Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5 matches found

EUVD
EUVDadded 2025/11/13 6:31 p.m.1 views

EUVD-2025-175319

Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c 2025-06-02 contains a Server-Side Request Forgery SSRF vulnerability in the game export API. The players parameter is passed directly to an internal HTTP client without validation, allowing remote attackers to force the server to...

6.5CVSS6.6AI score0.00231EPSS
Exploits1References3
OSV
OSVadded 2025/11/13 4:15 p.m.1 views

CVE-2025-52186

Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c 2025-06-02 contains a Server-Side Request Forgery SSRF vulnerability in the game export API. The players parameter is passed directly to an internal HTTP client without validation, allowing remote attackers to force the server to...

6.5CVSS5.9AI score
Exploits0References2
CVE
CVEadded 2025/11/13 12:0 a.m.5 views

CVE-2025-52186

Summary: CVE-2025-52186 affects Lichess Lila (before commit 11b4c0fb00f0ffd823246f839627005459c8f05c) with a Server-Side Request Forgery (SSRF) in the game export API. The players parameter is passed directly to an internal HTTP client without validation, allowing a remote attacker to compel the ...

6.5CVSS6.7AI score0.00231EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2025/11/13 12:0 a.m.2 views

CVE-2025-52186

Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c 2025-06-02 contains a Server-Side Request Forgery SSRF vulnerability in the game export API. The players parameter is passed directly to an internal HTTP client without validation, allowing remote attackers to force the server to...

6.7AI score0.00231EPSS
Exploits1References2
Hacker One
Hacker Oneadded 2025/05/28 9:36 a.m.316 views

Lichess: Server-Side Request Forgery (SSRF) via Game Export API

The Lichess game export API was found to be vulnerable to Server-Side Request Forgery SSRF due to insufficient input validation of the "players" parameter. This allowed an attacker to make the Lichess server send arbitrary HTTP requests to external URLs, potentially exposing sensitive information...

7.1AI score
Exploits0
Rows per page
Query Builder