Lucene search
K

102 matches found

NVD
NVD
added 2 days ago9 views

CVE-2026-49969

Laravel-Mediable before 7.0.0 contains a server-side request forgery vulnerability that allows remote attackers to issue arbitrary HTTP requests from the server by supplying unvalidated caller-controlled URLs to endpoints backed by MediaUploader::fromSource. Attackers can craft URLs targeting...

7.4CVSS0.00241EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-49969 Laravel-Mediable < 7.0.0 SSRF via RemoteUrlAdapter URL Handling

Laravel-Mediable before 7.0.0 contains a server-side request forgery vulnerability that allows remote attackers to issue arbitrary HTTP requests from the server by supplying unvalidated caller-controlled URLs to endpoints backed by MediaUploader::fromSource. Attackers can craft URLs targeting...

7.4CVSS0.00241EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago7 views

Malicious code in antsrcsrctest (npm)

The npm package antsrcsrctest masquerades as a "simple date formatting utility" index.js exports a harmless formatDate function that is never referenced by the malicious code but is a credential-harvesting and cloud-metadata-stealing reconnaissance tool. It declares a preinstall: node preinstall....

6.1AI score
Exploits0References2
NVD
NVD
added 2026/07/07 8:16 p.m.6 views

CVE-2026-58468

NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin...

5.5CVSS0.002EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/07/07 7:27 p.m.5 views

CVE-2026-58468 NocoBase 2.1.20 Server-Side Request Forgery via serverRequest wrapper

NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin...

5.5CVSS6.1AI score0.002EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/07 7:27 p.m.30 views

CVE-2026-58468 NocoBase 2.1.20 Server-Side Request Forgery via serverRequest wrapper

NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin...

5.5CVSS0.002EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 11:45 a.m.3 views

PYSEC-2026-1516 Server-Side Request Forgery in langchain-community.retrievers.web_research.WebResearchRetriever

A Server-Side Request Forgery SSRF vulnerability exists in the Web Research Retriever component in langchain-community langchain-community.retrievers.webresearch.WebResearchRetriever. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet...

4.8CVSS6.7AI score0.00691EPSS
Exploits1References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 7:9 a.m.7 views

Malicious code in ledgerflow-deploy-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f0097d19be676ac30ff79dffcff38f128873c80115a8a150c3eceff0422aa93 On npm install, the package's postinstall script queries the AWS instance metadata service IMDSv1 at 169.254.169.254 for the attached IAM role and...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/06/29 7:9 a.m.7 views

MAL-2026-6591 Malicious code in ledgerflow-deploy-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f0097d19be676ac30ff79dffcff38f128873c80115a8a150c3eceff0422aa93 On npm install, the package's postinstall script queries the AWS instance metadata service IMDSv1 at 169.254.169.254 for the attached IAM role and...

5.8AI score
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 4:7 p.m.29 views

CVE-2026-55412 ToolJet Cloud - SSRF to Azure Cloud Infrastructure Compromise

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only...

8.3CVSS0.00193EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 11:55 p.m.11 views

MAL-2026-5535 Malicious code in zer0onedate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 106494bfe4420962c30d8b3989a1397d197f277079c71b8d15695c9128d72399 On npm install, postinstall.js executes a chain of curl commands that read cloud instance metadata service IMDS endpoints — AWS...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 11:55 p.m.13 views

Malicious code in zer0onedate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 106494bfe4420962c30d8b3989a1397d197f277079c71b8d15695c9128d72399 On npm install, postinstall.js executes a chain of curl commands that read cloud instance metadata service IMDS endpoints — AWS...

5.5AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.14 views

CVE-2026-39910

STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...

9.8CVSS5.6AI score0.00302EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 5:16 p.m.11 views

CVE-2026-39910

STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...

9.8CVSS0.00302EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/08 4:16 p.m.11 views

CVE-2026-39910 STACKIT IaaS API Privilege Escalation via Service Account Attachment

STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...

9.8CVSS5.6AI score0.00302EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 4:16 p.m.44 views

CVE-2026-39910 STACKIT IaaS API Privilege Escalation via Service Account Attachment

STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...

9.8CVSS0.00302EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.18 views

PT-2026-47345

Name of the Vulnerable Software and Affected Versions STACKIT IaaS API affected versions not specified Description A missing authorization check allows authenticated, low-privileged attackers to escalate privileges to full organization compromise. By exploiting the unvalidated 'PUT servers...

9.8CVSS5.2AI score0.00302EPSS
Exploits0References5
NVD
NVD
added 2026/06/01 9:16 a.m.15 views

CVE-2026-10241

A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. T...

6.5CVSS0.0027EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/01 8:30 a.m.11 views

CVE-2026-10241 jeecgboot The server processes these URLs Cloud Instance Metadata Endpoint debug FileDownloadUtils.download2DiskFromNet server-side request forgery

A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. T...

6.5CVSS5.4AI score0.0027EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 8:30 a.m.11 views

CVE-2026-10241

A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. T...

6.5CVSS6.2AI score0.0027EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder