CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9840 matches found

NVD•added 2026/03/07 4:15 a.m.•3 views

CVE-2026-30247

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery SSRF through HTTP redirects. While the backend implements comprehensive UR...

7.5CVSS0.00027EPSS

Exploits1References1

ATTACKERKB•added 2026/03/07 3:33 a.m.•4 views

CVE-2026-30247

5.9CVSS5.7AI score0.00027EPSS

Exploits1References2Affected Software1

CVE•added 2026/03/07 3:33 a.m.•10 views

CVE-2026-30247

WeKnora (LLM-powered document framework) prior to version 0.2.12 is vulnerable to SSRF via HTTP redirects during the Import document via URL flow. Backend URL validation blocks private IPs, loopback, reserved hostnames, and cloud metadata, but redirect targets are not validated, enabling bypass t...

7.5CVSS5.7AI score0.00027EPSS

Exploits1References1Affected Software1

OSV•added 2026/03/07 3:33 a.m.•2 views

CVE-2026-30247 WeKnora: SSRF via Redirection

5.9CVSS5.7AI score0.00027EPSS

Exploits1References3

Vulnrichment•added 2026/03/07 3:33 a.m.•3 views

CVE-2026-30247 WeKnora: SSRF via Redirection

5.9CVSS5.7AI score0.00027EPSS

Exploits1References1

Cvelist•added 2026/03/07 3:33 a.m.•26 views

CVE-2026-30247 WeKnora: SSRF via Redirection

5.9CVSS0.00027EPSS

Exploits1References1

RedhatCVE•added 2026/03/07 1:44 a.m.•2 views

CVE-2026-28456

OpenClaw versions 2026.1.5 prior to 2026.2.14 contain a vulnerability in the Gateway in which it does not sufficiently constrain configured hook module paths before passing them to dynamic import, allowing code execution. An attacker with gateway configuration modification access can load and...

8.6CVSS5.9AI score0.00101EPSS

Exploits0References1

RedhatCVE•added 2026/03/07 1:44 a.m.•2 views

CVE-2026-28450

OpenClaw versions prior to 2026.2.12 with the optional Nostr plugin enabled expose unauthenticated HTTP endpoints at /api/channels/nostr/:accountId/profile and /api/channels/nostr/:accountId/profile/import that allow reading and modifying Nostr profiles without gateway authentication. Remote...

8.3CVSS5.8AI score0.00124EPSS

Exploits0References1

SUSE CVE•added 2026/03/07 12:26 a.m.•1 views

SUSE CVE-2026-23925

An authenticated Zabbix user User role with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even...

5.1CVSS5.8AI score0.00015EPSS

Exploits0References3

CNNVD•added 2026/03/07 12:0 a.m.•2 views

WeKnora 代码问题漏洞

WeKnora is an open-source framework based on LLM developed by Tencent. It features deep document understanding using the RAG paradigm, semantic retrieval, and context-aware answers. Versions of WeKnora prior to 0.2.12 contained code vulnerabilities. These vulnerabilities stemmed from a server-sid...

7.5CVSS7.4AI score0.00027EPSS

Exploits1References2

OSV•added 2026/03/06 10:16 p.m.•2 views

GHSA-3FVX-XRXQ-8JVV soft-serve vulnerable to SSRF via unvalidated LFS endpoint in repo import

While auditing the codebase in the wake of the webhook SSRF fix shipped in v0.11.1 GHSA-vwq2-jx9q-9h9f, it was identified that the LFS import path was never given the same treatment. The webhook fix introduced dual-layer SSRF protection — ValidateWebhookURL at creation time and secureHTTPClient...

9.1CVSS6AI score0.00024EPSS

Exploits1References5

Github Security Blog•added 2026/03/06 10:16 p.m.•6 views

soft-serve vulnerable to SSRF via unvalidated LFS endpoint in repo import

9.1CVSS6AI score0.00024EPSS

Exploits1References5Affected Software1

Snyk•added 2026/03/06 10:16 p.m.•3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the --lfs-endpoint parameter during repository import. An attacker can cause the server to send HTTP requests to internal or private IP addresses, potentially accessing sensitive internal services or...

9.1CVSS5.8AI score0.00024EPSS

Exploits1References2

NVD•added 2026/03/06 8:16 p.m.•3 views

CVE-2026-30844

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...

9.3CVSS0.0004EPSS

Exploits0References3

RedhatCVE•added 2026/03/06 7:45 p.m.•4 views

CVE-2026-30791

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient Config import, URI scheme handler, CLI --config modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated wit...

8.7CVSS5.8AI score0.00024EPSS

Exploits1References1

RedhatCVE•added 2026/03/06 7:45 p.m.•5 views

CVE-2026-30797

Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, config import modules allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files...

9.3CVSS5.8AI score0.00064EPSS

Exploits1References1