Lucene search
K

390 matches found

Nuclei
Nuclei
added yesterday23 views

Memos 0.13.2 - Server-Side Request Forgery

SSRF vulnerabilities exist in the memos API service /o/get/httpmeta that allow unauthenticated and authenticated users to enumerate and read from the internal network. In addition, one SSRF vulnerability leads to a reflected XSS vulnerability, which may allow an attacker complete control over the...

5.8CVSS6.3AI score0.01049EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday17 views

BMC FootPrints 'feedUrl' - Server-Side Request Forgery

BMC FootPrints versions 20.20.02 through 20.24.01.001 contain a Server-Side Request Forgery SSRF vulnerability in the /footprints/servicedesk/externalfeed/RSS endpoint. The 'feedUrl' parameter allows unauthenticated attackers to force the server to make HTTP requests to arbitrary URLs, enabling...

8.8CVSS6.3AI score0.3436EPSS
Exploits2References3
Cvelist
Cvelist
added last week29 views

CVE-2026-58468 NocoBase 2.1.20 Server-Side Request Forgery via serverRequest wrapper

NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin...

5.5CVSS0.002EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 8:32 p.m.5 views

GHSA-CHWM-M7G7-685G Dragonfly scheduler v1 and v2 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFile

Summary The Dragonfly scheduler's v1 gRPC service contains an unauthenticated Server-Side Request Forgery SSRF. When a peer reports a successful download of a TINY task, the scheduler calls Peer.DownloadTinyFile and issues an HTTP GET to a host and port taken verbatim from the attacker-controlled...

6.9CVSS6.3AI score
Exploits0References11
Snyk
Snyk
added 2026/07/01 6:16 p.m.4 views

Server-side Request Forgery (SSRF)

Overview auth-fetch-mcp is a MCP server that lets AI read Notion, Google Docs, Jira & any login-protected page via a real browser Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isPrivateV6 function, which fails to properly detect IPv4-mapped IPv6...

7.4CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-55208

Name of the Vulnerable Software and Affected Versions oras.land/oras-go/v2 versions prior to v2.6.1 Description The auth.Client in oras-go follows the realm URL from a registry's WWW-Authenticate: Bearer challenge without validating its scheme or host. This can be abused by a malicious or...

2.1CVSS5.9AI score
Exploits0References13
NVD
NVD
added 2026/06/29 6:16 p.m.12 views

CVE-2026-56285

Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, allowing unauthenticated attackers to compute valid HMACs for arbitrary URLs. Attackers can retrieve HTTP responses from any host reachable by the server, including...

8.6CVSS0.0036EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 5:13 p.m.14 views

CVE-2026-56285

Nitter is affected by a Server-Side Request Forgery in the /video media proxy endpoint. The vulnerability arises because the endpoint does not validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, enabling unauthenticated attackers to compute valid HMACs for arbitr...

8.6CVSS5.9AI score0.0036EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/29 5:13 p.m.7 views

EUVD-2026-40154

Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, allowing unauthenticated attackers to compute valid HMACs for arbitrary URLs. Attackers can retrieve HTTP responses from any host reachable by the server, including...

8.6CVSS5.9AI score0.0036EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-497 pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration

Summary PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery SSRF attacks. An authenticated attacker can exploit this to access internal network services and exfiltrate cloud provider metadata. On DigitalOcean droplets, this exposes sensitive...

9.3CVSS6AI score0.00397EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-28385

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with t...

5CVSS6AI score0.0017EPSS
Exploits1References2
NVD
NVD
added 2026/06/26 5:16 p.m.10 views

CVE-2026-28385

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

5CVSS0.0017EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/26 4:4 p.m.34 views

CVE-2026-56663 AutoGPT: SSRF-to-RCE Chain in `SendWebRequestBlock` via IP validation bypass and internal `pg-meta` access

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an authenticated user can bypass the SSRF / private-IP protections in SendWebRequestBlock and reach internal network services. isipblocked in...

8.5CVSS0.00224EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 4:4 p.m.9 views

CVE-2026-56663

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an authenticated user can bypass the SSRF / private-IP protections in SendWebRequestBlock and reach internal network services. isipblocked in...

8.5CVSS5.8AI score0.00224EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/25 7:16 p.m.10 views

CVE-2026-56779

MaxKB before 2.10.0 contains a server-side request forgery vulnerability in tool creation and update endpoints that allows authenticated users to make arbitrary server requests by supplying unvalidated downloadCallbackUrl and downloadurl parameters. Attackers with default workspace USER role can...

6.4CVSS0.00171EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 5:32 p.m.3 views

Security Bulletin: SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection

Summary Langflow OSS versions = 1.9.3 contain SSRF vulnerability in legacy RSS Reader and SearXNG components that bypass SSRF protection introduced in v1.9.3. RSSReaderComponent calls requests.getself.rssurl directly on user input without validateurlforssrf check, completely bypassing protection...

8.2CVSS5.9AI score0.00199EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/24 6:9 p.m.25 views

CVE-2026-53945

CVE-2026-53945 affects Ghost CMS: from 6.0.9 up to 6.21.1, the private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing the Ghost server to reach internal hosts through features that issue external fetches. Remediation: upgrade to Ghost 6.21.1 or later. Impact per...

4CVSS5.9AI score0.0014EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 6:8 p.m.28 views

CVE-2026-53946 Ghost: Mobiledoc image-size fetch SSRF

Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, when re-rendering posts, Ghost would refetch missing image dimensions by issuing an outbound HTTP request to the URL stored on an image card — without restricting that URL to trusted image hosts. An authenticated staff user...

5.4CVSS0.00122EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 4:42 p.m.2 views

CVE-2026-54018 Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the SafePlaywrightURLLoader implements a validateurl function to prevent SSRF attacks by checking the IP address of the user-provided URL. However, this validation is performed only ...

7.7CVSS6AI score0.00287EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:13 p.m.6 views

CVE-2026-56275

Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud...

6CVSS5.9AI score0.00183EPSS
Exploits1References3
Rows per page
Query Builder