1754 matches found
PT-2026-46932
A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...
PT-2026-46863
Summary The /api/ action/media/external-link endpoint allows authenticated admin users to make server-side HTTP HEAD requests to arbitrary internal IP addresses. While the parallel uploadFromURL flow validates target IPs against private/reserved ranges via FileUrlValidator, the linkURL flow only...
CVE-2026-49120 Medplum < 5.1.14 SSRF via FHIR Subscription Endpoint
Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHIR Subscription resources with arbitrary endpoint URLs. Attackers can point subscription endpoints ...
Medplum 代码问题漏洞
Medplum is an open-source platform for rapid development of medical applications. Versions of Medplum prior to 5.1.14 contained code-related vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability present in subscription workers, which could allow...
CVE-2026-44285
FastGPT is affected by an SSRF flaw in the dataset preview API. Before 4.15.0-beta1, an authenticated attacker could bypass isInternalAddress protection and reach internal services by abusing /api/core/dataset/file/getPreviewChunks with the externalFile data import type. The issue is resolved in ...
CVE-2026-44285
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery SSRF vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by...
EUVD-2026-33430
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery SSRF vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by...
CVE-2026-10107
MoviePilot v2 contains a server-side request forgery vulnerability in the image proxy endpoint that allows authenticated attackers to request arbitrary URLs by supplying a resourcetoken cookie and a URL whose domain matches the assembled allowlist. Attackers can bypass internal network protection...
CVE-2026-10052
A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...
EUVD-2026-33260
A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...
CVE-2026-10052
A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...
CVE-2026-10052
A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...
MCP Security 代码问题漏洞
MCP Security is a security tool developed by the Spring AI Community as an open-source project, designed to provide OAuth 2.0 authorization support for the Spring AI’s MCP protocol. Versions of MCP Security prior to 0.1.9 contained code-related vulnerabilities. These vulnerabilities stemmed from...
Red Hat Quay 代码问题漏洞
Red Hat Quay is a container image repository platform operated by the American company Red Hat. Red Hat Quay has code-related vulnerabilities; these vulnerabilities stem from the LDAP and SMTP authentication functions of the config-tool, which do not filter IP or host addresses. This may allow...
PT-2026-44979
Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.15.0-beta1 Description An authenticated attacker can bypass the global isInternalAddress network protection to make arbitrary HTTP GET requests to internal network services. This occurs due to an incomplete fix in t...
CVE-2026-49129 Music Player Daemon < 0.24.11 SSRF via CurlInputPlugin
Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...
CVE-2026-45548
Budibase is an open-source low-code platform. Prior to 3.34.8, the processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetchfileUrl directly without the IP blacklist validation that is consistently applied to all other automation steps. This allows an authenticated...
CVE-2026-48148 Budibase: Unvalidated VectorDB Host Parameter Enables SSRF
Budibase is an open-source low-code platform. Prior to 3.35.3, the VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reserved hostnames, or URL schemes. Any authenticated user with builder-level access can supply an...
EUVD-2026-32604
Budibase is an open-source low-code platform. Prior to 3.34.8, the processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetchfileUrl directly without the IP blacklist validation that is consistently applied to all other automation steps. This allows an authenticated...
CVE-2026-45548
Budibase is an open-source low-code platform. Prior to 3.34.8, the processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetchfileUrl directly without the IP blacklist validation that is consistently applied to all other automation steps. This allows an authenticated...