Lucene search
K

9 matches found

NVD
NVD
added 2026/06/19 8:16 p.m.14 views

CVE-2026-49345

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery SSRF vulnerability exists in Mercator's CVE configuration panel /admin/config/parameters. The testProvider method in ConfigurationController passes...

5.3CVSS0.0054EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 12:51 a.m.22 views

CVE-2026-33234

CVE-2026-33234 affects AutoGPT versions 0.1.0–0.6.51, where SendEmailBlock accepts user-provided smtp_server and smtp_port and passes them to Python’s smtplib.SMTP() without IP address validation. This bypasses hardened SSRF protections (validate_url_host and BLOCKED_IP_NETWORKS) used by other bl...

5CVSS5.9AI score0.00304EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/20 12:30 a.m.6 views

Server-side Request Forgery (SSRF)

Overview ragas is an Evaluation framework for RAG and LLM applications Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper validation of URLs in the retrievedcontexts parameter when processing multimodal inputs. An attacker can access arbitrary files,...

8.1CVSS6.5AI score0.00534EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/08/24 12:0 a.m.4 views

GeoNode 代码问题漏洞

GeoNode is an open source platform that facilitates the creation, sharing and collaborative use of geospatial data. A code issue vulnerability exists in GeoNode versions 3.2.0 through 4.1.2, which stems from a server request forgery SSRF vulnerability in the endpoint /proxy/?url=. An attacker cou...

7.5CVSS7.4AI score0.00638EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/06/22 4:15 p.m.6 views

CVE-2022-23080

In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery SSRF in the media upload functionality which allows a low privileged user to perform internal network port scans...

5CVSS5.8AI score0.00785EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/06/22 12:0 a.m.20 views

Directus 代码问题漏洞

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A code issue vulnerability exists in Directus versions v9.0.0-beta.2 through 9.6.0, which stems from a server-side request forgery SSRF vulnerability in the media upload feature. An attacker could us...

5CVSS6.3AI score0.00785EPSS
Exploits1References3
Huntr
Huntr
added 2021/07/06 4:31 p.m.6 views

Server-Side Request Forgery (SSRF) in erudika/scoold

✍️ Description Possible SSRF in scoold in user profile picture from URL 🕵️‍♂️ Proof of Concept Steps to reproduce: 1. Create an account and click on the image. 2. Now open the local server or enter any IP:port ex: http://127.0.0.1:8082 3. Now enter the URL and then view the image, you will see get...

0.5AI score
Exploits0
CNVD
CNVD
added 2018/03/05 12:0 a.m.19 views

Adminer Server-Side Request Forgery Vulnerability

Adminer is a full-featured database management tool written in PHP that supports database software such as MySQL, MariaDB, PostgreSQL and SQLite. A server-side request forgery vulnerability exists in Adminer 4.3.1 and earlier versions. An attacker can exploit this vulnerability with the help of t...

9.8CVSS7AI score0.04603EPSS
Exploits1References1
CNVD
CNVD
added 2017/10/09 12:0 a.m.5 views

Lansweeper XML External Entity Injection Vulnerability

Lansweeper is a network-assisted software that lists Windows hardware from Lansweeper Belgium. An XML external entity injection vulnerability exists in the import package feature in versions of Lansweeper prior to 6.0.100.67. A remote attacker can exploit this vulnerability to cause a denial of...

9.9CVSS9.2AI score0.01987EPSS
Exploits2References1
Rows per page
Query Builder