Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/05/14 8:27 p.m.14 views

Open WebUI has a Server-Side Request Forgery (SSRF) bypass in `validate_url`

Summary In the open-webui project, a parsing difference between the urlparse and requests libraries led to an SSRF bypass vulnerability. Details In the current project, URL validation is performed using the function validateurl. The current checking logic uses urlparse to parse the hostname part ...

8.5CVSS5.9AI score0.00292EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/04/13 8:16 p.m.11 views

CVE-2026-33534

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server-Side Request Forgery SSRF vulnerability that allows bypassing the internal-host validation logic by using alternative IPv4 representations such as octal notation e.g.,...

4.3CVSS0.01978EPSS
Exploits5References2
Vulnrichment
Vulnrichment
added 2026/04/13 7:20 p.m.4 views

CVE-2026-33534 EspoCRM has authenticated SSRF via internal-host validation bypass using alternative IPv4 notation

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server-Side Request Forgery SSRF vulnerability that allows bypassing the internal-host validation logic by using alternative IPv4 representations such as octal notation e.g.,...

4.3CVSS6.5AI score0.01978EPSS
Exploits5References2
CVE
CVE
added 2026/04/13 7:20 p.m.21 views

CVE-2026-33534

EspoCRM

4.3CVSS5.8AI score0.01978EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2026/04/13 7:20 p.m.30 views

CVE-2026-33534 EspoCRM has authenticated SSRF via internal-host validation bypass using alternative IPv4 notation

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server-Side Request Forgery SSRF vulnerability that allows bypassing the internal-host validation logic by using alternative IPv4 representations such as octal notation e.g.,...

4.3CVSS0.01978EPSS
Exploits5References2
Rows per page
Query Builder