Lucene search
K

15505 matches found

NVD
NVD
added 1 hour ago5 views

CVE-2026-54562

Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, Cloudreve's remote download workflow accepts user-supplied URLs at POST /api/v4/workflow/download and passes them to the configured downloader without blocking loopback, localhost, IPv6 localhost, or...

6.5CVSS
Exploits0References3
CVE
CVE
added 1 hour ago4 views

CVE-2026-45806

Penpot before 2.15.0 vulnerable to authenticated SSRF in remote image import. The flow passes a user-controlled URL from frontend to the backend RPC method create-file-media-object-from-url, where media/download-image uses a shared HTTP client without destination filtering, allowing an authentica...

7.7CVSS6.2AI score0.00032EPSS
Exploits1References2
Cvelist
Cvelist
added 2 hours ago7 views

CVE-2026-54562 Cloudreve: Non-admin remote download users can SSRF loopback/internal services and read imported responses

Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, Cloudreve's remote download workflow accepts user-supplied URLs at POST /api/v4/workflow/download and passes them to the configured downloader without blocking loopback, localhost, IPv6 localhost, or...

6.5CVSS
Exploits0References3
CVE
CVE
added 2 hours ago7 views

CVE-2026-54562

Cloudreve CVE-2026-54562 affects the self-hosted file management system. Prior to version 4.16.1, the remote download workflow at POST /api/v4/workflow/download passes user-supplied URLs to the downloader without blocking loopback/localhost/IPv6 localhost or redirect-to-loopback targets. This all...

6.5CVSS6.2AI score
Exploits0References3
CVE
CVE
added 2 hours ago7 views

CVE-2026-61646

FastGPT before 4.15.0-beta5 has an SSRF flaw in its shared guard: it validates only the initial request URL and then passes the request to axios, which follows redirects. An authenticated workflow user can configure an HTTP request node to reach attacker-controlled public URLs that redirect to in...

6.3CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 5 hours ago3 views

CVE-2026-61430 PraisonAI before 1.6.78 DNS Rebinding SSRF via web_crawl

PraisonAI before 1.6.78 contains a server-side request forgery vulnerability in the webcrawl tool that validates hostnames at check time but re-resolves them at connection time without IP pinning. Attackers can use DNS rebinding to bypass SSRF protection and retrieve internal HTTP response bodies...

8.5CVSS
Exploits0References2
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-44639

PraisonAI before 1.6.78 contains a server-side request forgery vulnerability in the webcrawl tool that validates hostnames at check time but re-resolves them at connection time without IP pinning. Attackers can use DNS rebinding to bypass SSRF protection and retrieve internal HTTP response bodies...

8.5CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 9 hours ago10 views

CVE-2026-15583 SSRF (confused deputy) in Grafana MCP Server via X-Grafana-URL header

A confused-deputy flaw in Grafana MCP Server allows an unauthenticated remote attacker to exfiltrate the server's environment-configured Grafana service-account token by supplying a crafted X-Grafana-URL request header. This also enables SSRF against arbitrary internal services, including cloud...

8.6CVSS
Exploits0References1
CVE
CVE
added 9 hours ago16 views

CVE-2026-15583

Grafana MCP Server is affected by CVE-2026-15583, a confusion-deputy vulnerability that allows an unauthenticated remote attacker to exfiltrate the server’s Grafana service-account token and perform SSRF via a crafted X-Grafana-URL header. The flaw enables targeting internal services, including c...

8.6CVSS6.2AI score
Exploits0References1
EUVD
EUVD
added 9 hours ago6 views

EUVD-2026-44597

A confused-deputy flaw in Grafana MCP Server allows an unauthenticated remote attacker to exfiltrate the server's environment-configured Grafana service-account token by supplying a crafted X-Grafana-URL request header. This also enables SSRF against arbitrary internal services, including cloud...

8.6CVSS6.2AI score
Exploits0References1
Nuclei
Nuclei
added 12 hours ago14 views

Astro SSR - Server-Side Request Forgery

Astro before 5.17.3 and @astrojs/node before 9.5.4 are vulnerable to full-read SSRF due to improper Host header validation in error page rendering, allowing attackers to redirect requests and access internal resources. id: CVE-2026-25545 info: name: Astro SSR - Server-Side Request Forgery author:...

8.6CVSS6.1AI score0.01414EPSS
Exploits1References3
Nuclei
Nuclei
added 12 hours ago16 views

BrightSign Digital Signage 8.2.26 - Server-Side Request Forgery

Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in the BrightSign digital signage media player affecting the Diagnostic Web Server DWS. The application parses user supplied data in the 'url' GET parameter to construct a diagnostics request to the Download Speed Test service...

6.9CVSS6.1AI score0.0083EPSS
Exploits0References3
Nuclei
Nuclei
added 12 hours ago54 views

EspoCRM <= 9.3.3 - Server-Side Request Forgery

EspoCRM = 9.3.3 contains an authenticated server-side request forgery caused by improper internal-host validation using alternative IPv4 formats in HostCheck::isNotInternalHost, letting authenticated users access internal resources via /api/v1/Attachment/fromImageUrl endpoint. id: CVE-2026-33534...

4.3CVSS6.1AI score0.01978EPSS
Exploits5References2
Nuclei
Nuclei
added 12 hours ago39 views

GitLab CI Lint API - Server-Side Request Forgery

GitLab 10.5 and later contain a server-side request forgery caused by insecure handling of webhook requests, letting unauthenticated attackers exploit the server for arbitrary requests, exploit requires sending crafted webhook requests. id: CVE-2021-22175 info: name: GitLab CI Lint API -...

9.8CVSS7.2AI score0.53372EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago41 views

SillyTavern - Server-Side Request Forgery

SillyTavern versions up to and including 1.17.0 expose the /api/search/searxng endpoint, which accepts an attacker-controlled baseUrl parameter and uses it directly to build outbound server-side fetch requests. An authenticated low-privilege user can point baseUrl at an internal or loopback HTTP...

8.5CVSS6.1AI score0.00866EPSS
Exploits0References2
Nuclei
Nuclei
added 12 hours ago16 views

MagicMirror <= 2.35.0 - Server-Side Request Forgery

An unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment...

9.2CVSS6.2AI score0.01623EPSS
Exploits1References4
Nuclei
Nuclei
added 12 hours ago65 views

Mailpit < 1.28.3 - Server-Side Request Forgery

Mailpit = 1.28.0 contains a server-side request forgery caused by insufficient validation of internal IP addresses in the /proxy endpoint, letting attackers make requests to internal network resources, exploit requires crafted HTTP GET requests. id: CVE-2026-21859 info: name: Mailpit 1.28.3 -...

5.8CVSS6.2AI score0.00755EPSS
Exploits2References2
Nuclei
Nuclei
added 12 hours ago28 views

WordPress <= 6.2 - Server Side Request Forgery

WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. id: CVE-2022-3590 info: name: WordPress = 6.2 - Server Side...

5.9CVSS6.4AI score0.0315EPSS
Exploits5References2
Nuclei
Nuclei
added 12 hours ago23 views

Memos 0.13.2 - Server-Side Request Forgery

SSRF vulnerabilities exist in the memos API service /o/get/httpmeta that allow unauthenticated and authenticated users to enumerate and read from the internal network. In addition, one SSRF vulnerability leads to a reflected XSS vulnerability, which may allow an attacker complete control over the...

5.8CVSS6.3AI score0.01049EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago106 views

XStream <1.4.15 - Server-Side Request Forgery

XStream before 1.4.15 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorize...

7.7CVSS6.9AI score0.82238EPSS
Exploits4References5
Rows per page
Query Builder