Lucene search
K

315 matches found

ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-57501

Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load a page-controlled link URL with the System principal instead of the originating page's principal, allowing a malicious web page to place a link t...

6AI score
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-59703 repomix - Local File Inclusion via file:// URL Scheme in Git Clone Endpoint

repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file://...

8.7CVSS0.00386EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 4:30 a.m.37 views

CVE-2026-11397 WP Import Export Lite <= 3.9.30 - Authenticated (Administrator+) Server-Side Request Forgery via 'file_url' Parameter

The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 3.9.30 via the wpieimportuploadfilefromurl AJAX action. The plugin's URL downloader first calls wpsaferemoteget which correctly blocks private/reserved IP ranges, but wh...

5.5CVSS0.00235EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/22 12:31 a.m.9 views

EUVD-2026-38199

A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the component File URL Handler. The manipulation results in server-side request forgery. The attack can be...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References6
NVD
NVD
added 2026/06/21 11:16 p.m.11 views

CVE-2026-12813

A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the component File URL Handler. The manipulation results in server-side request forgery. The attack can be...

6.5CVSS0.00201EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/21 10:30 p.m.5 views

CVE-2026-12813

A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the component File URL Handler. The manipulation results in server-side request forgery. The attack can be...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References5
CVE
CVE
added 2026/06/21 10:30 p.m.11 views

CVE-2026-12813

Affected software: activepieces (

6.5CVSS6.2AI score0.00201EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/21 10:30 p.m.28 views

CVE-2026-12813 activepieces File URL file.ts handleUrlFile server-side request forgery

A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the component File URL Handler. The manipulation results in server-side request forgery. The attack can be...

6.5CVSS0.00201EPSS
Exploits0References5
NVD
NVD
added 2026/06/19 6:17 a.m.14 views

CVE-2026-4328

The Advanced Import plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.6. This is due to the plugin using wpremoteget to fetch a user-supplied URL without validating that the URL does not point to internal or private network resources in th...

6.4CVSS0.00208EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.11 views

CVE-2026-10690

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component readfile. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.11 views

CVE-2026-6604

A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...

7.5CVSS6.7AI score0.00284EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 7:36 p.m.11 views

GHSA-GQ96-5PFX-F4VC Shopware: SSRF in Media External-Link Endpoint Bypasses IP Validation

Summary The /api/action/media/external-link endpoint allows authenticated admin users to make server-side HTTP HEAD requests to arbitrary internal IP addresses. While the parallel uploadFromURL flow validates target IPs against private/reserved ranges via FileUrlValidator, the linkURL flow only...

4.1CVSS5.9AI score0.00051EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/03 12:30 a.m.12 views

EUVD-2026-34037

A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blendermcp/server.py of the component ZIP File Handler. The manipulation of the argument zipfileurl results in server-side request...

6.5CVSS5.4AI score0.00227EPSS
Exploits0References9
NVD
NVD
added 2026/06/02 11:16 p.m.16 views

CVE-2026-10662

A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blendermcp/server.py of the component ZIP File Handler. The manipulation of the argument zipfileurl results in server-side request...

6.5CVSS0.00227EPSS
Exploits0References8
CVE
CVE
added 2026/06/02 10:0 p.m.23 views

CVE-2026-10662

The CVE concerns ahujasid blender-mcp (up to commit 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b) and targets the ZIP File Handler’s server.py, specifically the requests.get usage. Flaw: manipulation of the argument zip_file_url enables server-side request forgery (SSRF). Impact is described as remot...

6.5CVSS6.1AI score0.00227EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.20 views

PT-2026-45884

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read file. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References8
NVD
NVD
added 2026/05/26 4:16 p.m.15 views

CVE-2026-43936

e107 is a content management system CMS. Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "Media Manager" on the administrator screen. This vulnerability is fixed in 2.3.4...

4.3CVSS0.00193EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/26 2:51 p.m.10 views

EUVD-2026-31847

e107 is a content management system CMS. Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "Media Manager" on the administrator screen. This vulnerability is fixed in 2.3.4...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/21 9:35 p.m.15 views

Server-side Request Forgery (SSRF)

Overview pydantic-ai-slim is an Agent Framework / shim to use Pydantic with LLMs, slim package Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via incomplete blocklist in isprivateip function when forcedownload='allow-local' is enabled. An attacker can access...

8.6CVSS6.6AI score0.00579EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.15 views

PT-2026-38387

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.32.0 Description Anonymous callers can access the '/forms/chromium/convert/url' and '/forms/chromium/screenshot/url' endpoints using the url parameter with the file:///tmp/ scheme. While a deny-list exists to...

5.9CVSS5.9AI score0.00251EPSS
Exploits1References6
Rows per page
Query Builder