Lucene search
K

355 matches found

OSV
OSV
added 2026/04/16 12:54 a.m.22 views

GHSA-GMWR-9J4P-96VM ProcessWire: server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature

ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...

6.8CVSS5.9AI score0.00385EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/13 8:32 p.m.5 views

CVE-2026-33659

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery SSRF via a DNS rebinding TOCTOU condition. Host validation uses dnsgetrecord but the actual HTTP...

3.5CVSS6.4AI score0.00333EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/04/10 4:39 p.m.25 views

CVE-2026-40100 FastGPT has Unauthenticated SSRF in /api/core/app/mcpTools/runTool via missing CHECK_INTERNAL_IP default

FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool endpoint accepts arbitrary URLs without authentication. The internal IP check in isInternalAddress only blocks private IPs when CHECKINTERNALIP=true, which is not the default. This allows...

5.3CVSS0.00253EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/10 4:39 p.m.4 views

CVE-2026-40100 FastGPT has Unauthenticated SSRF in /api/core/app/mcpTools/runTool via missing CHECK_INTERNAL_IP default

FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool endpoint accepts arbitrary URLs without authentication. The internal IP check in isInternalAddress only blocks private IPs when CHECKINTERNALIP=true, which is not the default. This allows...

5.3CVSS5.9AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/07 5:3 p.m.4 views

CVE-2026-33752

curlcffi is the a Python binding for curl. Prior to 0.15.0, curlcffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect requests to internal services such as cloud metadata...

8.6CVSS5.9AI score0.00463EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/03 9:36 p.m.11 views

curl_cffi: Redirect-based SSRF leads to internal network access in curl_cffi (with TLS impersonation bypass)

Summary curlcffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect requests to internal services such as cloud metadata endpoints. In addition, curlcffi’s TLS impersonation...

8.6CVSS5.9AI score0.00463EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.8 views

CVE-2025-55276

HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability will give attackers a clearer map of the organization’s network layout...

5.3CVSS5.9AI score0.00202EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/26 8:4 p.m.29 views

CVE-2026-33644 Lychee has SSRF bypass via DNS rebinding — PhotoUrlRule only validates IP addresses, not hostnames resolving to internal IPs

Lychee is a free, open-source photo-management tool. Prior to version 7.5.2, the SSRF protection in PhotoUrlRule.php can be bypassed using DNS rebinding. The IP validation check line 86-89 only activates when the hostname is an IP address. When a domain name is used, filtervar$host,...

2.3CVSS0.00217EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/26 8:4 p.m.6 views

CVE-2026-33644 Lychee has SSRF bypass via DNS rebinding — PhotoUrlRule only validates IP addresses, not hostnames resolving to internal IPs

Lychee is a free, open-source photo-management tool. Prior to version 7.5.2, the SSRF protection in PhotoUrlRule.php can be bypassed using DNS rebinding. The IP validation check line 86-89 only activates when the hostname is an IP address. When a domain name is used, filtervar$host,...

2.3CVSS5.8AI score0.00217EPSS
Exploits1References2
CVE
CVE
added 2026/03/26 8:4 p.m.17 views

CVE-2026-33644

CVE-2026-33644 describes an SSRF bypass in Lychee prior to 7.5.2. The issue lies in the PhotoUrlRule.php validation: the IP address check (lines 86–89) activates only when the hostname is an IP, so domain names resolve to internal IPs and bypass the check, enabling potential SSRF. A patch is avai...

4.3CVSS5.8AI score0.00217EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 12:46 p.m.1 views

CVE-2025-55276 HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability

HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability will give attackers a clearer map of the organization’s network layout...

3.1CVSS5.8AI score0.00202EPSS
Exploits0References1
NVD
NVD
added 2026/03/24 6:16 p.m.19 views

CVE-2026-33399

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validatewebhookurlforssrf protection was added to the test notification endpoints but not to the...

7.7CVSS0.00282EPSS
Exploits3References2
Cvelist
Cvelist
added 2026/03/24 5:43 p.m.22 views

CVE-2026-33399 Wallos: SSRF Bypass - Incomplete Fix for CVE-2026-30839/30840

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validatewebhookurlforssrf protection was added to the test notification endpoints but not to the...

7.7CVSS0.00282EPSS
Exploits3References2
OSV
OSV
added 2026/03/24 5:43 p.m.5 views

CVE-2026-33399 Wallos: SSRF Bypass - Incomplete Fix for CVE-2026-30839/30840

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validatewebhookurlforssrf protection was added to the test notification endpoints but not to the...

7.7CVSS5.8AI score0.00282EPSS
Exploits3References4
Vulnrichment
Vulnrichment
added 2026/03/24 5:43 p.m.5 views

CVE-2026-33399 Wallos: SSRF Bypass - Incomplete Fix for CVE-2026-30839/30840

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validatewebhookurlforssrf protection was added to the test notification endpoints but not to the...

7.7CVSS7.2AI score0.00497EPSS
Exploits3References2
EUVD
EUVD
added 2026/03/24 5:43 p.m.3 views

EUVD-2026-14945

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validatewebhookurlforssrf protection was added to the test notification endpoints but not to the...

8.8CVSS7.2AI score0.00497EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2026/03/24 5:43 p.m.5 views

CVE-2026-33399

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validatewebhookurlforssrf protection was added to the test notification endpoints but not to the...

8.8CVSS7.2AI score0.00497EPSS
Exploits3References3Affected Software1
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.17 views

Wallos 代码问题漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.7.0 had code vulnerabilities. These vulnerabilities stemmed from incomplete SSRF protections, and the save endpoint did not apply the validatewebhookurlforssrf protection. This allowe...

7.7CVSS7.4AI score0.00282EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.8 views

PT-2026-27468

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validate webhook url for ssrf protection was added to the test notification endpoints but not to the...

7.7CVSS5.7AI score0.00282EPSS
Exploits3References6
Vulnrichment
Vulnrichment
added 2026/03/02 4:28 p.m.4 views

CVE-2025-64427 ZimaOS is vulnerable to Server-Side Request Forgery (SSRF)

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses e.g., 127.0.0.1, localhost, or...

7.1CVSS5.9AI score0.00238EPSS
Exploits1References1
Rows per page
Query Builder