Lucene search
K

11 matches found

NVD
NVD
added 5 days ago5 views

CVE-2026-33655

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/blo...

7.7CVSS0.00437EPSS
Exploits0References3
CVE
CVE
added 5 days ago17 views

CVE-2026-33655

The CVE-2026-33655 issue affects New API prior to version 0.12.0-alpha.1 where SSRF protection did not apply IP filtering to hostnames by default due to ApplyIPFilterForDomain being disabled. Authenticated users could configure notification URLs (Webhook, Bark, Gotify) that resolve to internal or...

7.7CVSS5.9AI score0.00437EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-33655

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/blo...

7.7CVSS5.9AI score0.00437EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added last week5 views

New API: SSRF Protection Bypass via Unresolved Hostname in Notification URLs

Summary The default SSRF protection configuration did not apply IP filtering to hostnames. With ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/block rules but did not resolve a hostname and validate the resolved IP address. Authenticated users could configure...

7.7CVSS6AI score0.00437EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.9 views

PT-2026-56211

Name of the Vulnerable Software and Affected Versions New API versions prior to 0.12.0-alpha.1 Description An issue exists where the default Server-Side Request Forgery SSRF protection configuration fails to apply IP filtering to hostnames. Because the ApplyIPFilterForDomain setting is disabled b...

7.7CVSS6AI score0.00437EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.8 views

CVE-2026-33399

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validatewebhookurlforssrf protection was added to the test notification endpoints but not to the...

8.8CVSS7.2AI score0.00497EPSS
Exploits3References1
Cvelist
Cvelist
added 2026/03/24 5:43 p.m.22 views

CVE-2026-33399 Wallos: SSRF Bypass - Incomplete Fix for CVE-2026-30839/30840

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validatewebhookurlforssrf protection was added to the test notification endpoints but not to the...

7.7CVSS0.00282EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2026/03/24 5:43 p.m.5 views

CVE-2026-33399 Wallos: SSRF Bypass - Incomplete Fix for CVE-2026-30839/30840

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validatewebhookurlforssrf protection was added to the test notification endpoints but not to the...

7.7CVSS7.2AI score0.00497EPSS
Exploits3References2
CVE
CVE
added 2026/03/24 5:43 p.m.14 views

CVE-2026-33399

CVE-2026-33399 / CVE-2026-33401 (Wallos): Open-source personal subscription tracker with SSRF flaws that were partially patched in version 4.7.0. The issues arise from incomplete SSRF mitigation: while 4.6.2 added protection to some notification endpoints, it did not cover all save/test paths, en...

7.7CVSS7.2AI score0.00497EPSS
Exploits3References2Affected Software1
CNNVD
CNNVD
added 2023/05/15 12:0 a.m.7 views

WordPress plugin Tablesome 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

6.1CVSS5.4AI score0.01067EPSS
Exploits3References4
CVE
CVE
added 2018/07/08 3:0 p.m.54 views

CVE-2018-13439

The CVE-2018-13439 entry affects WXPayUtil in the WeChat Pay Java SDK, where the WXPayUtil class is vulnerable to XML External Entity (XXE) attacks via a merchant notification URL. The connected documents confirm XXE exploitation risk and describe the underlying issue as improper XML processing t...

7.5CVSS7.5AI score0.01903EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder