Lucene search
+L

147 matches found

nvd
nvd
added yesterday6 views

CVE-2026-61835

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 12.0.0, the SSRF protection on Directus's file-import-from-URL feature can be bypassed using the address 0.0.0.0 because api/src/request/is-denied-ip.ts treats 0.0.0.0 as a keyword for local interfaces but...

7.7CVSS
Exploits0References4
cvelist
cvelist
added 2 days ago32 views

CVE-2026-61520 Simple Machines Forum SSRF via image proxy

Simple Machines Forum 2.1 prior to commit 4bf35cf and 3.0 prior to commit b4d23df contains a server-side request forgery vulnerability in the image proxy that allows authenticated attackers to trigger internal HTTP requests by embedding attacker-controlled URLs in BBCode image tags, which the pro...

7.7CVSS0.00251EPSS
Exploits0References3
osv
osv
added last week3 views

CVE-2026-58122 Hermes WebUI < 0.51.307 Authentication Bypass via X-Forwarded-For Header Spoofing

Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by supplying a spoofed X-Forwarded-For header with a loopback address. Attackers can exploit this bypass to...

9.3CVSS6.1AI score0.00293EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.13 views

PT-2026-52113

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 2.1 Description The bundled Caddy reverse-proxy admin API is bound to 0.0.0.0:2019 inside the container and lacks authentication by default. Although the listener is not published to the host, it remains accessible t...

9.9CVSS5.8AI score0.00328EPSS
Exploits1References5
github
github
added 2026/06/12 8:7 p.m.13 views

TYPO3 CMS has an Open Redirect Vulnerability via Core Utilities

Problem Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attack...

5.3CVSS5.2AI score0.00294EPSS
Exploits0References7Affected Software1
nvd
nvd
added 2026/06/11 8:16 p.m.18 views

CVE-2026-53782

Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying...

7.4CVSS0.00265EPSS
Exploits0References4
euvd
euvd
added 2026/06/11 7:17 p.m.12 views

EUVD-2026-36308

Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying...

7.4CVSS5.5AI score0.00265EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/06/05 7:34 p.m.12 views

CVE-2026-1681

Issuing an ICMP ping via the net ping shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are...

6.1CVSS5.5AI score0.00144EPSS
Exploits1References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: use rcu-safe version of ipv6getlladdr Some time ago, 8965779d2c0e "ipv6,mcast: always hold idev-lock before mcalock" switched ipv6getlladdr to ipv6getlladdr, which is a rcu-unsafe version. This was acceptable, as...

5.5CVSS6AI score0.00172EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: In mptcp, only the ‘subflow’ endpoint is marked as available. The following warning has been added: WARNONONCEmsk-pm.localaddrused == 0 Adding this warning before decrementing the localaddrused counter helped to identify a bug wh...

5.5CVSS6.4AI score0.0022EPSS
Exploits0References2
github
github
added 2026/05/15 5:47 p.m.16 views

Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation

Vulnerability Details CWE-918: Server-Side Request Forgery SSRF The processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetchfileUrl directly without the IP blacklist validation that is consistently applied to all other automation steps. This allows an authenticate...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2026/05/14 9:16 p.m.21 views

CVE-2026-44430

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verification POST /v0/auth/http, POST /v0.1/auth/http uses safeDialContext internal/api/handlers/v0/auth/http.go:67-110 to refuse dialling...

6.3CVSS0.00285EPSS
Exploits1References1
cvelist
cvelist
added 2026/05/14 9:2 p.m.43 views

CVE-2026-44430 MCP Registry: Unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verification POST /v0/auth/http, POST /v0.1/auth/http uses safeDialContext internal/api/handlers/v0/auth/http.go:67-110 to refuse dialling...

6.3CVSS0.00285EPSS
Exploits1References1
euvd
euvd
added 2026/05/12 5:39 a.m.11 views

EUVD-2026-29387

Issuing an ICMP ping via the net ping shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are...

6.1CVSS5.9AI score0.00144EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/05/12 5:39 a.m.14 views

CVE-2026-1681

Issuing an ICMP ping via the net ping shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are...

6.1CVSS5.9AI score0.00144EPSS
Exploits1References2
cvelist
cvelist
added 2026/05/12 5:39 a.m.43 views

CVE-2026-1681 net: Stack Overflow with Ping (to own IP Address) via Shell

Issuing an ICMP ping via the net ping shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are...

6.1CVSS0.00144EPSS
Exploits1References1
cve
cve
added 2026/05/12 5:39 a.m.37 views

CVE-2026-1681

CVE-2026-1681 concerns Zephyr RTOS network stack behavior when issuing an ICMP ping via the net ping command to the device’s own IPv4 address. The description states that the destination is treated as local, causing the echo request and echo reply to be processed inline within the same frame, whi...

6.1CVSS5.9AI score0.00144EPSS
Exploits1References1Affected Software1
cnnvd
cnnvd
added 2026/05/07 12:0 a.m.10 views

Istio 代码问题漏洞

Istio is an open-source platform that connects, manages, and protects microservices. Versions of Istio prior to 1.28.6 and 1.29.2 have code vulnerabilities. These vulnerabilities arise when creating a RequestAuthentication resource that points to an internal service’s jwksUri, and Istio does not...

7.7CVSS5.9AI score0.00329EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/06 12:0 a.m.20 views

PT-2026-38308

Name of the Vulnerable Software and Affected Versions MISP Modules versions prior to 3.0.7 Description Unsafe remote resource fetching exists in expansion modules. The html to markdown module accepts arbitrary HTTPS URLs without sufficient validation, enabling Server-Side Request Forgery SSRF—a...

5.8CVSS6AI score0.00102EPSS
Exploits0References12
redhatcve
redhatcve
added 2026/05/05 10:53 a.m.13 views

CVE-2026-42043

A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses within the 127.0.0.0/8 range, excluding 127.0.0.1, the attacker can completely bypass the...

10CVSS5.7AI score0.00661EPSS
Exploits1References4
Rows per page
Query Builder