Lucene search
K

16 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/09 7:33 p.m.6 views

CVE-2026-25492

Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveimagesAsset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...

5.3CVSS5.5AI score0.00419EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/09 7:33 p.m.4 views

CVE-2026-25492 Craft has a save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host

Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveimagesAsset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...

5.3CVSS5.5AI score0.00419EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-7008

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00703EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/03/22 12:27 p.m.7 views

CVE-2024-12376

A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...

7.5CVSS6.9AI score0.00703EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 12:32 p.m.2 views

GHSA-G44M-HPF4-VMRP FastChat Server-Side Request Forgery vulnerability

A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...

7.5CVSS7.1AI score0.00703EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.9 views

FastChat Server-Side Request Forgery vulnerability

A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...

7.5CVSS7.5AI score0.00703EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2025/03/20 10:15 a.m.7 views

CVE-2024-12068

A Server-Side Request Forgery SSRF vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. This vulnerability allows an attacker to make the server perform HTTP requests to arbitrary URLs, potentially accessing sensitive data that is only accessible from the server, such...

7.5CVSS0.00646EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.7 views

CVE-2024-12376

A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...

7.5CVSS0.00703EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.57 views

CVE-2024-12376

The CVE-2024-12376 entry describes a Server-Side Request Forgery (SSRF) in the lm-sys/fastchat web server, specifically affecting the git 2c68a13 revision. The vulnerability allows an attacker to access internal server resources and data not normally reachable, including AWS metadata credentials....

7.5CVSS7.5AI score0.00703EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.10 views

CVE-2024-12376 Server Side Request Forgery in lm-sys/fastchat

A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...

7.5CVSS0.00703EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:8 a.m.7 views

CVE-2024-12068 Server-Side Request Forgery in haotian-liu/llava

A Server-Side Request Forgery SSRF vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. This vulnerability allows an attacker to make the server perform HTTP requests to arbitrary URLs, potentially accessing sensitive data that is only accessible from the server, such...

7.5CVSS7.5AI score0.00646EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:17 a.m.4 views

CVE-2024-51408

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...

8.5CVSS5.9AI score0.00472EPSS
Exploits1References1
NVD
NVD
added 2024/11/04 2:15 p.m.17 views

CVE-2024-51408

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...

8.5CVSS0.00472EPSS
Exploits1References3
OSV
OSV
added 2024/11/04 2:15 p.m.9 views

CVE-2024-51408

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...

6.5CVSS6.8AI score0.00472EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/11/04 12:0 a.m.19 views

CVE-2024-51408

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials...

8.5CVSS0.00472EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/11/04 12:0 a.m.4 views

Appsmith 安全漏洞

Appsmith is an open source platform for building, deploying, and maintaining on-premise applications from Appsmith Open Source. A security vulnerability exists in Appsmith prior to version 1.46 that stems from the retrieval of AWS metadata credentials via cross-site request forgery...

8.5CVSS6.6AI score0.00472EPSS
Exploits1References3
Rows per page
Query Builder