CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

101 matches found

Snyk•added 2026/03/31 4:51 p.m.•0 views

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fal image download process. An attacker can access internal service metadata and responses by sending crafted requests that trigger the image...

8.3CVSS6AI score0.00054EPSS

Exploits0References2

Positive Technologies•added 2026/03/31 12:0 a.m.•2 views

PT-2026-29266

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description A server-side request forgery condition exists in the fal provider image-generation-provider.ts component. This allows attackers to retrieve internal URLs. A compromised or malicious fal relay c...

8.3CVSS5.9AI score0.00054EPSS

Exploits0References11

Positive Technologies•added 2026/03/27 12:0 a.m.•1 views

PT-2026-28416

Server-Side Request Forgery SSRF vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to internal services or any remote server...

7.5CVSS6AI score0.00232EPSS

Exploits1References2

RedhatCVE•added 2026/02/12 7:28 p.m.•2 views

CVE-2026-25084

Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs...

9.8CVSS5.4AI score0.00134EPSS

Exploits0References1

Cvelist•added 2026/02/11 4:11 p.m.•19 views

CVE-2026-25084 ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function

Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs...

9.8CVSS0.00134EPSS

Exploits0References3

GithubExploit•added 2025/11/22 11:19 a.m.•121 views

WEB-APPLICATION-VULNERABILITY-SCANNER

WEB-APPLICATION-VULNERABILITY-SCANNER COMPANY: CODTECH IT S...

7AI score

Exploits0

Vulnrichment•added 2025/10/29 12:0 a.m.•3 views

CVE-2025-60898

An unauthenticated server-side request forgery SSRF vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacker to cause the server to issue HTTP requests to attacker-controlled URLs, including internal addresses. The endpoint performs a server-side GET to a...

6.6AI score0.00053EPSS

Exploits0References2

OSSF Malicious Packages•added 2025/10/23 4:19 p.m.•2 views

Malicious code in internal-links-autocomplete-id (npm)

The package communicates with a domain associated with malicious activity...

7AI score

Exploits0

OSV•added 2025/10/23 4:19 p.m.•5 views

MAL-2025-48693 Malicious code in internal-links-autocomplete-id (npm)

The package communicates with a domain associated with malicious activity...

7AI score

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2014-4464

Malware in sbrugna...

4.3CVSS6.4AI score0.00174EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2016-7261

Malware in sbrugna...

6.1CVSS6.6AI score0.00221EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-30309