Lucene search
K

85 matches found

NVD
NVD
added 4 days ago9 views

CVE-2026-12517

The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, allowing anonymous users the gating nonce is exposed on public pages carrying an embed to make the site request...

5.3CVSS0.00187EPSS
Exploits0References1
CVE
CVE
added 4 days ago9 views

CVE-2026-12517

CVE-2026-12517 : The Fediverse Embeds WordPress plugin is vulnerable to a Server-Side Request Forgery (SSRF) because the destination of a server-side request from the unauthenticated site-info endpoint is not validated. This allows anonymous users to trigger requests to internal/private network U...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References1
NVD
NVD
added 6 days ago10 views

CVE-2026-59707

LocalAI contains an unauthenticated server-side request forgery vulnerability in the POST /models/apply endpoint that allows attackers to fetch arbitrary internal URLs. The endpoint passes unsanitized gallery URL fields directly to gallery.GetGalleryConfigFromURLWithContext without proper...

9.2CVSS0.0036EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42097

LocalAI contains an unauthenticated server-side request forgery vulnerability in the POST /models/apply endpoint that allows attackers to fetch arbitrary internal URLs. The endpoint passes unsanitized gallery URL fields directly to gallery.GetGalleryConfigFromURLWithContext without proper...

9.2CVSS6.1AI score0.0036EPSS
Exploits0References4
CVE
CVE
added 6 days ago15 views

CVE-2026-59707

CVE-2026-59707 : LocalAI exposes an unauthenticated SSRF via POST /models/apply. The endpoint forwards unsanitized gallery URL fields to gallery.GetGalleryConfigFromURLWithContext, allowing requests to internal/private/loopback URLs and leaking partial responses in error messages. No exploitation...

9.2CVSS6.1AI score0.0036EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 6 days ago8 views

CVE-2026-59707

LocalAI contains an unauthenticated server-side request forgery vulnerability in the POST /models/apply endpoint that allows attackers to fetch arbitrary internal URLs. The endpoint passes unsanitized gallery URL fields directly to gallery.GetGalleryConfigFromURLWithContext without proper...

9.2CVSS6.1AI score0.0036EPSS
Exploits0References5
NVD
NVD
added 6 days ago10 views

CVE-2026-42147

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, S3 storage endpoint validation only checks URL format and testConnection sends a server-side request to the configured endpoint, allowing an authenticated user with storage...

4.9CVSS0.00255EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-41992

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, S3 storage endpoint validation only checks URL format and testConnection sends a server-side request to the configured endpoint, allowing an authenticated user with storage...

4.9CVSS5.9AI score0.00255EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-56004

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.9.0 Description The Docker API server fails to apply Server-Side Request Forgery SSRF destination checks on the streaming path. A remote unauthenticated client can exploit this by calling the 'POST /crawl/stream'...

8.6CVSS6AI score0.00262EPSS
Exploits0References4
NVD
NVD
added 2026/07/02 8:17 p.m.6 views

CVE-2026-59095

LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service importFromUrl and topic cover update fetchImageFromUrl...

8.3CVSS0.00235EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 7:41 p.m.9 views

EUVD-2026-41426

LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service importFromUrl and topic cover update fetchImageFromUrl...

8.3CVSS5.9AI score0.00235EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/29 5:18 p.m.5 views

CVE-2026-57947

Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook registration endpoint that allows authenticated users to register internal URLs due to missing SSRF protection. Attackers can trigger alarm threshold breaches to force the server to issue POST requests to...

8.5CVSS5.8AI score0.00239EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 10:45 a.m.6 views

EUVD-2026-38735

Server-Side Request Forgery SSRF CWE-918 in the PDF generation endpoint GET /api/reports/id/pdf backend/main.py in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the...

6.9CVSS6.1AI score0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/20 6:27 p.m.9 views

EUVD-2026-38131

AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenticated administrators to read arbitrary URLs via the statsURL parameter, which lacks isSSRFSafeURL validation and accepts requests to private IP ranges and cloud metadata...

6.8CVSS6AI score0.00236EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/13 5:2 a.m.250 views

Exploit for Server-Side Request Forgery in Internlm Lmdeploy

CVE-2026-33626 — LMDeploy Vision-Language SSRF Lab Overvie...

7.5CVSS5.8AI score0.4525EPSS
Exploits2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

Nginx UI 代码问题漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI 2.3.4 and earlier have code vulnerabilities. This vulnerability allows authenticated users to create cluster nodes that point to arbitrary internal URLs and send API requests with the X-Node-ID header, resulting in SSR...

9.9CVSS6AI score0.00318EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/11 8:36 p.m.33 views

CVE-2026-43879 WWBN AVideo: Blind SSRF in YPTWallet Donation Webhook via Missing isSSRFSafeURL() Check and CURLOPT_FOLLOWLOCATION Redirect Bypass

WWBN AVideo is an open source video platform. In versions up to and including 29.0, an authenticated user can configure their own donation-notification webhook URL to point at internal/loopback/metadata hosts e.g. http://127.0.0.1:8080/..., http://169.254.169.254/latest/..., RFC1918 addresses. Wh...

5.4CVSS0.00165EPSS
Exploits0References2
CVE
CVE
added 2026/05/11 8:36 p.m.9 views

CVE-2026-43879

CVE-2026-43879 (WWBN/AVideo) describes a blind SSRF in the donation webhook flow. In versions up to 29.0, an authenticated user can configure donation_notification_url to point at internal or RFC1918 hosts (e.g., 127.0.0.1, 169.254.169.254). When another user donates, the server issues a curl POS...

5.4CVSS5.8AI score0.00165EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 9:28 p.m.4 views

GHSA-8MC6-XJPR-H98X Ech0 has Server-Side Request Forgery (SSRF) via Connect Handler fetchPeerConnectInfo

Summary The fetchPeerConnectInfo function in internal/service/connect/connect.go:214-239 uses httpUtil.SendRequest no SSRF protection instead of SendSafeRequest which has ValidatePublicHTTPURL with private IP blocking. This allows authenticated users to make the server request arbitrary URLs...

7.7CVSS5.9AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.6 views

CVE-2026-6229

The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient validation of user-supplied URLs in the rendercsvdata function, which can be bypassed by including 'docs.google.com/spreadsheets' in...

7.2CVSS5.9AI score0.00379EPSS
Exploits0References1
Rows per page
Query Builder