Lucene search
K

91 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/27 12:0 a.m.1 views

CVE-2026-30637

Server-Side Request Forgery SSRF vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to internal services or any remote server...

6AI score0.00499EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.6 views

CVE-2026-32133

2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server to internal networks and cloud metadata endpoints. Th...

9.1CVSS5.9AI score0.00505EPSS
Exploits1References1
NVD
NVD
added 2026/03/10 10:16 p.m.7 views

CVE-2026-31829

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including...

8.8CVSS0.023EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/09 8:1 a.m.6 views

CVE-2026-27796

Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service...

7.5CVSS5.7AI score0.004EPSS
Exploits1References1
CVE
CVE
added 2026/03/07 5:54 a.m.15 views

CVE-2026-27796

Summary: Vulnerability in Homarr prior to v1.54.0 where the integration.all tRPC endpoint was exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations (internal URLs, names, service types). This information disclosure impact is stated as ...

7.5CVSS5.7AI score0.004EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/07 5:54 a.m.33 views

CVE-2026-27796 Homarr: Unauthenticated Information Disclosure (Integration Metadata Leak)

Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service...

5.3CVSS0.004EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/07 5:54 a.m.5 views

EUVD-2026-10114

Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service...

5.3CVSS5.7AI score0.004EPSS
Exploits1References3
OSV
OSV
added 2026/03/07 5:54 a.m.4 views

CVE-2026-27796 Homarr: Unauthenticated Information Disclosure (Integration Metadata Leak)

Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service...

5.3CVSS5.7AI score0.004EPSS
Exploits1References5
OSV
OSV
added 2026/02/25 7:8 p.m.4 views

GHSA-3C45-4PJ5-CH7M changedetection.io is Vulnerable to SSRF via Watch URLs

Summary Changedetection.io is vulnerable to Server-Side Request Forgery SSRF because the URL validation function issafevalidurl does not validate the resolved IP address of watch URLs against private, loopback, or link-local address ranges. An authenticated user or any user when no password is...

8.6CVSS5.8AI score0.00445EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.9 views

PT-2026-21762

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 22.0 Description AVideo is an open source video platform. The aVideoEncoder.json.php API endpoint accepts a downloadURL parameter and fetches the referenced resource server-side without proper validation or an...

8.6CVSS5.5AI score0.00235EPSS
Exploits0References10
NVD
NVD
added 2026/02/11 5:16 p.m.8 views

CVE-2026-25084

Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs...

9.8CVSS0.00732EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/11 4:11 p.m.4 views

CVE-2026-25084

Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs...

9.8CVSS5.4AI score0.00732EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.7 views

PT-2026-7621

Name of the Vulnerable Software and Affected Versions ZLAN5143D affected versions not specified Description Authentication for the device can be bypassed by directly accessing internal URLs. Recommendations At the moment, there is no information about a newer version that contains a fix for this...

9.8CVSS5.4AI score0.00732EPSS
Exploits0References10
NVD
NVD
added 2026/02/09 8:15 p.m.9 views

CVE-2026-25492

Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveimagesAsset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...

6.5CVSS0.00419EPSS
Exploits1References3
CVE
CVE
added 2026/02/09 7:33 p.m.16 views

CVE-2026-25492

Craft CMS versions 3.5.0–4.16.17 and 5.0.0-RC1–5.8.21 are affected. The save_images_Asset GraphQL mutation can be abused to fetch internal URLs by supplying a domain resolving to an internal IP, bypassing hostname validation. If a non-image file extension (e.g., .txt) is allowed, downstream image...

6.5CVSS5.5AI score0.00419EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/21 10:51 p.m.7 views

CVE-2026-24048

Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the FetchUrlReader component, used by the catalog and other...

3.5CVSS5.5AI score0.00201EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/11/29 1:26 a.m.5 views

EUVD-2025-199888

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...

8.6CVSS6.2AI score0.00255EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/18 1:54 p.m.4 views

CVE-2025-12376 Icon List Block – Add Icon-Based Lists with Custom Styles <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery

The Icon List Block – Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fsapirequest function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

6.4CVSS5.4AI score0.00165EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/24 12:33 p.m.4 views

CVE-2025-11128

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.1.0 via the 'feedzysanitizefeeds' function. This makes it possible for authenticated attackers...

5CVSS5.8AI score0.00267EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/24 9:23 a.m.14 views

CVE-2025-12136 Real Cookie Banner: GDPR & ePrivacy Cookie Consent <= 5.2.4 - Authenticated (Admin+) Server-Side Request Forgery via scan-without-login Endpoint

The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the user-supplied URL in the '/scanner/scan-without-login' REST API endpoint. This makes ...

6.8CVSS0.00358EPSS
Exploits0References7
Rows per page
Query Builder