Lucene search
K

22 matches found

NVD
NVD
‱added 4 days ago‱8 views

CVE-2026-55187

Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shipped for CVE-2026-27808 is incomplete because the tools.IsInternalIP deny-list in internal/tools/net.go relies on Go's standard library classification helpers and does not block IPv6 transition mechanisms...

5.8CVSS0.00282EPSS
Exploits0References3
RedHat Linux
RedHat Linux
‱added 2026/07/02 12:3 a.m.‱6 views

Next.js: Next.js: Server-Side Request Forgery via crafted WebSocket upgrade requests

A flaw was found in Next.js. Self-hosted applications utilizing the built-in Node.js server are vulnerable to Server-Side Request Forgery SSRF through specially crafted WebSocket upgrade requests. A remote attacker can exploit this by causing the server to proxy requests to arbitrary internal or...

8.6CVSS6AI score0.38811EPSS
Exploits9References5
NVD
NVD
‱added 2026/06/23 9:17 p.m.‱9 views

CVE-2026-53930

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the base-migration endpoint accepted a caller-supplied URL that the migration worker dereferenced without enforcing protocol or destination, allowing scheme abuse file:, ftp:, etc. and probing of internal HTTP...

5.1CVSS0.00288EPSS
Exploits0References1
CVE
CVE
‱added 2026/06/23 7:42 p.m.‱15 views

CVE-2026-53930

The CVE describes a Server-Side Request Forgery in NocoDB via the base-migration endpoint. A caller-supplied migration URL could be dereferenced by the migration worker without enforcing protocol or destination, enabling scheme abuse (file:, ftp:, etc.) and probing of internal HTTP destinations. ...

5.1CVSS5.9AI score0.00288EPSS
Exploits0References1
CVE
CVE
‱added 2026/06/10 5:16 p.m.‱61 views

CVE-2026-20252

Splunk Enterprise and Splunk Cloud Platform are affected by CVE-2026-20252 due to an SSRF in Dashboard Studio PDF export. A low-privilege user (not admin/power role) can cause server-side requests to arbitrary internal destinations by abusing the PDF export feature. Root cause: trusted-domain val...

7.6CVSS5.6AI score0.00255EPSS
Exploits0References1Affected Software1
CVE
CVE
‱added 2026/05/27 5:1 p.m.‱21 views

CVE-2026-48128

Budibase prior to 3.39.0 is vulnerable to SSRF via the executeQuery automation step. The executeQuery step accepts a queryId from automation inputs and forwards it to the query execution controller without additional validation. When a REST datasource targets internal infrastructure, this can cau...

5.1CVSS6AI score0.00329EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
‱added 2026/05/20 1:25 a.m.‱11 views

CVE-2026-6394

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the importdemo function accepting a user-supplied URL in the demojsonfile POST parameter and...

5.4CVSS5.9AI score0.00316EPSS
Exploits0References8
Github Security Blog
Github Security Blog
‱added 2026/04/10 12:30 a.m.‱6 views

Duplicate Advisory: OpenClaw: SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions (Incomplete Fix for CVE-2026-28476)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rhfg-j8jq-7v2h. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fa...

5.7AI score
Exploits0References5Affected Software1
NVD
NVD
‱added 2026/04/09 10:16 p.m.‱8 views

CVE-2026-35629

OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch calls against configured endpoints to rebind requests to blocked internal...

7.4CVSS0.00244EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
‱added 2026/04/09 9:27 p.m.‱2 views

CVE-2026-35629

OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch calls against configured endpoints to rebind requests to blocked internal...

7.4CVSS5.9AI score0.00244EPSS
Exploits0References4
Cvelist
Cvelist
‱added 2026/04/09 9:27 p.m.‱24 views

CVE-2026-35629 OpenClaw < 2026.3.25 - Server-Side Request Forgery via Unguarded Configured Base URLs in Channel Extensions

OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch calls against configured endpoints to rebind requests to blocked internal...

7.4CVSS0.00244EPSS
Exploits0References3
CVE
CVE
‱added 2026/04/09 9:27 p.m.‱12 views

CVE-2026-35629

CVE-2026-35629 affects OpenClaw before version 2026.3.25. The issue is SSRF via unguarded configured base URLs in multiple channel extensions, where unprotected fetch() calls can rebinding requests to blocked internal destinations and access restricted resources. Impact per sources is limited to ...

7.4CVSS5.9AI score0.00244EPSS
Exploits0References3Affected Software1
OSV
OSV
‱added 2026/03/27 6:31 a.m.‱3 views

GHSA-MHRG-94VW-45C5 Spring AI: Insufficient Validation causes SSRF when processing multimodal messages with user-supplied URLs

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery SSRF vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests...

8.6CVSS5.9AI score0.00353EPSS
Exploits0References6
OSV
OSV
‱added 2026/03/23 8:36 p.m.‱4 views

GHSA-JH46-85JR-6PH9 Connect CMS has SSRF in the External Page Migration Feature of its Page Management Plugin

Security Advisory — Page Management Plugin SSRF Summary A Server-Side Request Forgery SSRF issue exists in the external page migration feature of the Page Management Plugin. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1 Description In the...

6.8CVSS5.8AI score0.00347EPSS
Exploits0References7
SUSE CVE
SUSE CVE
‱added 2026/03/04 12:26 a.m.‱3 views

SUSE CVE-2026-26957

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: Upon further research, the maintainer determined that the behavior described by the CVE record is intended behavior. Per the GitHub Security Advisory: "Libredesk is a single-tenant, self-hosted application. Configuring outbound...

5.5AI score0.00061EPSS
Exploits0References3
NVD
NVD
‱added 2026/02/20 12:16 a.m.‱6 views

CVE-2026-26957

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: Upon further research, the maintainer determined that the behavior described by the CVE record is intended behavior. Per the GitHub Security Advisory: "Libredesk is a single-tenant, self-hosted application...

0.00061EPSS
Exploits0
Vulnrichment
Vulnrichment
‱added 2026/02/19 11:30 p.m.‱3 views

CVE-2026-26957

...

5.4AI score0.00061EPSS
Exploits0
ATTACKERKB
ATTACKERKB
‱added 2026/02/19 11:30 p.m.‱4 views

CVE-2026-26957

Libredesk is a self-hosted customer support desk application. Versions prior to 1.0.2-0.20260215211005-727213631ce6 fail to validate destination URLs for webhooks, allowing an attacker posing as an authenticated "Application Admin" to force the server to make HTTP requests to arbitrary internal...

6.9CVSS5.8AI score0.00061EPSS
Exploits0References3Affected Software1
OSV
OSV
‱added 2026/02/19 11:30 p.m.‱8 views

CVE-2026-26957 Libredesk has an SSRF Vulnerability via Webhooks

Libredesk is a self-hosted customer support desk application. Versions prior to 1.0.2-0.20260215211005-727213631ce6 fail to validate destination URLs for webhooks, allowing an attacker posing as an authenticated "Application Admin" to force the server to make HTTP requests to arbitrary internal...

6.9CVSS5.7AI score0.00061EPSS
Exploits0References4
CVE
CVE
‱added 2026/02/19 11:30 p.m.‱12 views

CVE-2026-26957

CVE-2026-26957 is rejected and does not represent an active vulnerability entry.

5.8AI score0.00061EPSS
Exploits0
Rows per page
Query Builder