Lucene search
K

1790 matches found

Nuclei
Nuclei
added yesterday39 views

GitLab CI Lint API - Server-Side Request Forgery

GitLab 10.5 and later contain a server-side request forgery caused by insecure handling of webhook requests, letting unauthenticated attackers exploit the server for arbitrary requests, exploit requires sending crafted webhook requests. id: CVE-2021-22175 info: name: GitLab CI Lint API -...

9.8CVSS7.2AI score0.53372EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday16 views

BrightSign Digital Signage 8.2.26 - Server-Side Request Forgery

Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in the BrightSign digital signage media player affecting the Diagnostic Web Server DWS. The application parses user supplied data in the 'url' GET parameter to construct a diagnostics request to the Download Speed Test service...

6.9CVSS6.1AI score0.0083EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday23 views

Memos 0.13.2 - Server-Side Request Forgery

SSRF vulnerabilities exist in the memos API service /o/get/httpmeta that allow unauthenticated and authenticated users to enumerate and read from the internal network. In addition, one SSRF vulnerability leads to a reflected XSS vulnerability, which may allow an attacker complete control over the...

5.8CVSS6.3AI score0.01049EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday65 views

Gradio - Server Side Request Forgery

An SSRF Server-Side Request Forgery vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the...

6.5CVSS6.7AI score0.01784EPSS
Exploits1References2
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-14645 Nexus Repository 3 - Server-Side Request Forgery (SSRF) via Webhook: Global Capability

Nexus Repository 3 does not validate the destination of the "Webhook: Global" capability's configured URL before making an outbound HTTP request, allowing a user holding the Capability Administration permission to cause the server to send requests to internal network locations Server-Side Request...

5.1CVSS0.00397EPSS
Exploits0References2
CVE
CVE
added 2 days ago9 views

CVE-2026-14645

CVE-2026-14645 : Nexus Repository 3 is vulnerable to Server-Side Request Forgery (SSRF) via the Webhook: Global capability. The product does not validate the destination URL of the configured Webhook: Global before making an outbound HTTP request, enabling a user with the Capability Administratio...

5.1CVSS6.1AI score0.00397EPSS
Exploits0References2
CVE
CVE
added 2 days ago9 views

CVE-2026-52840

Affected software: Easy!Appointments (self-hosted) prior to 1.6.0. Vulnerability: Server-Side Request Forgery (SSRF) in the CalDAV connection test. In Caldav::connect_to_server (application/controllers/Caldav.php:60), the request’s caldav_url is handed to a Guzzle REPORT call without proper schem...

2.7CVSS6.2AI score0.00186EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-52840 Easy!Appointments has server-side request forgery in CalDAV connection test that exposes the deployment's internal network

Easy!Appointments is a self hosted appointment scheduler. In versions prior to 1.6.0, Caldav::connecttoserver at application/controllers/Caldav.php:60 hands the request's caldavurl to a Guzzle REPORT call without scheme or host validation. A logged-in backend user admin, provider, or secretary...

2.7CVSS0.00186EPSS
Exploits0References2
OSV
OSV
added 2 days ago3 views

CVE-2026-52840 Easy!Appointments has server-side request forgery in CalDAV connection test that exposes the deployment's internal network

Easy!Appointments is a self hosted appointment scheduler. In versions prior to 1.6.0, Caldav::connecttoserver at application/controllers/Caldav.php:60 hands the request's caldavurl to a Guzzle REPORT call without scheme or host validation. A logged-in backend user admin, provider, or secretary...

2.7CVSS6.2AI score0.00186EPSS
Exploits0References4
Nuclei
Nuclei
added 2 days ago17 views

BMC FootPrints 'feedUrl' - Server-Side Request Forgery

BMC FootPrints versions 20.20.02 through 20.24.01.001 contain a Server-Side Request Forgery SSRF vulnerability in the /footprints/servicedesk/externalfeed/RSS endpoint. The 'feedUrl' parameter allows unauthenticated attackers to force the server to make HTTP requests to arbitrary URLs, enabling...

8.8CVSS6.3AI score0.3436EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-60102

Name of the Vulnerable Software and Affected Versions Anyquery affected versions not specified Description When operating in server mode, the software does not restrict outbound HTTP requests initiated by built-in SQLite virtual table modules, such as json reader and log reader. Unauthenticated...

8.6CVSS6.1AI score
Exploits0References5
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43306

A Server-Side Request Forgery SSRF protection bypass existed in the htmltomarkdown expansion module of misp-modules. The module attempts to prevent requests to loopback, private, link-local, and other restricted IP address ranges. However, IP addresses were compared against the blocked ranges...

8.3CVSS6.1AI score0.00239EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-57680

Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 through 1.2.1. Users are recommended to upgrade to...

6.5CVSS6.1AI score0.00502EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-55187 Mailpit: Incomplete SSRF protection in Link Check API via IPv6 transition mechanisms (follow-up to CVE-2026-27808)

Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shipped for CVE-2026-27808 is incomplete because the tools.IsInternalIP deny-list in internal/tools/net.go relies on Go's standard library classification helpers and does not block IPv6 transition mechanisms...

5.8CVSS0.00282EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/07/07 7:27 p.m.5 views

CVE-2026-58468 NocoBase 2.1.20 Server-Side Request Forgery via serverRequest wrapper

NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin...

5.5CVSS6.1AI score0.002EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/07 7:27 p.m.30 views

CVE-2026-58468 NocoBase 2.1.20 Server-Side Request Forgery via serverRequest wrapper

NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin...

5.5CVSS0.002EPSS
Exploits0References4
Snyk
Snyk
added 2026/07/07 1:1 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the notification URL validation process. An attacker can access internal network resources and potentially expose sensitive internal data by configuring notification URLs to point to hostnames that...

7.7CVSS6AI score0.00437EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.7 views

PT-2026-56236

Name of the Vulnerable Software and Affected Versions NocoBase versions prior to 2.1.21 Description A server-side request forgery SSRF issue exists in the serverRequest wrapper. This allows authenticated administrators to execute arbitrary outbound HTTP requests by providing malicious URLs to...

5.5CVSS6.3AI score0.002EPSS
Exploits0References8
OSV
OSV
added 2026/07/06 8:32 p.m.5 views

GHSA-CHWM-M7G7-685G Dragonfly scheduler v1 and v2 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFile

Summary The Dragonfly scheduler's v1 gRPC service contains an unauthenticated Server-Side Request Forgery SSRF. When a peer reports a successful download of a TINY task, the scheduler calls Peer.DownloadTinyFile and issues an HTTP GET to a host and port taken verbatim from the attacker-controlled...

6.9CVSS6.3AI score
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/07/03 2:25 a.m.11 views

CVE-2026-54430

A flaw was found in liboauth2 in the oauth2josejwksawsalbresolve function. The AWS ALB JWT verifier reads the signer and kid fields from the unverified JWT header. When signer matches the configured ARN, kid is appended to the ALB base URL without path sanitization, and an HTTP GET request is...

5.8CVSS5.8AI score0.00121EPSS
Exploits0References6
Rows per page
Query Builder