Lucene search
+L

4 matches found

Cvelist
Cvelist
added 2026/07/08 7:31 p.m.35 views

CVE-2026-58501 Zeep SSRF because Settings.forbid_external is not enforced

Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbidexternal is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fix...

5.9CVSS0.00252EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.10 views

CVE-2026-43986

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public /image/ route that resolves attacker-controlled entries from imagehashlookup and replays them through the same server-side image fetch logic used by authenticated image proxying...

9.9CVSS5.6AI score0.00262EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 3:20 p.m.3 views

CVE-2026-42591 Gotenberg: Server-Side Request Forgery (SSRF) in github.com/gotenberg/gotenberg/v8

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint /forms/libreoffice/convert passes uploaded documents directly to LibreOffice without inspecting their content. LibreOffice then fetches any embedded external URLs on its own, completely...

8.2CVSS6AI score0.00245EPSS
Exploits1References3
OSV
OSV
added 2018/09/05 9:29 p.m.6 views

CVE-2018-16307

An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name containing a random string is used...

7.5CVSS5.9AI score0.01967EPSS
Exploits3References1
Rows per page
Query Builder