Lucene search
K

33 matches found

NVD
NVD
added 2026/06/23 9:17 p.m.11 views

CVE-2026-47382

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the connection-test endpoint opened a raw TCP socket to the user-supplied database host without resolving and range-checking the destination, so private and link-local addresses including IPv4-mapped IPv6 forms and...

5.3CVSS0.00207EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:19 p.m.19 views

CVE-2026-47382

CVE-2026-47382 concerns NocoDB, where the connection-test endpoint allowed SSRF by opening a raw TCP socket to a user-supplied database host without DNS resolution and range checks. This could reach private/link-local addresses (including IPv4-mapped IPv6 and localhost) before a fix. The issue is...

5.3CVSS5.9AI score0.00207EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.29 views

PT-2026-47080

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description The 'connection-test' endpoint opens a raw TCP socket to a user-supplied database host without resolving or range-checking the destination. This allows private and link-local addresses, including...

5.3CVSS5.9AI score0.00207EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/05/07 4:18 a.m.10 views

CVE-2026-41413 Istio Vulnerable to SSRF via RequestAuthentication jwksUri

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhos...

5CVSS5.7AI score0.00329EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/01 9:46 a.m.32 views

EUVD-2026-26491

Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...

7.2CVSS5.9AI score0.00497EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 7:25 p.m.5 views

CVE-2026-34719

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the webhook model was missing a proper validation for loop back addresses, or link-local addresses — only the URL scheme HTTP/HTTPS as well as the hostname was checked. This could end up in retrieving...

8.3CVSS0.00244EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 6:2 p.m.4 views

EUVD-2026-20559

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the webhook model was missing a proper validation for loop back addresses, or link-local addresses — only the URL scheme HTTP/HTTPS as well as the hostname was checked. This could end up in retrieving...

8.3CVSS5.9AI score0.00244EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 6:2 p.m.21 views

CVE-2026-34719 Zammad has a Server-side request forgery (SSRF) via webhooks

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the webhook model was missing a proper validation for loop back addresses, or link-local addresses — only the URL scheme HTTP/HTTPS as well as the hostname was checked. This could end up in retrieving...

8.3CVSS0.00244EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.7 views

PT-2026-31416

Name of the Vulnerable Software and Affected Versions Zammad versions prior to 7.0.1 and prior to 6.5.4 Description Zammad, a web-based open-source helpdesk/customer support system, had insufficient validation in its webhook model for loopback or link-local addresses. Only the URL scheme HTTP/HTT...

8.3CVSS5.8AI score0.00244EPSS
Exploits0References4
NVD
NVD
added 2026/03/26 9:17 p.m.4 views

CVE-2026-33537

Lychee is a free, open-source photo-management tool. The patch introduced for GHSA-cpgw-wgf3-xc6v SSRF via Photo::fromUrl contains an incomplete IP validation check that fails to block loopback addresses and link-local addresses. Prior to version 7.5.1, an authenticated user can still reach...

5.3CVSS0.0026EPSS
Exploits1References2
CVE
CVE
added 2026/03/26 8:1 p.m.22 views

CVE-2026-33537

Lychee (open-source photo management) is affected by an SSRF issue in Photo::fromUrl due to incomplete IP validation that does not block loopback and link-local addresses. Before version 7.5.1, an authenticated user could reach internal services via direct IPs, bypassing all four protection confi...

5.3CVSS5.8AI score0.0026EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:1 p.m.6 views

CVE-2026-33537

Lychee is a free, open-source photo-management tool. The patch introduced for GHSA-cpgw-wgf3-xc6v SSRF via Photo::fromUrl contains an incomplete IP validation check that fails to block loopback addresses and link-local addresses. Prior to version 7.5.1, an authenticated user can still reach...

5.3CVSS5.8AI score0.0026EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/26 8:1 p.m.7 views

CVE-2026-33537 Lychee has SSRF bypass via incomplete IP validation in Photo::fromUrl — loopback and link-local IPs not blocked

Lychee is a free, open-source photo-management tool. The patch introduced for GHSA-cpgw-wgf3-xc6v SSRF via Photo::fromUrl contains an incomplete IP validation check that fails to block loopback addresses and link-local addresses. Prior to version 7.5.1, an authenticated user can still reach...

5.3CVSS5.9AI score0.0026EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.12 views

Lychee 代码问题漏洞

Lychee is a beautiful and easy-to-use photo management system developed by The Lychee Organisation. It is used for managing and sharing photos. Versions of Lychee prior to 7.5.1 had code vulnerabilities; these vulnerabilities stemmed from incomplete IP verification checks, which failed to prevent...

5.3CVSS5.9AI score0.0026EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.8 views

PT-2026-28492

Name of the Vulnerable Software and Affected Versions Lychee versions prior to 7.5.1 Description Lychee is a free, open-source photo-management tool. A flaw exists in the IP validation check within the patch for an SSRF issue related to Photo::fromUrl. This incomplete check fails to block loopbac...

5.3CVSS5.9AI score0.0026EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/20 12:39 a.m.4 views

EUVD-2026-13424

Kargo manages and automates the promotion of software artifacts. In versions 1.4.0 through 1.6.3, 1.7.0-rc.1 through 1.7.8, 1.8.0-rc.1 through 1.8.11, and 1.9.0-rc.1 through 1.9.4, the http and http-download promotion steps allow Server-Side Request Forgery SSRF against link-local addresses, most...

5.1CVSS5.8AI score0.00328EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/16 8:47 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via httprequester.go and httpdownloader.go‎. An attacker can access internal network resources and exfiltrate sensitive data by crafting malicious promotion templates or Promotion resources that trigger...

5.1CVSS5.8AI score0.00328EPSS
Exploits0References2
OSV
OSV
added 2026/03/16 8:47 p.m.8 views

GHSA-J94X-8WCP-X7HM Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration

Summary Kargo's built-in http and http-download promotion steps execute outbound HTTP requests from the Kargo controller. By design, these steps do not restrict destination addresses, as there are legitimate use cases for requests to internal and private endpoints. However, this also permits...

5.1CVSS6AI score0.00328EPSS
Exploits0References4
Hacker One
Hacker One
added 2025/12/01 1:23 a.m.12 views

Basecamp: Link unfurling calls out to arbitrary URLs and the private-network guard misses link-local addresses

A vulnerability was discovered in the application that allowed authenticated users to supply a URL that the server would fetch for OpenGraph data. The "private network" guard only blocked certain IP ranges, but ignored link-local addresses, enabling server-side requests to be made to those hosts...

6.7AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-27077

Malware in sbrugna...

5.4CVSS5.6AI score0.00496EPSS
Exploits0References2
Rows per page
Query Builder