CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

RedhatCVE•added 2026/01/09 8:34 a.m.•5 views

CVE-2024-34694

LNbits is a Lightning wallet and accounts system. Paying invoices in Eclair that do not get settled within the internal timeout about 30s lead to a payment being considered failed, even though it may still be in flight. This vulnerability can lead to a total loss of funds for the node backend. Th...

8.1CVSS6.5AI score0.00069EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-10023

Malicious code in bioql PyPI...

9.3CVSS6.3AI score0.00087EPSS

Exploits2References3

RedhatCVE•added 2025/04/08 8:46 p.m.•11 views

CVE-2025-32013

LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery SSRF vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request ...

9.3CVSS7.5AI score0.00087EPSS

Exploits2References1

Snyk•added 2025/04/07 4:54 p.m.•1 views

Server-side Request Forgery (SSRF)

Overview lnbits is a LNbits, free and open-source Lightning wallet and accounts system. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the LNURL authentication callback process. An attacker can make the application send HTTP requests to arbitrary...

9.3CVSS7AI score0.00087EPSS

Exploits2References2

OSV•added 2025/04/07 4:54 p.m.•7 views

GHSA-QP8J-P87F-C8CC LNbits Lightning Network Payment System Vulnerable to Server-Side Request Forgery via LNURL Authentication Callback

Server-Side Request Forgery via LNURL Authentication Callback in LNbits Lightning Network Payment System Disclaimer This vulnerability was detected using XBOW, a system that autonomously finds and exploits potential security vulnerabilities. The finding has been thoroughly reviewed and validated ...

9.3CVSS7AI score0.00087EPSS

Exploits2References4

Github Security Blog•added 2025/04/07 4:54 p.m.•23 views

LNbits Lightning Network Payment System Vulnerable to Server-Side Request Forgery via LNURL Authentication Callback

9.3CVSS7AI score0.00087EPSS

Exploits2References4Affected Software1

NVD•added 2025/04/06 8:15 p.m.•14 views

CVE-2025-32013

9.3CVSS0.00087EPSS

Exploits2References1

PyPA•added 2025/04/06 8:15 p.m.•5 views

PYSEC-2025-16

9.3CVSS7.2AI score0.00087EPSS

Exploits2References1Affected Software1

OSV•added 2025/04/06 8:15 p.m.•4 views

PYSEC-2025-16

7.5CVSS7.6AI score0.00087EPSS

Exploits2References1

Cvelist•added 2025/04/06 8:7 p.m.•9 views

CVE-2025-32013 Server-Side Request Forgery via LNURL Authentication Callback in LNbits Lightning Network Payment System

9.3CVSS0.00087EPSS

Exploits2References1

OSV•added 2025/04/06 8:7 p.m.•6 views

CVE-2025-32013 Server-Side Request Forgery via LNURL Authentication Callback in LNbits Lightning Network Payment System

9.3CVSS6.8AI score0.00087EPSS

Exploits2References3

Vulnrichment•added 2025/04/06 8:7 p.m.•7 views

CVE-2025-32013 Server-Side Request Forgery via LNURL Authentication Callback in LNbits Lightning Network Payment System

9.3CVSS7.2AI score0.00087EPSS

Exploits2References1

CVE•added 2025/04/06 8:7 p.m.•61 views

CVE-2025-32013

CVE-2025-32013 affects LNbits LNURL authentication handling. The SSRF occurs when the server processes a callback URL: it issues an HTTP request to the provided URL with redirects enabled via httpx and does not adequately validate the callback, enabling an attacker to target internal network addr...

9.3CVSS6.8AI score0.00087EPSS

Exploits2References1Affected Software1

Positive Technologies•added 2025/04/06 12:0 a.m.•2 views

PT-2025-15123 · Lnbits +1 · Lnbits +1

Name of the Vulnerable Software and Affected Versions: LNbits affected versions not specified Description: A Server-Side Request Forgery SSRF issue has been found in LNbits' LNURL authentication handling functionality. This occurs because the application does not properly validate the callback UR...

9.3CVSS6.2AI score0.00087EPSS

Exploits2References17

CNNVD•added 2025/04/06 12:0 a.m.•2 views

LNbits 代码问题漏洞

LNbits is a Python server open-sourced by LNbits. A code issue vulnerability exists in LNbits that stems from a server-side request forgery in the LNURL authentication handling function that could lead to access to internal resources...

9.3CVSS6.8AI score0.00087EPSS

Exploits2References2

OSV•added 2024/06/17 9:24 p.m.•16 views

GHSA-3J4H-H3FP-VWWW LNbits improperly handles potential network and payment failures when using Eclair backend

Summary Paying invoices in Eclair that do not get settled within the internal timeout about 30s lead to a payment being considered failed, even though it may still be in flight. Details Using blocking: true on the API call will lead to a timeout error if a payment does not get settled in the 30s...

8.1CVSS7.9AI score0.00069EPSS

Exploits0References3

Github Security Blog•added 2024/06/17 9:24 p.m.•31 views

LNbits improperly handles potential network and payment failures when using Eclair backend

8.1CVSS6.7AI score0.00069EPSS

Exploits0References3Affected Software1

Veracode•added 2024/06/17 5:52 a.m.•12 views

Improper Check For Unusual Or Exceptional Conditions

lnbits is vulnerable to Improper Check For Unusual Or Exceptional Conditions. The vulnerability is due to the blocking API call which leads to a timeout if a payment is not settled within 30 seconds...

8.1CVSS6.7AI score0.00069EPSS

Exploits0References2Affected Software1

NVD•added 2024/06/14 3:15 p.m.•9 views

CVE-2024-34694

8.1CVSS0.00069EPSS

Exploits0References1

OSV•added 2024/06/14 2:31 p.m.•2 views

CVE-2024-34694 LNbits improperly handles potential network and payment failures when using Eclair backend

8.1CVSS6.8AI score0.00069EPSS

Exploits0References3

Rows per page