Lucene search
K

216 matches found

NVD
NVD
added 2026/07/03 11:16 a.m.8 views

CVE-2026-10055

In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs the HTTP request server-side, and returns the full response body to the caller. Because the...

8.5CVSS0.00297EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.12 views

PT-2026-55524

Name of the Vulnerable Software and Affected Versions Eclipse Theia versions 1.26.0 and later Description The backend /services/request-service RPC accepts a URL controlled by an attacker from any client connected to the standard /services messaging endpoint. The server performs the HTTP request...

8.5CVSS6.1AI score0.00297EPSS
Exploits0References7
OSV
OSV
added 2026/06/26 7:48 p.m.5 views

GHSA-VGRC-HQ28-P3XP Hysteria has an authenticated UDP ACL bypass that enables localhost and private-network UDP SSRF

Summary Hysteria's UDP relay treats the destination address as packet-scoped, but ACL and outbound policy are applied only once when a new UDP session is created. After an authenticated client opens a UDP session using an allowed first destination, later packets in the same Session ID can be sent...

7.4CVSS5.9AI score
Exploits0References2
CVE
CVE
added 2026/06/26 6:57 p.m.20 views

CVE-2026-52783

OpenProject stores OneDrive/SharePoint userless OAuth access_token in plaintext in Rails.cache within the Storages module prior to versions 17.3.3 and 17.4.1. None of the allowed backends (file_store, memcache, redis) encrypts data at rest. An attacker with read access to the cache can retrieve t...

8.2CVSS5.6AI score0.00129EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 4:9 p.m.3 views

Security Bulletin: SSRF via HTTP Redirect Following in Langflow API Request Component

Summary Langflow OSS contains SSRF vulnerability in API Request component allowing authenticated flow authors to read localhost/private HTTP services via redirect following. APIRequestComponent.makeapirequest validates only initial URL with validateandresolveurl and pins DNS for initial hostname,...

8.5CVSS5.9AI score0.00185EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/20 6:27 p.m.19 views

CVE-2026-56342 AVideo - Server-Side Request Forgery in Live/test.php via statsURL Parameter

AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenticated administrators to read arbitrary URLs via the statsURL parameter, which lacks isSSRFSafeURL validation and accepts requests to private IP ranges and cloud metadata...

6.8CVSS0.00236EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 3:24 p.m.29 views

CVE-2026-56227 Capgo - Server-Side Request Forgery via Webhook URL Validation

Capgo before 12.128.2 contains a server-side request forgery vulnerability in webhook URL validation that allows loopback and internal addresses. Organization admins can configure webhooks pointing to localhost or 127.0.0.1, and when triggered, the backend performs outbound requests to these...

5.4CVSS0.00156EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.16 views

CVE-2026-37552

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server Server.php:87 receives data from a TCP socket, passes it directly to Opis\Closure\unserialize, then executes the result via calluserfunc. No authentication or signature verification exists on the...

8.4CVSS5.9AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.11 views

CVE-2026-40516

OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the webfetch and websearch tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an...

8.3CVSS5.5AI score0.0018EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/04 5:20 p.m.33 views

CVE-2026-25551 Seagull Software BarTender Deserialization Privilege Escalation via .NET Remoting Service

Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack...

8.5CVSS0.0013EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/28 5:45 p.m.10 views

CVE-2026-45021 Kuma: Default kuma-cp leaks admin token cross-origin via CORS wildcard + LocalhostIsAdmin

Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin bootstrap token and signing keys to any webpage the operator visits while the control plane is...

5.1CVSS5.8AI score0.00204EPSS
Exploits0References8
NVD
NVD
added 2026/05/25 3:16 p.m.27 views

CVE-2026-47076

Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackneyurl:normalize/2 URL-decodes the host component after the URL has been parsed into a hackneyurl record. OTP's uristring:parse/1 and inet:parseaddress/1 do not decode percent-escapes in the host, so ...

6.9CVSS0.00201EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/25 2:0 p.m.12 views

CVE-2026-47076 SSRF allowlist bypass via percent-encoded host in hackney

Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackneyurl:normalize/2 URL-decodes the host component after the URL has been parsed into a hackneyurl record. OTP's uristring:parse/1 and inet:parseaddress/1 do not decode percent-escapes in the host, so ...

6.9CVSS5.8AI score0.00201EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/25 2:0 p.m.37 views

CVE-2026-47076 SSRF allowlist bypass via percent-encoded host in hackney

Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackneyurl:normalize/2 URL-decodes the host component after the URL has been parsed into a hackneyurl record. OTP's uristring:parse/1 and inet:parseaddress/1 do not decode percent-escapes in the host, so ...

6.9CVSS0.00201EPSS
Exploits1References4
CVE
CVE
added 2026/05/25 2:0 p.m.136 views

CVE-2026-47076

CVE-2026-47076 affects the hackney HTTP client (from 0.13.0 up to, but not including, 4.0.1). The issue1 arises because hackney_url:normalize/2 decodes the host after parsing, while OTP’s uri_string:parse/1 and inet:parse_address/1 do not decode percent-escapes, allowing a crafted URL such as htt...

6.9CVSS5.8AI score0.00201EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/25 2:0 p.m.11 views

EEF-CVE-2026-47076 SSRF allowlist bypass via percent-encoded host in hackney

Summary Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackney\url:normalize/2 URL-decodes the host component after the URL has been parsed into a hackney\url record. OTP's uri\string:parse/1 and inet:parse\address/1 do not decode percent-escapes in t...

6.9CVSS6.1AI score0.00201EPSS
Exploits1References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in etcd

A DNS rebinding vulnerability has been discovered in etcd 3.3.1 and earlier versions. An attacker can manipulate their DNS records to direct requests to localhost, thereby tricking the browser into sending requests to localhost or any other address...

5.5CVSS6.3AI score0.00512EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/12 8:49 p.m.10 views

CVE-2026-44015 Nginx UI: Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware Allows Access to Internal Services

Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwar...

8.5CVSS5.9AI score0.00318EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/12 8:49 p.m.37 views

CVE-2026-44015 Nginx UI: Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware Allows Access to Internal Services

Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwar...

8.5CVSS0.00318EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/08 10:21 p.m.10 views

CVE-2026-42339 New API: SSRF Filter Bypass via 0.0.0.0

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. In versions 0.11.9-alpha.1 and prior, the SSRF protection introduced in v0.9.0.5 CVE-2025-59146 and hardened in v0.9.6 CVE-2025-62155 does not block the unspecified address 0.0.0.0. A regular...

7.1CVSS5.8AI score0.00258EPSS
Exploits1References1
Rows per page
Query Builder