Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/20 1:25 a.m.7 views

CVE-2026-6394

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the importdemo function accepting a user-supplied URL in the demojsonfile POST parameter and...

5.4CVSS5.9AI score0.001EPSS
Exploits0References8
NVD
NVDadded 2026/05/13 6:16 p.m.6 views

CVE-2026-44578

Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker can cause the serve...

8.6CVSS0.0581EPSS
Exploits7References1
Cvelist
Cvelistadded 2026/04/09 9:18 p.m.15 views

CVE-2026-40114 PraisonAI has Server-Side Request Forgery via Unvalidated webhook_url in Jobs API

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhookurl in the request body with no URL validation. When a submitted job completes success or failure, the server makes an HTTP POST request to this URL using httpx.AsyncClient. An...

7.2CVSS0.00063EPSS
Exploits1References1
OSV
OSVadded 2026/03/27 6:31 a.m.2 views

GHSA-MHRG-94VW-45C5 Spring AI: Insufficient Validation causes SSRF when processing multimodal messages with user-supplied URLs

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery SSRF vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests...

8.6CVSS5.9AI score0.00081EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/02/19 6:38 p.m.1 views

CVE-2026-27472

SPIP before 4.4.9 allows Blind Server-Side Request Forgery SSRF via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is a valid remote URL, allowing an authenticated attacker to make the server issue requests to arbitra...

5.3CVSS5.9AI score0.00063EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologiesadded 2026/01/01 12:0 a.m.1 views

PT-2026-20913

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9 Description SPIP versions before 4.4.9 contain a Blind Server-Side Request Forgery SSRF issue related to syndicated sites within the private area. The application does not validate the syndication URL when editing ...

5.3CVSS5.5AI score0.00063EPSS
Exploits0References8
Veracode
Veracodeadded 2025/12/13 4:20 a.m.2 views

Open Redirect

Liferay Portal is vulnerable to Open Redirect. The vulnerability is due to improper validation of the comliferaylayoutadminwebportletGroupPagesPortletredirect parameter in the page administration module, which allows an attacker to redirect users to arbitrary external URLs...

6.9CVSS5.9AI score0.0004EPSS
Exploits0References4Affected Software1
CNNVD
CNNVDadded 2021/08/03 12:0 a.m.1 views

Liferay Portal 和 Liferay DXP 输入验证错误漏洞

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

6.1CVSS5.7AI score0.00356EPSS
Exploits0References2
Rows per page
Query Builder