Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 6 days ago5 views

CVE-2026-46372

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern exposes /api/search/searxng, which accepts attacker-controlled baseUrl and uses it...

8.5CVSS0.02589EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/20 6:38 p.m.7 views

Malicious code in @aledan007/tester (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab03e3eef2f59f358cdaacedf2d9facb12077110c5402ad36aad6e3581e66439 The bundled server file dist/server/index.js contains a hardcoded reference to the attacker-controlled domain https://evil.attacker-example.com...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/19 12:0 a.m.6 views

PT-2026-42040

Summary The HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site creation request to the createSite endpoint. A single request is sufficient to take the entire application offline, requiring a manual server restart to restore service. Details The...

6.5CVSS5.8AI score
Exploits0References3
Snyk
Snykadded 2026/03/29 3:48 p.m.2 views

Server-side Request Forgery (SSRF)

Overview @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch process in multiple channel extensions when outbound requests are made to configured base URLs without proper validatio...

8.8CVSS5.9AI score0.00046EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/03/12 12:0 a.m.0 views

PT-2026-25082

Name of the Vulnerable Software and Affected Versions Centrifugo versions prior to 6.7.0 Description Centrifugo is susceptible to a Server-Side Request Forgery SSRF condition when configured with a dynamic JWKS endpoint URL that utilizes template variables, such as tenant. An unauthenticated...

9.3CVSS6AI score0.00109EPSS
Exploits1References14
CVE
CVEadded 2026/03/11 7:53 p.m.7 views

CVE-2026-32096

Plunk (open-source email platform built on AWS SES) contains a Server-Side Request Forgery (SSRF) in the SNS webhook handler prior to version 0.7.0. An unauthenticated attacker could craft a request that forced the server to perform an outbound HTTP GET to any host reachable from the server. The ...

9.3CVSS5.9AI score0.00105EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessusadded 2025/08/25 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2017-6819

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress before 4.7.3, there is cross-site request forgery CSRF in Press This wp- admin/includes/class-wp-press-this.php, leading to excessive use of server...

6.5CVSS6.2AI score0.13419EPSS
Exploits1References2
Rows per page
Query Builder