Lucene search
K

7 matches found

NVD
NVD
added 2026/04/10 8:16 p.m.5 views

CVE-2026-40168

Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Although the application validates the initially supplied URL and blocks direct private/internal hosts, it does not re-validate the final destination after HTTP redirects. As a...

8.2CVSS0.00371EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/03 9:51 p.m.2 views

Server-side Request Forgery (SSRF)

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadbytesfromurl function. An attacker can cause the server to make arbitrary HTTP or HTTPS requests to...

5.4CVSS6AI score0.00246EPSS
Exploits1References2
NVD
NVD
added 2026/02/24 3:21 p.m.15 views

CVE-2026-27567

Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery SSRF vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an...

6.5CVSS0.00288EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/20 12:33 p.m.7 views

CVE-2026-1180

A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using privatekeyjwt. The issue allows a client to specify an arbitrary jwksuri, which Keycloak then retrieves without validating the destination. This enables attackers to coerce the...

5.8CVSS5.3AI score0.00363EPSS
Exploits0References3
CVE
CVE
added 2025/11/07 2:58 a.m.27 views

CVE-2025-64180

The vulnerability CVE-2025-64180 affects Manager-io/Manager Desktop and Server (versions 25.11.1.3085 and earlier). The issue stems from a TOCTOU race condition in the DNS validation mechanism, allowing an attacker to bypass network isolation and access internal resources, cloud metadata endpoint...

10CVSS6.3AI score0.00315EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/15 3:6 p.m.18 views

CVE-2025-3522 Leak of hashed Window credentials via crafted attachment URL

Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validate...

0.0024EPSS
Exploits0References3
OSV
OSV
added 2020/12/16 1:15 a.m.2 views

UBUNTU-CVE-2020-26258

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

7.7CVSS7AI score0.82238EPSS
Exploits4References7
Rows per page
Query Builder