CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

ATTACKERKB•added 2026/04/20 1:55 p.m.•1 views

CVE-2026-34428

Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly to getUrl via curl without scheme or destination validation. Authenticated backend users can supply file:// URLs to read...

8.3CVSS5.9AI score0.00034EPSS

Exploits0References4

RedhatCVE•added 2026/01/27 9:15 p.m.•4 views

CVE-2026-24117

A Server-Side Request Forgery SSRF flaw has been discovered in the Rekor transparency log tool. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because /api/v1/index/retrieve supports retrieving a public key via user-provided URL. Since the SSRF only can...

5.3CVSS5.7AI score0.00016EPSS

Exploits0References6

ATTACKERKB•added 2026/01/22 10:5 p.m.•2 views

CVE-2026-24117

Rekor is a software supply chain transparency log. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because /api/v1/index/retrieve supports retrieving a public key via user-provided URL. Since the SSRF only can trigger GET requests, the request cannot mutate...

5.3CVSS5.5AI score0.00016EPSS

Exploits0References4Affected Software1

OSV•added 2026/01/13 6:47 p.m.•1 views

GHSA-59JP-PJ84-45MR Fulcio is vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass

Security Disclosure: SSRF via MetaIssuer Regex Bypass Summary Fulcio's metaRegex function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. T...

5.8CVSS7AI score0.00014EPSS

Exploits1References4

NVD•added 2026/01/12 9:15 p.m.•3 views

CVE-2026-22772

Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.5, Fulcio's metaRegex function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF on...

5.8CVSS0.00014EPSS

Exploits1References2

Vulnrichment•added 2026/01/12 8:58 p.m.•5 views

CVE-2026-22772 Fulcio vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass

5.8CVSS6.8AI score0.00014EPSS

Exploits1References2

NVD•added 2026/01/02 7:15 p.m.•1 views

CVE-2026-21433

Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band OOB requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admin/media.php which contains external resource references. When the...

7.7CVSS0.0004EPSS

Exploits1References1

RedHat Linux•added 2025/11/19 8:16 a.m.•2 views

python-kdcproxy: Unauthenticated SSRF via Realm‑Controlled DNS SRV

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...

8.6CVSS5.9AI score0.00087EPSS

Exploits0References5

Tenable Nessus•added 2025/11/12 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2025-59088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS...

8.6CVSS7.4AI score0.00087EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-9248

Malware in sbrugna...

8.7CVSS8.8AI score0.0014EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-1780

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00021EPSS

Exploits0References2

CVE•added 2025/09/15 6:6 a.m.•9 views

CVE-2025-10453

CVE-2025-10453 affects O’View MapServer by PilotGaea Technologies. The connected sources confirm a Server-Side Request Forgery (SSRF) vulnerability that can be exploited by unauthenticated remote attackers to probe internal networks. The root cause is SSRF within the MapServer component, enabling...

6.9CVSS6.8AI score0.00079EPSS

Exploits0References2

OSV•added 2025/05/06 4:44 p.m.•3 views

GHSA-JQX4-9GPQ-RPPM @misskey-dev/summaly allows IP Filter Bypass via Redirect

Summary Due to a validation error in got.scpaping, it is possible to use an HTTP redirect to avoid IP filtering. Details In got.scpaping, Summaly first makes a HTTP HEAD request to the page being summarized. It then preforms private IP address checks on the HEAD response, then makes an additional...

5.3CVSS6.4AI score

Exploits0References3

Positive Technologies•added 2025/01/20 12:0 a.m.•3 views

PT-2025-3975 · Aenrich Technology · A+Hrd

Name of the Vulnerable Software and Affected Versions: a+HRD from aEnrich Technology affected versions not specified Description: The issue is a Server-side Request Forgery, which allows unauthenticated remote attackers to exploit it and probe the internal network. Recommendations: At the moment,...

5.3CVSS7.1AI score0.00021EPSS

Exploits0References6

OSV•added 2021/03/30 8:8 p.m.•5 views

MGASA-2021-0163 Updated firefox packages fix security vulnerabilities

Texture upload into an unbound backing buffer resulted in an out-of-bound read. CVE-2021-23981 Angle graphics library out of date. CVE-2021-4127 Internal network hosts could have been probed by a malicious webpage. CVE-2021-23982 Malicious extensions could have spoofed popup information...

9.8CVSS8.9AI score0.00697EPSS

Exploits1References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by