17 matches found
CVE-2026-45082
Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...
CVE-2026-45082
Karakeep (elf-hostable bookmark-everything app) has an SSRF protection bypass in versions before 0.32.0. Attackers could abuse crafted HTTP redirects to cause authenticated users to trigger requests from vulnerable components to internally reachable Docker network services. Affected processing pa...
CVE-2026-45082
Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...
EUVD-2026-31826
Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...
CVE-2026-45082 Karakeep has a SSRF Protection Bypass via Redirect Handling
Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...
karakeep 安全漏洞
Karakeep is an open-source bookmarking app developed by Karakeep App. Versions of Karakeep prior to 0.32.0 contained security vulnerabilities. These vulnerabilities stemmed from a SSRF protection that could be bypassed by carefully crafted HTTP redirection chains. Authentication users could enabl...
PT-2026-43257
Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...
SUSE CVE-2026-30247
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery SSRF through HTTP redirects. While the backend implements comprehensive UR...
CVE-2025-34218
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments expose internal Docker containers through the gw Docker instance. The gateway publishes a /meta endpoint which lists every micro‑service container...
CVE-2025-34218
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments expose internal Docker containers through the gw Docker instance. The gateway publishes a /meta endpoint which lists every micro‑service container...
CVE-2025-34218
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments expose internal Docker containers through the gw Docker instance. The gateway publishes a /meta endpoint which lists every micro‑service container...
CVE-2025-34221
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.2.169 and Application prior to version 25.2.1518 VA/SaaS deployments expose every internal Docker container to the network because firewall rules allow unrestricted traffic to the Docker bridge network. Because no...
CVE-2025-34218
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments expose internal Docker containers through the gw Docker instance. The gateway publishes a /meta endpoint which lists every micro‑service container...
CVE-2025-34218 Vasion Print (formerly PrinterLogic) Exposed Internal Docker Instance
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments expose internal Docker containers through the gw Docker instance. The gateway publishes a /meta endpoint which lists every micro‑service container...
CVE-2025-34218
Vasion Print Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 expose internal Docker containers via the gw Docker instance. The gateway’s /meta endpoint lists micro‑services and versions, and the containers are reachable over HTTP/HTTPS without ACLs, authentication, or...
PT-2025-39884
Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.1049 Vasion Print formerly PrinterLogic Application versions prior to 20.0.2786 Description The Vasion Print Virtual Appliance Host and Application expose interna...
Uber: [data-07.uberinternal.com] SSRF in Portainer app lead to access to Internal Docker API without Auth
Vulnerability description not provided...