Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2026/04/08 8:16 p.m.2 views

CVE-2026-39862

Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code execution via crafted tophat:// or http://localhost:29070 URLs. The arguments query parameter flows unsanitized from URL parsing through to /bin/bash -c execution, allowing an attacker to execute...

8.8CVSS0.00347EPSS
Exploits0References2
OSV
OSVadded 2024/07/25 10:15 p.m.10 views

CVE-2024-3938

The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a...

6.1CVSS6.7AI score
Exploits0References1
SUSE CVE
SUSE CVEadded 2023/02/15 4:48 a.m.1 views

SUSE CVE-2017-7200

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...

5.8CVSS6.9AI score0.00377EPSS
Exploits0References3
NVD
NVDadded 2022/06/19 11:15 a.m.12 views

CVE-2022-23071

In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery SSRF, in the “Import Recipe” functionality. When an attacker enters the localhost URL, a low privileged attacker can access/read the internal file system to access sensitive information...

6.5CVSS0.00226EPSS
Exploits1References2
Prion
Prionadded 2022/06/19 11:15 a.m.10 views

Server side request forgery (ssrf)

In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery SSRF, in the “Import Recipe” functionality. When an attacker enters the localhost URL, a low privileged attacker can access/read the internal file system to access sensitive information...

4CVSS6.3AI score0.00226EPSS
Exploits1References2Affected Software1
Veracode
Veracodeadded 2022/01/31 9:39 p.m.15 views

Server-Side Request Forgery (SSRF)

calibreweb is vulnerable to server-side request forgery. The vulnerability exists in deleteuser function of admin.py due to lack of validation which allows an attacker to fetch localhost URL and upload a book cover...

9.8CVSS3.2AI score0.00245EPSS
Exploits1References5Affected Software1
OSV
OSVadded 2019/09/19 5:15 p.m.15 views

CVE-2019-15032

Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal server informatio...

5.3CVSS6.5AI score0.00438EPSS
Exploits1References3
OSV
OSVadded 2017/03/21 6:59 a.m.0 views

UBUNTU-CVE-2017-7200

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...

5.8CVSS6.4AI score0.00377EPSS
Exploits0References3
Rows per page
Query Builder