Lucene search
K

215 matches found

Github Security Blog
Github Security Blog
added 2026/03/25 8:23 p.m.6 views

Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()

Summary The v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the SSRF protection introduced by the fix for CVE-2025-25194 GHSA-7723-35v7-qcxw,...

6.5CVSS5.9AI score0.00359EPSS
Exploits2References5Affected Software1
OSV
OSV
added 2026/03/25 8:23 p.m.5 views

GHSA-Q537-8FR5-CW35 Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()

Summary The v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the SSRF protection introduced by the fix for CVE-2025-25194 GHSA-7723-35v7-qcxw,...

6.5CVSS5.9AI score0.00359EPSS
Exploits2References5
SUSE CVE
SUSE CVE
added 2026/03/25 12:27 a.m.7 views

SUSE CVE-2026-27730

esm.sh is a no-build content delivery network CDN for web development. Versions up to and including 137 have an SSRF vulnerability CWE-918 in esm.sh's /https fetch route. The service tries to block localhost/internal targets, but the validation is based on hostname string checks and can be bypass...

8.6CVSS7.2AI score0.00339EPSS
Exploits1References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/25 12:0 a.m.7 views

Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()

The v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the SSRF protection introduced by the fix for CVE-2025-25194 GHSA-7723-35v7-qcxw, and reac...

6.5CVSS5.9AI score0.00359EPSS
Exploits2References6Affected Software1
Snyk
Snyk
added 2026/03/24 8:32 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the ClickNLoad feature. An attacker can gain unauthorized access to endpoints intended for localhost by...

9.8CVSS6.2AI score0.00422EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/24 6:56 p.m.14 views

CVE-2026-33511

pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the localcheck decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...

8.8CVSS6AI score0.00422EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/03/23 5:16 p.m.7 views

CVE-2026-33502

WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated server-side request forgery vulnerability in plugin/Live/test.php allows any remote user to make the AVideo server send HTTP requests to arbitrary URLs. This can be used to probe...

9.3CVSS0.00442EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/23 2:8 p.m.6 views

CVE-2026-33480

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the isSSRFSafeURL function in AVideo can be bypassed using IPv4-mapped IPv6 addresses ::ffff:x.x.x.x. The unauthenticated plugin/LiveLinks/proxy.php endpoint uses this function to validate URLs before fetching the...

8.6CVSS5.8AI score0.0032EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/03/19 10:16 p.m.4 views

CVE-2026-32041

OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes to remain accessible without authentication. Local processes or loopback-reachable SSRF paths can exploit this to access browser-control routes including...

7.8CVSS0.0011EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/11 3:33 p.m.6 views

Anytype Heart's gRPC API client challenge verification can be bypassed on localhost

Impact The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. Affected components: - Anytype Desktop all platforms ≤ v0.48.2 - Anytype-CLI headless deployments ≤ v0.1.9 Not affected: - Anytype mobile apps iOS...

4.4CVSS5.8AI score0.00107EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/11 12:24 a.m.14 views

Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access

Description: Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including private/internal IP ranges RFC 1918, localhost, or cloud metadata endpoints. This enables...

8.8CVSS5.8AI score0.023EPSS
Exploits1References3Affected Software2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.6 views

PT-2026-24836

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.0 Description SiYuan is a personal knowledge management system. The /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a...

9.9CVSS7.2AI score0.22162EPSS
Exploits70References137
OSV
OSV
added 2026/02/25 10:59 p.m.3 views

GHSA-MPHV-75CG-56WG LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader

Summary A redirect-based Server-Side Request Forgery SSRF bypass exists in RecursiveUrlLoader in @langchain/community. The loader validates the initial URL but allows the underlying fetch to follow redirects automatically, which permits a transition from a safe public URL to an internal or metada...

4.1CVSS5.7AI score0.00206EPSS
Exploits0References9
Veracode
Veracode
added 2026/02/21 5:7 a.m.9 views

Server-Side Request Forgery

Indico is vulnerable to Server-Side Request Forgery. The vulnerability is due to Indico making outgoing requests to user-provided URLs in various places, where users can access special targets such as localhost or cloud metadata endpoints, and attackers can exploit this to access sensitive data...

6.9CVSS5.7AI score0.00189EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/11 3:13 p.m.10 views

@langchain/community affected by SSRF Bypass in RecursiveUrlLoader via insufficient URL origin validation

Description The RecursiveUrlLoader class in @langchain/community is a web crawler that recursively follows links from a starting URL. Its preventOutside option enabled by default is intended to restrict crawling to the same site as the base URL. The implementation used String.startsWith to compar...

4.1CVSS5.5AI score0.00371EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/02/11 3:13 p.m.6 views

GHSA-GF3V-FWQG-4VH7 @langchain/community affected by SSRF Bypass in RecursiveUrlLoader via insufficient URL origin validation

Description The RecursiveUrlLoader class in @langchain/community is a web crawler that recursively follows links from a starting URL. Its preventOutside option enabled by default is intended to restrict crawling to the same site as the base URL. The implementation used String.startsWith to compar...

4.1CVSS5.5AI score0.00371EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/10 1:23 p.m.8 views

CVE-2026-25904

The Pydantic-AI MCP Run Python tool configures the Deno sandbox with an overly permissive configuration that allows the underlying Python code to access the localhost interface of the host to perform SSRF attacks. Note - the "mcp-run-python" project is archived and unlikely to receive a fix...

5.8CVSS5.6AI score0.00165EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/09 2:57 p.m.6 views

Server-side Request Forgery (SSRF)

Overview mcp-run-python is a Model Context Protocol server to run Python code in a sandbox. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to an overly permissive configuration of the Deno sandbox, which allows access to the localhost interface. An attack...

5.8CVSS5.7AI score0.00165EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/09 9:30 a.m.7 views

MCP Run Python Deno Sandbox Misconfiguration Allows SSRF Attacks via Localhost Access

Impact Server-Side Request Forgery SSRF: A security vulnerability exists in the mcp-run-python tool specifically within the Pydantic-AI integration due to an overly permissive Deno sandbox configuration. The tool configures the Deno runtime—which is intended to isolate the execution of untrusted...

5.8CVSS6AI score0.00165EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/09 9:30 a.m.3 views

GHSA-6FGP-M6Q4-J3Q5 MCP Run Python Deno Sandbox Misconfiguration Allows SSRF Attacks via Localhost Access

Impact Server-Side Request Forgery SSRF: A security vulnerability exists in the mcp-run-python tool specifically within the Pydantic-AI integration due to an overly permissive Deno sandbox configuration. The tool configures the Deno runtime—which is intended to isolate the execution of untrusted...

5.8CVSS6.2AI score0.00165EPSS
Exploits0References3
Rows per page
Query Builder