Lucene search
K

87 matches found

NVD
NVD
added 2026/06/19 8:16 p.m.13 views

CVE-2026-49345

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery SSRF vulnerability exists in Mercator's CVE configuration panel /admin/config/parameters. The testProvider method in ConfigurationController passes...

5.3CVSS0.0054EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fixed the internal port memory leak. The flow rule can be split, and additional postact rules are added to the postact table. It’s possible to trigger a memory leak when the rule forwards packets from an internal port...

6.2AI score0.00159EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.13 views

PT-2026-48709

Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port...

7.7CVSS5.5AI score0.00209EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.9 views

CVE-2026-33234

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogptplatform/backend/backend/blocks/emailblock.py accepts a user-supplied smtpserver string and smtpport integer as...

5CVSS5.6AI score0.00304EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 12:51 a.m.20 views

CVE-2026-33234

CVE-2026-33234 affects AutoGPT versions 0.1.0–0.6.51, where SendEmailBlock accepts user-provided smtp_server and smtp_port and passes them to Python’s smtplib.SMTP() without IP address validation. This bypasses hardened SSRF protections (validate_url_host and BLOCKED_IP_NETWORKS) used by other bl...

5CVSS5.9AI score0.00304EPSS
Exploits0References2
NVD
NVD
added 2026/04/21 5:16 p.m.8 views

CVE-2026-40566

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery SSRF vulnerability in the IMAP/SMTP connection test functionality of FreeScout's MailboxesController. Three AJAX actions fetchtest line 731, sendtest line 682, and imapfolder...

4.1CVSS0.00291EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/21 4:4 p.m.6 views

CVE-2026-40566

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery SSRF vulnerability in the IMAP/SMTP connection test functionality of FreeScout's MailboxesController. Three AJAX actions fetchtest line 731, sendtest line 682, and imapfolder...

4.1CVSS5.8AI score0.00291EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/21 4:4 p.m.11 views

CVE-2026-40566

FreeScout (versions before 1.8.213) contains an SSRF in the IMAP/SMTP connection test flow via MailboxesController. The three AJAX actions fetch_test, send_test, and imap_folders pass admin-configured in_server/in_port and out_server/out_port directly to fsockopen and to IMAP/SMTP clients without...

4.1CVSS5.8AI score0.00291EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/21 4:4 p.m.6 views

EUVD-2026-24167

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery SSRF vulnerability in the IMAP/SMTP connection test functionality of FreeScout's MailboxesController. Three AJAX actions fetchtest line 731, sendtest line 682, and imapfolder...

4.1CVSS5.8AI score0.00291EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.12 views

PT-2026-34010

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery SSRF vulnerability in the IMAP/SMTP connection test functionality of FreeScout's MailboxesController. Three AJAX actions fetch test line 731, send test line 682, and imap...

4.1CVSS5.8AI score0.00291EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/20 12:30 a.m.6 views

Server-side Request Forgery (SSRF)

Overview ragas is an Evaluation framework for RAG and LLM applications Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper validation of URLs in the retrievedcontexts parameter when processing multimodal inputs. An attacker can access arbitrary files,...

8.1CVSS6.5AI score0.00534EPSS
Exploits1References2
NVD
NVD
added 2026/04/15 10:17 p.m.6 views

CVE-2026-40500

ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...

6.8CVSS0.00385EPSS
Exploits0References3
NVD
NVD
added 2026/04/10 6:16 p.m.2 views

CVE-2026-31941

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery SSRF vulnerability in the Social Wall feature. The endpoint readurlwithopengraph accepts a URL from the user via the socialwallnewmsgmain POST parameter and performs tw...

7.7CVSS0.00231EPSS
Exploits0References3
CVE
CVE
added 2026/02/19 12:0 a.m.10 views

CVE-2025-55853

SoftVision webPDF (before 10.0.2) is affected by a Server-Side Request Forgery (SSRF) in its PDF converter: uploaded XML/HTML can trigger rendering that accesses internal or external resources (http://, file://), enabling internal port scanning and Local File Inclusion (LFI). Multiple sources (NV...

9.1CVSS5.6AI score0.00373EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/02/19 12:0 a.m.25 views

CVE-2025-55853

SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery SSRF. The PDF converter function does not check if internal or external resources are requested in the uploaded files and allows for protocols such as http:// and file:///. This allows an attacker to upload an XML or HTM...

0.00373EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/17 1:18 p.m.7 views

CVE-2026-0613

The Librarian contains an internal port scanning vulnerability, facilitated by the webfetch tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has...

7.5CVSS6.9AI score0.00373EPSS
Exploits0References1
NVD
NVD
added 2026/01/16 1:16 p.m.5 views

CVE-2026-0613

The Librarian contains an internal port scanning vulnerability, facilitated by the webfetch tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has...

7.5CVSS0.00373EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/16 12:46 p.m.6 views

CVE-2026-0613

The Librarian contains an internal port scanning vulnerability, facilitated by the webfetch tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has...

7.5CVSS5.7AI score0.00373EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/16 12:46 p.m.3 views

CVE-2026-0613 CVE-2026-0613

The Librarian contains an internal port scanning vulnerability, facilitated by the webfetch tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and services, enabling scanning of the Hertzner cloud environment that TheLibrarian uses. The vendor has...

6.5AI score0.00373EPSS
Exploits0References2
CVE
CVE
added 2026/01/16 12:46 p.m.14 views

CVE-2026-0613

The Librarian (TheLibrarian.io) has an internal port-scanning vulnerability via the web_fetch tool that can be used for SSRF-like GET requests to internal IPs/services, enabling probing of the Hertzner cloud environment. The issue is tied to CVE-2026-0613; vendor remediation states the vulnerabil...

7.5CVSS6.5AI score0.00373EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder