Lucene search
K

51 matches found

ATTACKERKB
ATTACKERKB
added 3 days ago8 views

CVE-2026-12123

The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locatio...

6.4CVSS6.2AI score0.00246EPSS
Exploits0References13
NVD
NVD
added last week8 views

CVE-2026-58404

Hugo is a static site generator. From v0.162.0 through v0.163.0, the default security.http.urls policy denies requests to loopback, internal, and cloud-metadata IPv4 literals, but the deny rule only matched dotted-decimal notation, so alternate IPv4 encodings of the same addresses, including...

6.8CVSS0.00208EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 2:19 p.m.24 views

CVE-2026-55844

The Home Assistant iOS companion app prior to 2025.5.0 ignores the SSID allowlist for internal networks. It uses SSID to decide when to use the internal URL, but if no other URL is available it falls back to the internal URL, which can expose the user’s token on unsecure networks. Affected compon...

7.5CVSS5.8AI score0.00161EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.18 views

PT-2026-53283

Name of the Vulnerable Software and Affected Versions Home Assistant versions prior to 2025.5.0 Description The iOS companion app fails to respect the SSID allowlist for internal networks. While the app typically uses the Service Set Identifier SSID—the public name of a wireless network—to...

7.5CVSS5.8AI score0.00161EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/12 3:8 p.m.15 views

Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection

Summary The OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts line 59 uses raw fetchconfig.url with no SSRF protection. The safe wrapper fetchWithBlacklist exists in the same codebase and is used in every other outbound HTTP call automation steps, plugin downloads,...

7.7CVSS5.5AI score0.00217EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/15 1:57 a.m.11 views

CVE-2026-44015

Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwar...

9.9CVSS5.9AI score0.00318EPSS
Exploits1References1
NVD
NVD
added 2026/05/14 9:16 p.m.57 views

CVE-2026-44661

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS /...

4.7CVSS0.00168EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 6:26 p.m.5 views

GHSA-7RX4-C5VX-G8W3 Karakeep SDK has SSRF via metascraper-logo-favicon that bypasses validateUrl protections

Summary The metascraper-logo-favicon plugin makes HTTP requests to URLs extracted from attacker-controlled HTML without going through the application's validateUrl SSRF protections. This allows any authenticated user to make the server fetch arbitrary internal URLs by bookmarking a page containin...

7.1CVSS6AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/14 6:26 p.m.9 views

Karakeep SDK has SSRF via metascraper-logo-favicon that bypasses validateUrl protections

Summary The metascraper-logo-favicon plugin makes HTTP requests to URLs extracted from attacker-controlled HTML without going through the application's validateUrl SSRF protections. This allows any authenticated user to make the server fetch arbitrary internal URLs by bookmarking a page containin...

6AI score
Exploits0References5Affected Software1
CVE
CVE
added 2026/05/08 10:12 p.m.22 views

CVE-2026-44284

FastGPT (before 4.14.17) had an SSRF flaw in MCP tool URL handling. An authenticated user with permission to create/manage MCP toolsets could store an internal endpoint (e.g., http://localhost:3000/mcp) via the MCP tool create/update endpoints. The stored URL could be used later by the backend wo...

6.3CVSS5.8AI score0.00235EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/07 2:9 a.m.12 views

Free5GC UDM has Improper Input Validation and Generation of Error Messages Containing Sensitive Information

Summary The free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm Subscriber Data Management service. An unauthenticated attacker can inject control characters into the SUPI parameter, causing UDM to forward a malformed request to UDR and return a 500...

8.7CVSS5.9AI score0.00324EPSS
Exploits1References5Affected Software1
Exploit DB
Exploit DB
added 2026/05/07 12:0 a.m.87 views

ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery (SSRF)

Exploit Title: ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery SSRF Date: 2026-03-25 Exploit Author: Tamil Mathi T. Vendor Homepage: https://thingsboard.io Software Link: https://github.com/thingsboard/thingsboard Version: . When ThingsBoard processes the uploaded SVG server-side, it...

9.1CVSS5.8AI score0.01658EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.12 views

PT-2026-39184

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.5 Description An authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node that points to an arbitrary internal URL and sending API requests with the X-Node-ID header. The Proxy...

9.9CVSS5.9AI score0.00318EPSS
Exploits1References11
Snyk
Snyk
added 2026/04/21 3:4 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the loadimage and encodeimagebase64 functions in LMDeploy's vision-language module, which fetch URLs without validating whether the destination is an internal or private address. An attacker can acce...

8.7CVSS6AI score0.4525EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

whisperX REST API 代码问题漏洞

WhisperX REST API is an audio transcription and analysis enhancement tool developed by Pavel Zbornik. Versions of the WhisperX REST API from 0.3.1 to 0.5.0 have code vulnerabilities. These vulnerabilities stem from the FileService.downloadfromurl function, which performs a file extension check...

5.8CVSS5.9AI score0.00252EPSS
Exploits1References3
CVE
CVE
added 2026/03/27 12:0 a.m.6 views

CVE-2026-30637

CVE-2026-30637 is an SSRF vulnerability in OTCMS prior to V7.66, affecting the AnnounContent in /admin/read.php. The issue allows unauthenticated attackers to craft HTTP requests to internal or arbitrary remote URLs. The CVSS v3.1 base score is 7.5 (HIGH) with network access, low attack complexit...

7.5CVSS6AI score0.00499EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/03/02 5:16 p.m.8 views

CVE-2025-64427

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses e.g., 127.0.0.1, localhost, or...

7.1CVSS0.00238EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.14 views

PT-2026-21867

Name of the Vulnerable Software and Affected Versions changedetection.io versions prior to 0.54.1 Description changedetection.io is a web page change detection tool susceptible to Server-Side Request Forgery SSRF. The is safe valid url function does not properly validate the resolved IP address o...

8.6CVSS5.9AI score0.00445EPSS
Exploits1References15
Github Security Blog
Github Security Blog
added 2026/02/23 9:54 p.m.11 views

Astro has Full-Read SSRF in error rendering via Host: header injection

Summary Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect this to any internal URL to read the respon...

8.6CVSS5.6AI score0.01414EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.13 views

PT-2026-23529

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description The Feishu extension in OpenClaw is susceptible to server-side request forgery SSRF. This allows attackers to retrieve content from attacker-controlled remote URLs without proper SSRF protection...

8.6CVSS5.8AI score0.00275EPSS
Exploits0References9
Rows per page
Query Builder