Lucene search
K

1761 matches found

EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43306

A Server-Side Request Forgery SSRF protection bypass existed in the htmltomarkdown expansion module of misp-modules. The module attempts to prevent requests to loopback, private, link-local, and other restricted IP address ranges. However, IP addresses were compared against the blocked ranges...

8.3CVSS6.1AI score
Exploits0References2
Nuclei
Nuclei
added 8 hours ago17 views

BMC FootPrints 'feedUrl' - Server-Side Request Forgery

BMC FootPrints versions 20.20.02 through 20.24.01.001 contain a Server-Side Request Forgery SSRF vulnerability in the /footprints/servicedesk/externalfeed/RSS endpoint. The 'feedUrl' parameter allows unauthenticated attackers to force the server to make HTTP requests to arbitrary URLs, enabling...

8.8CVSS6.3AI score0.3436EPSS
Exploits2References3
Nuclei
Nuclei
added 8 hours ago39 views

GitLab CI Lint API - Server-Side Request Forgery

GitLab 10.5 and later contain a server-side request forgery caused by insecure handling of webhook requests, letting unauthenticated attackers exploit the server for arbitrary requests, exploit requires sending crafted webhook requests. id: CVE-2021-22175 info: name: GitLab CI Lint API -...

9.8CVSS7.2AI score0.53372EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago22 views

Memos 0.13.2 - Server-Side Request Forgery

SSRF vulnerabilities exist in the memos API service /o/get/httpmeta that allow unauthenticated and authenticated users to enumerate and read from the internal network. In addition, one SSRF vulnerability leads to a reflected XSS vulnerability, which may allow an attacker complete control over the...

5.8CVSS6.3AI score0.01049EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago16 views

BrightSign Digital Signage 8.2.26 - Server-Side Request Forgery

Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in the BrightSign digital signage media player affecting the Diagnostic Web Server DWS. The application parses user supplied data in the 'url' GET parameter to construct a diagnostics request to the Download Speed Test service...

6.9CVSS6.1AI score0.0083EPSS
Exploits0References3
Nuclei
Nuclei
added 8 hours ago64 views

Gradio - Server Side Request Forgery

An SSRF Server-Side Request Forgery vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the...

6.5CVSS6.7AI score0.01784EPSS
Exploits1References2
Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-58468 NocoBase 2.1.20 Server-Side Request Forgery via serverRequest wrapper

NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin...

5.5CVSS0.002EPSS
Exploits0References4
Snyk
Snyk
added 6 days ago5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the notification URL validation process. An attacker can access internal network resources and potentially expose sensitive internal data by configuring notification URLs to point to hostnames that...

7.7CVSS6AI score0.00437EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-56236

Name of the Vulnerable Software and Affected Versions NocoBase versions prior to 2.1.21 Description A server-side request forgery SSRF issue exists in the serverRequest wrapper. This allows authenticated administrators to execute arbitrary outbound HTTP requests by providing malicious URLs to...

5.5CVSS6.3AI score0.002EPSS
Exploits0References8
OSV
OSV
added last week5 views

GHSA-CHWM-M7G7-685G Dragonfly scheduler v1 and v2 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFile

Summary The Dragonfly scheduler's v1 gRPC service contains an unauthenticated Server-Side Request Forgery SSRF. When a peer reports a successful download of a TINY task, the scheduler calls Peer.DownloadTinyFile and issues an HTTP GET to a host and port taken verbatim from the attacker-controlled...

6.9CVSS6.3AI score
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/07/03 2:25 a.m.10 views

CVE-2026-54430

A flaw was found in liboauth2 in the oauth2josejwksawsalbresolve function. The AWS ALB JWT verifier reads the signer and kid fields from the unverified JWT header. When signer matches the configured ARN, kid is appended to the ALB base URL without path sanitization, and an HTTP GET request is...

5.8CVSS5.8AI score0.00121EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/02 7:43 p.m.37 views

CVE-2026-59101 AutoBangumi < 3.2.8 - SSRF via /api/v1/setup/test-downloader

AutoBangumi before 3.2.8 contains a server-side request forgery SSRF vulnerability that allows unauthenticated remote attackers to probe internal network services by supplying arbitrary host values to an unprotected setup endpoint. Attackers can send requests to the POST...

6.9CVSS0.00321EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:43 p.m.8 views

CVE-2026-59101

AutoBangumi before 3.2.8 contains a server-side request forgery SSRF vulnerability that allows unauthenticated remote attackers to probe internal network services by supplying arbitrary host values to an unprotected setup endpoint. Attackers can send requests to the POST...

6.9CVSS6AI score0.00321EPSS
Exploits0References5
Snyk
Snyk
added 2026/07/01 6:16 p.m.4 views

Server-side Request Forgery (SSRF)

Overview auth-fetch-mcp is a MCP server that lets AI read Notion, Google Docs, Jira & any login-protected page via a real browser Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isPrivateV6 function, which fails to properly detect IPv4-mapped IPv6...

7.4CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-55208

Name of the Vulnerable Software and Affected Versions oras.land/oras-go/v2 versions prior to v2.6.1 Description The auth.Client in oras-go follows the realm URL from a registry's WWW-Authenticate: Bearer challenge without validating its scheme or host. This can be abused by a malicious or...

2.1CVSS5.9AI score
Exploits0References13
OSV
OSV
added 2026/06/30 11:39 p.m.2 views

BIT-GHOST-2026-53945 Ghost: Server-side request forgery via DNS rebinding in external request handling

Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing an attacker to coerce the Ghost server into reaching hosts on internal networks through features that issue external fetches. Th...

4CVSS5.8AI score0.0014EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 6:16 p.m.12 views

CVE-2026-56285

Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, allowing unauthenticated attackers to compute valid HMACs for arbitrary URLs. Attackers can retrieve HTTP responses from any host reachable by the server, including...

8.6CVSS0.0036EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/29 5:13 p.m.6 views

EUVD-2026-40154

Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, allowing unauthenticated attackers to compute valid HMACs for arbitrary URLs. Attackers can retrieve HTTP responses from any host reachable by the server, including...

8.6CVSS5.9AI score0.0036EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 5:13 p.m.13 views

CVE-2026-56285

Nitter is affected by a Server-Side Request Forgery in the /video media proxy endpoint. The vulnerability arises because the endpoint does not validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, enabling unauthenticated attackers to compute valid HMACs for arbitr...

8.6CVSS5.9AI score0.0036EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-497 pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration

Summary PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery SSRF attacks. An authenticated attacker can exploit this to access internal network services and exfiltrate cloud provider metadata. On DigitalOcean droplets, this exposes sensitive...

9.3CVSS6AI score0.00397EPSS
Exploits1References6
Rows per page
Query Builder