Lucene search
+L

163 matches found

attackerkb
attackerkb
added 2026/06/25 6:7 p.m.7 views

CVE-2026-56771

NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the addurl endpoint that allows authenticated users to make arbitrary server requests to internal networks by failing to filter private IP addresses. Attackers can exploit this to access localhost services and...

8.5CVSS6AI score0.00204EPSS
Exploits0References5
cvelist
cvelist
added 2026/06/20 6:27 p.m.19 views

CVE-2026-56342 AVideo - Server-Side Request Forgery in Live/test.php via statsURL Parameter

AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenticated administrators to read arbitrary URLs via the statsURL parameter, which lacks isSSRFSafeURL validation and accepts requests to private IP ranges and cloud metadata...

6.8CVSS0.00236EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/19 1:9 p.m.7 views

CVE-2026-44046

Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules. This issue affects Apache APISIX: from 1.2.0 through...

2.3CVSS5.8AI score0.00314EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/06/19 1:9 p.m.3 views

CVE-2026-44046 Apache APISIX: wolf-rbac plugin Identity Spoofing

Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules. This issue affects Apache APISIX: from 1.2.0 through...

2.3CVSS5.9AI score0.00314EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.16 views

PT-2026-50590

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description The SafePlaywrightURLLoader uses a validate url function to prevent Server-Side Request Forgery SSRF by checking the IP address of a user-provided URL. However, this validation only occurs for the...

7.7CVSS5.9AI score0.00287EPSS
Exploits1References10
gitlab
gitlab
added 2026/06/16 12:0 a.m.9 views

Crawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF check

The Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through it, reaching internal services and cloud-metadata endpoints, while using a...

8.6CVSS5.3AI score0.00289EPSS
Exploits0References3Affected Software1
cve
cve
added 2026/06/10 2:3 p.m.28 views

CVE-2026-45561

CVE-2026-45561 affects Roxy-WI web interface (versions 8.2.6.4 and earlier) and allows SSRF via the /smon/agent/{version,uptime,status,checks}/ endpoints. The path component is passed verbatim into requests.get("http://{server_ip}:{agent_port}/...") and is only constrained by Flask’s default URL ...

6.5CVSS5.5AI score0.00218EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/10 12:0 a.m.17 views

Roxy-WI 代码问题漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier have a code vulnerability. This vulnerability stems from the /smon/agent/route function directly passing URL path components to requests.get, which may all...

6.5CVSS5.4AI score0.00218EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/05 7:27 p.m.9 views

CVE-2026-40435

When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS5.5AI score0.00228EPSS
Exploits0References1
cve
cve
added 2026/05/28 5:11 p.m.19 views

CVE-2026-46561

CVE-2026-46561 concerns pyLoad/pyload-ng SSRF via the parse_urls API. The vulnerability arises because HTTPRequest uses allow_private_ip = True by default, allowing redirects to private IPs to be followed after initial URL validation passes is_global_host. The parse_urls flow validates the initia...

5CVSS5.8AI score0.00176EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/18 2:52 p.m.21 views

CVE-2026-45190

A flaw was found in Net::CIDR::Lite, a Perl module for handling IP address ranges. This vulnerability allows a remote attacker to bypass IP Access Control Lists ACLs due to improper validation of IP address and CIDR Classless Inter-Domain Routing mask inputs. Specifically, inputs containing...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/05/14 3:33 p.m.6 views

CVE-2026-42595

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint /forms/chromium/convert/url has no default protection against HTTP/HTTPS-based SSRF. The default deny-list regex only blocks file:// URIs. An unauthenticated attacker can point...

8.6CVSS5.8AI score0.00313EPSS
Exploits1References2Affected Software1
cnnvd
cnnvd
added 2026/05/13 12:0 a.m.10 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. There is a security vulnerability in F5 BIG-IP, where the IP access restrictions of htt...

6.9CVSS5.8AI score0.00228EPSS
Exploits0References1
osv
osv
added 2026/05/11 1:51 p.m.12 views

GHSA-CHWH-F6GM-R836 Gotenberg: Server-Side Request Forgery via Chromium URL Endpoint with Redirect-Based Deny-List Bypass

A review of 4 published Gotenberg security advisories exposed an SSRF issue. GHSA-pjrr-jgp4-v2fm covers SSRF via the downloadFrom endpoint. GHSA-pcrp-7g9h-7qhp covers SSRF via the webhook endpoint. Neither advisory addresses SSRF through the primary Chromium URL-to-PDF conversion endpoint...

8.6CVSS6AI score0.00313EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/05/10 8:15 p.m.14 views

CVE-2026-45191

Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask forms like "/00" and "/01" pass validation and parse to the same prefix as their unpadded value. See also CVE-2026-45190...

5.8AI score0.00311EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/05/10 12:0 a.m.21 views

PT-2026-41196

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description The validate url function in backend/open webui/retrieval/web/utils.py only validates the initial URL provided by the user. Downstream HTTP clients, including sync requests, async aiohttp, and...

8.5CVSS5.8AI score0.003EPSS
Exploits1References15
nvd
nvd
added 2026/05/05 8:16 p.m.10 views

CVE-2026-33975

Twenty is an open source CRM built with NestJS Node.js. In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 addresses in URL IP literals. Node.js's URL parser normalizes IPv4-mapped IPv6 addresses to compressed hex...

8.3CVSS0.0024EPSS
Exploits0References1
snyk
snyk
added 2026/05/05 7:52 p.m.10 views

Server-side Request Forgery (SSRF)

Overview requests-hardened is an A library that overrides the default behaviors of the requests library, and adds new security features. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URL filtering process. An attacker can access internal services and...

8.3CVSS5.8AI score0.00305EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/21 12:0 a.m.26 views

PT-2026-41172

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description A Server-Side Request Forgery SSRF bypass exists in the validate url function located in backend/open webui/retrieval/web/utils.py. The function calls validators.ipv6ip, private=True, but because...

8.5CVSS5.8AI score0.00286EPSS
Exploits1References15
cvelist
cvelist
added 2026/04/10 9:49 p.m.21 views

CVE-2026-40199 Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass

Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. packipv6 includes the sentinel byte from packipv4 when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of...

0.00307EPSS
Exploits0References3
Rows per page
Query Builder