Lucene search
K

1754 matches found

Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.19 views

PT-2026-46932

A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...

5.3CVSS5.6AI score0.00226EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46863

Summary The /api/ action/media/external-link endpoint allows authenticated admin users to make server-side HTTP HEAD requests to arbitrary internal IP addresses. While the parallel uploadFromURL flow validates target IPs against private/reserved ranges via FileUrlValidator, the linkURL flow only...

4.1CVSS5.9AI score
Exploits0References4
Cvelist
Cvelist
added 2026/06/02 6:5 p.m.30 views

CVE-2026-49120 Medplum < 5.1.14 SSRF via FHIR Subscription Endpoint

Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHIR Subscription resources with arbitrary endpoint URLs. Attackers can point subscription endpoints ...

8.5CVSS0.00229EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

Medplum 代码问题漏洞

Medplum is an open-source platform for rapid development of medical applications. Versions of Medplum prior to 5.1.14 contained code-related vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability present in subscription workers, which could allow...

8.5CVSS5.7AI score0.00229EPSS
Exploits0References4
CVE
CVE
added 2026/05/29 7:32 p.m.28 views

CVE-2026-44285

FastGPT is affected by an SSRF flaw in the dataset preview API. Before 4.15.0-beta1, an authenticated attacker could bypass isInternalAddress protection and reach internal services by abusing /api/core/dataset/file/getPreviewChunks with the externalFile data import type. The issue is resolved in ...

7.7CVSS5.9AI score0.00263EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:32 p.m.11 views

CVE-2026-44285

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery SSRF vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by...

7.7CVSS5.9AI score0.00263EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/29 7:32 p.m.20 views

EUVD-2026-33430

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery SSRF vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by...

7.7CVSS5.9AI score0.00263EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 6:16 p.m.18 views

CVE-2026-10107

MoviePilot v2 contains a server-side request forgery vulnerability in the image proxy endpoint that allows authenticated attackers to request arbitrary URLs by supplying a resourcetoken cookie and a URL whose domain matches the assembled allowlist. Attackers can bypass internal network protection...

7.7CVSS0.0025EPSS
Exploits0References4
NVD
NVD
added 2026/05/29 9:16 a.m.13 views

CVE-2026-10052

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

4.1CVSS0.00186EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 7:59 a.m.13 views

EUVD-2026-33260

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

4.1CVSS5.8AI score0.00186EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:59 a.m.9 views

CVE-2026-10052

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

4.1CVSS5.8AI score0.00186EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/29 7:59 a.m.9 views

CVE-2026-10052

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

4.1CVSS5.8AI score0.00186EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

MCP Security 代码问题漏洞

MCP Security is a security tool developed by the Spring AI Community as an open-source project, designed to provide OAuth 2.0 authorization support for the Spring AI’s MCP protocol. Versions of MCP Security prior to 0.1.9 contained code-related vulnerabilities. These vulnerabilities stemmed from...

7.2CVSS5.8AI score0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

Red Hat Quay 代码问题漏洞

Red Hat Quay is a container image repository platform operated by the American company Red Hat. Red Hat Quay has code-related vulnerabilities; these vulnerabilities stem from the LDAP and SMTP authentication functions of the config-tool, which do not filter IP or host addresses. This may allow...

4.1CVSS5.8AI score0.00186EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.15 views

PT-2026-44979

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.15.0-beta1 Description An authenticated attacker can bypass the global isInternalAddress network protection to make arbitrary HTTP GET requests to internal network services. This occurs due to an incomplete fix in t...

7.7CVSS5.9AI score0.00263EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/28 7:10 p.m.13 views

CVE-2026-49129 Music Player Daemon < 0.24.11 SSRF via CurlInputPlugin

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...

6.9CVSS5.8AI score0.00281EPSS
Exploits0References7
NVD
NVD
added 2026/05/27 6:16 p.m.17 views

CVE-2026-45548

Budibase is an open-source low-code platform. Prior to 3.34.8, the processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetchfileUrl directly without the IP blacklist validation that is consistently applied to all other automation steps. This allows an authenticated...

7.7CVSS0.00258EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 5:12 p.m.15 views

CVE-2026-48148 Budibase: Unvalidated VectorDB Host Parameter Enables SSRF

Budibase is an open-source low-code platform. Prior to 3.35.3, the VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reserved hostnames, or URL schemes. Any authenticated user with builder-level access can supply an...

5.3CVSS5.9AI score0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 5:11 p.m.10 views

EUVD-2026-32604

Budibase is an open-source low-code platform. Prior to 3.34.8, the processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetchfileUrl directly without the IP blacklist validation that is consistently applied to all other automation steps. This allows an authenticated...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:11 p.m.12 views

CVE-2026-45548

Budibase is an open-source low-code platform. Prior to 3.34.8, the processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetchfileUrl directly without the IP blacklist validation that is consistently applied to all other automation steps. This allows an authenticated...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder