9 matches found
CVE-2026-49345
Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery SSRF vulnerability exists in Mercator's CVE configuration panel /admin/config/parameters. The testProvider method in ConfigurationController passes...
CVE-2026-33234
CVE-2026-33234 affects AutoGPT versions 0.1.0–0.6.51, where SendEmailBlock accepts user-provided smtp_server and smtp_port and passes them to Python’s smtplib.SMTP() without IP address validation. This bypasses hardened SSRF protections (validate_url_host and BLOCKED_IP_NETWORKS) used by other bl...
Server-side Request Forgery (SSRF)
Overview ragas is an Evaluation framework for RAG and LLM applications Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper validation of URLs in the retrievedcontexts parameter when processing multimodal inputs. An attacker can access arbitrary files,...
GeoNode 代码问题漏洞
GeoNode is an open source platform that facilitates the creation, sharing and collaborative use of geospatial data. A code issue vulnerability exists in GeoNode versions 3.2.0 through 4.1.2, which stems from a server request forgery SSRF vulnerability in the endpoint /proxy/?url=. An attacker cou...
CVE-2022-23080
In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery SSRF in the media upload functionality which allows a low privileged user to perform internal network port scans...
Directus 代码问题漏洞
Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A code issue vulnerability exists in Directus versions v9.0.0-beta.2 through 9.6.0, which stems from a server-side request forgery SSRF vulnerability in the media upload feature. An attacker could us...
Server-Side Request Forgery (SSRF) in erudika/scoold
✍️ Description Possible SSRF in scoold in user profile picture from URL 🕵️♂️ Proof of Concept Steps to reproduce: 1. Create an account and click on the image. 2. Now open the local server or enter any IP:port ex: http://127.0.0.1:8082 3. Now enter the URL and then view the image, you will see get...
Adminer Server-Side Request Forgery Vulnerability
Adminer is a full-featured database management tool written in PHP that supports database software such as MySQL, MariaDB, PostgreSQL and SQLite. A server-side request forgery vulnerability exists in Adminer 4.3.1 and earlier versions. An attacker can exploit this vulnerability with the help of t...
Lansweeper XML External Entity Injection Vulnerability
Lansweeper is a network-assisted software that lists Windows hardware from Lansweeper Belgium. An XML external entity injection vulnerability exists in the import package feature in versions of Lansweeper prior to 6.0.100.67. A remote attacker can exploit this vulnerability to cause a denial of...