Lucene search
K

139 matches found

EUVD
EUVD
added 3 days ago7 views

EUVD-2026-43178

PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that resolve to internal services after the initial...

8.5CVSS6.1AI score0.00221EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-55671 ZITADEL: Server-Side Request Forgery (SSRF) and Denylist Bypass in Outgoing HTTP Components

ZITADEL is an open source identity management platform. From 4.0.0-rc.1 through 4.15.1, ZITADEL's HTTP notification channels, OIDC BackChannel Logout, and SAML metadata URL fetches do not consistently validate user-defined URLs against protected denylist handling, allowing server-side requests to...

2.3CVSS0.00252EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42896

PraisonAI before 4.6.78 contains an unauthenticated server-side request forgery vulnerability in the Jobs API /api/v1/runs endpoint. The webhookurl parameter is validated at request time but re-resolved at connection time, allowing attackers to use DNS rebinding to reach internal services with a...

7.2CVSS6.1AI score0.0018EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 6 days ago8 views

Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE

Summary Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port TCP 24282, hardcoded as 0x5EDA in constants.py. The server has no authentication, no CSRF protection, and no Host header validation. A DNS rebinding attack allows a malicious webpage to reach...

8.3CVSS6.7AI score0.00237EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added last week30 views

CVE-2026-49471 Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE

Serena is a powerful MCP toolkit for coding that provides semantic retrieval and editing capabilities. Prior to v1.5.2, Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port, with no authentication, no CSRF protection, and no Host header validation. A D...

8.3CVSS0.00237EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 11:39 p.m.2 views

BIT-GHOST-2026-53945 Ghost: Server-side request forgery via DNS rebinding in external request handling

Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing an attacker to coerce the Ghost server into reaching hosts on internal networks through features that issue external fetches. Th...

4CVSS5.8AI score0.0014EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 8:44 p.m.8 views

CVE-2026-54353

Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypass Budibase's SSRF blacklist through DNS rebinding. The outbound fetch flow validates a hostname against the blacklist before the request is sent, but the actual socket connectio...

8.5CVSS5.8AI score0.00202EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52069

Name of the Vulnerable Software and Affected Versions Ghost versions 6.0.9 through 6.21.0 Description Ghost is a Node.js content management system. A flaw in the private-IP check for outbound HTTP requests allows a bypass via DNS rebinding. DNS rebinding is a technique that tricks a browser or...

4CVSS5.8AI score0.0014EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/22 11:39 p.m.10 views

@budibase/backend-core has potential SSRF DNS rebinding bypass in outbound fetch validation

Summary Authenticated users with automation permissions can bypass Budibase's SSRF blacklist through DNS rebinding. The outbound fetch flow validates a hostname against the blacklist before the request is sent, but the actual socket connection later performs a separate DNS lookup through...

8.5CVSS5.9AI score0.00202EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/17 11:29 p.m.28 views

CVE-2026-48764

TypeBot suffers an SSRF in HTTP request and script fetch flows prior to version 3.17.2. The root cause is a time‑of‑check/time‑of‑use gap: the hostname is validated once against a forbidden range, but the subsequent request resolves the hostname again and may connect to a different IP, enabling D...

8.2CVSS5.4AI score0.00271EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 7:18 p.m.15 views

CVE-2026-53869

Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events endpoints, enabling...

8.7CVSS0.006EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/13 8:38 a.m.11 views

CVE-2026-11624

The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebinding attacks. Prior to the v0.25.0 release, users had no way to validate the origin's host. In v0.25.0, a new "--allowed-hosts" flag was introduced...

9.4CVSS5.3AI score0.00153EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/13 8:38 a.m.30 views

CVE-2026-11624

The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebinding attacks. Prior to the v0.25.0 release, users had no way to validate the origin's host. In v0.25.0, a new "--allowed-hosts" flag was introduced...

9.4CVSS0.00153EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 7:17 p.m.28 views

CVE-2026-53782 Summarize < 0.17.0 SSRF via podcast:transcript URL fetch

Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying...

7.4CVSS0.00265EPSS
Exploits0References4
CVE
CVE
added 2026/06/11 7:17 p.m.23 views

CVE-2026-53782

CVE-2026-53782 affects Summarize

7.4CVSS5.5AI score0.00265EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.12 views

CVE-2026-41272

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers secureAxiosRequest and secureFetch intended to prevent Server-Side Request Forgery SSRF contain multiple logic flaws. These flaws allow attackers to bypass the...

7.1CVSS7.1AI score0.00232EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/03 12:0 a.m.40 views

CVE-2026-36604

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker can rebind a domain to the router's internal IP address, extending the CORS wildcard vulnerability Access-Control-Allow-Origin: to...

0.00254EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 12:0 a.m.16 views

CVE-2026-36604

Mercusys AC12G (EU) V1 router vulnerable to DNS rebinding due to HTTP Host header validation failure in firmware AC12G(EU)_V1_200909. An external attacker could rebound a domain to the router’s internal IP, taking advantage of an existing CORS wildcard weakness (Access-Control-Allow-Origin: *). C...

6.5CVSS5.8AI score0.00254EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained code vulnerabilities. These vulnerabilities stemmed from the lack of using the $resolvedIP output parameter from functions like EpgParser.php and...

6.5CVSS5.9AI score0.00136EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/26 8:22 p.m.36 views

CVE-2026-42336 MaxKB: SSRF Bypass via DNS Rebinding in MaxKB OSS URL Fetch

MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch functionality due to inconsistent DNS resolution between validation and actual request execution, allowing attackers to access...

5.1CVSS0.00187EPSS
Exploits0References1
Rows per page
Query Builder