score0.00313EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/07 2:20 a.m.11 views

CVE-2026-6249

Vvveb CMS 1.0.8.2 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webshell with a .phtml extension. Attackers can bypass the extension deny-list and upload malicious...

8.8CVSS6.7AI score0.00624EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/07 1:15 a.m.8 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadFrom and webhook processes. An attacker can access internal network resources and potentially exfiltrate sensitive information or interact with internal-only services by supplying special...

9.4CVSS5.8AI score0.00352EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/07 1:15 a.m.7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadFrom and webhook processes. An attacker can access internal network resources and potentially exfiltrate sensitive information or interact with internal-only services by supplying special...

9.4CVSS5.8AI score0.00352EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/06 8:21 p.m.11 views

CVE-2026-40280

Gotenberg is an API-based document conversion tool. In versions 8.30.1 and earlier, the default private-IP deny-lists for the --webhook-deny-list and --api-download-from-deny-list flags use a case-sensitive regular expression ^https?:// to match URL schemes. Because Go's net/url.Parse normalizes...

7.8CVSS5.7AI score0.00463EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/05 7:52 p.m.17 views

CVE-2026-40280 Gotenberg SSRF via case-insensitive URL scheme bypass in webhook and downloadFrom deny-lists

Gotenberg is an API-based document conversion tool. In versions 8.30.1 and earlier, the default private-IP deny-lists for the --webhook-deny-list and --api-download-from-deny-list flags use a case-sensitive regular expression ^https?:// to match URL schemes. Because Go's net/url.Parse normalizes...

7.8CVSS5.7AI score0.00463EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/30 5:19 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the FilterDeadline process. An attacker can access internal network services and potentially exfiltrate sensitive information by submitting URLs with uppercase schemes that bypass the deny-list...

9.3CVSS5.8AI score0.00463EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.16 views

PT-2026-37104

Name of the Vulnerable Software and Affected Versions Gotenberg versions 8.30.1 and earlier Description Gotenberg is an API-based document conversion tool. The default private-IP deny-lists for the --webhook-deny-list and --api-download-from-deny-list flags use a case-sensitive regular expression...

7.8CVSS5.8AI score0.00463EPSS
Exploits1References12
ATTACKERKB
ATTACKERKB
added 2026/04/20 7:57 p.m.6 views

CVE-2026-6249

Vvveb CMS 1.0.8.2 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webshell with a .phtml extension. Attackers can bypass the extension deny-list and upload malicious...

8.8CVSS6.7AI score0.00624EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/04/04 6:10 a.m.4 views

Server-side Request Forgery (SSRF)

Overview directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the file import process due to improper normalization of IPv4-mapped IPv6 addresses. An attacker can acce...

7.7CVSS5.9AI score0.00336EPSS
Exploits0References2
Rows per page
Query Builder