Lucene search
K

6 matches found

Nuclei
Nuclei
added yesterday42 views

Imgproxy < 3.27.2 - Server-Side Request Forgery (SSRF)

imgproxy contains an issue caused by not blocking the 0.0.0.0 address even when IMGPROXYALLOWLOOPBACKSOURCEADDRESSES is set to false, letting local services be exposed, exploit requires network access. id: CVE-2025-24354 info: name: Imgproxy 3.27.2 - Server-Side Request Forgery SSRF author:...

5.3CVSS7AI score0.00844EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-59707

LocalAI contains an unauthenticated server-side request forgery vulnerability in the POST /models/apply endpoint that allows attackers to fetch arbitrary internal URLs. The endpoint passes unsanitized gallery URL fields directly to gallery.GetGalleryConfigFromURLWithContext without proper...

9.2CVSS6.1AI score0.0036EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.13 views

PT-2026-50148

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.8.0 Description The Node.js compatibility TCP path fails to re-verify network permissions after hostname resolution. While the network permission model is intended to apply rules to the resolved IP address, affected...

6.5CVSS5.9AI score0.00111EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-47573

Impact Stigmem nodes with federation enabled could be configured to run without mTLS outside loopback-only local development. In affected deployments, federation traffic may traverse the network without the intended transport protection. Impacted users are operators who enabled federation and...

9.1CVSS5.4AI score
Exploits0References3
Anthropic
Anthropic
added 2026/03/30 11:19 p.m.58 views

ANT-2026-6DSMTXZ8 · mastodon · SSRF

ssrf high GHSA-crr4-7rm4-8gpw Severity Claude high · Security research firm high · Maintainer unknown Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Doyensec. ANT-2026-6DSMTXZ8: SSRF Bypass via IPv6 Unspecified...

5.9AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/13 8:7 p.m.9 views

CVE-2026-32617 AnythingLLM Permissable CORS policy

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, On default installations where no password or API key has been configured, all HTTP endpoints and the agent WebSocket lack authentication, and the...

7.1CVSS5.7AI score0.0041EPSS
Exploits1References1
Rows per page
Query Builder