Lucene search
K

1659 matches found

Cvelist
Cvelist
added 2026/06/24 5:33 a.m.37 views

CVE-2026-9619 Reviews and Rating <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via sync_reviews AJAX Action

The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00307EPSS
Exploits0References6
CVE
CVE
added 2026/06/24 5:33 a.m.13 views

CVE-2026-9619

CVE-2026-9619 affects the Reviews and Rating – Docplanner WordPress plugin, vulnerable in all versions up to 1.1.4 due to insufficient authorization checks for an action (sync_reviews AJAX). This allows authenticated users with subscriber-level access and above to trigger outbound scraping, write...

4.3CVSS5.7AI score0.00307EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52114

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 2.1 Description An authenticated user can craft outbound requests that reach loopback-bound services inside the container. This occurs because the outbound HTTP host filter applied by WebClientUtils used by the REST...

9.1CVSS5.8AI score0.0022EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52069

Name of the Vulnerable Software and Affected Versions Ghost versions 6.0.9 through 6.21.0 Description Ghost is a Node.js content management system. A flaw in the private-IP check for outbound HTTP requests allows a bypass via DNS rebinding. DNS rebinding is a technique that tricks a browser or...

4CVSS5.8AI score0.0014EPSS
Exploits0References5
NVD
NVD
added 2026/06/23 9:16 p.m.7 views

CVE-2026-46548

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the request-filtering-agent SSRF protection was non-functional in the four notification webhook plugins Slack, Discord, Mattermost, Teams because httpAgent / httpsAgent were passed as part of the request body rather th...

4.3CVSS0.00176EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 5:43 p.m.51 views

CVE-2026-54157

CVE-2026-54157 describes an unauthenticated SSRF in LobeHub’s web API proxy. Prior to version 2.1.57, POST /webapi/proxy accepts a URL in the body and fetches it server-side without authentication, enabling arbitrary outbound requests, leakage of internal deployment details, and reflection of Set...

9CVSS6.1AI score0.0178EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 3:48 p.m.46 views

CVE-2026-54304 n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download...

7.1CVSS0.00353EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/23 1:26 p.m.9 views

CVE-2026-47139

A flaw was found in vm2, a Node.js sandbox. This vulnerability allows sandboxed code to bypass network restrictions by utilizing internal HTTP built-ins, such as httpclient and httpserver. An attacker can exploit this to make outbound HTTP requests or open listening HTTP sockets, even when public...

8.6CVSS5.8AI score0.00282EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/22 11:39 p.m.10 views

@budibase/backend-core has potential SSRF DNS rebinding bypass in outbound fetch validation

Summary Authenticated users with automation permissions can bypass Budibase's SSRF blacklist through DNS rebinding. The outbound fetch flow validates a hostname against the blacklist before the request is sent, but the actual socket connection later performs a separate DNS lookup through...

8.5CVSS5.9AI score0.00202EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 8:0 p.m.21 views

CVE-2026-55599 phpseclib: X.509 certificate validation sends attacker-controlled outbound requests (server-side request forgery) via Authority Information Access

phpseclib is a PHP secure communications library. From 0.1.1 until 1.0.30, 2.0.55, and 3.0.54, when an application validates an untrusted X.509 certificate with phpseclib, X509::validateSignature reads a URL out of that certificate's Authority Information Access AIA extension and connects to it...

5.8CVSS0.00133EPSS
Exploits1References1
OSV
OSV
added 2026/06/22 8:0 p.m.2 views

CVE-2026-55599 phpseclib: X.509 certificate validation sends attacker-controlled outbound requests (server-side request forgery) via Authority Information Access

phpseclib is a PHP secure communications library. From 0.1.1 until 1.0.30, 2.0.55, and 3.0.54, when an application validates an untrusted X.509 certificate with phpseclib, X509::validateSignature reads a URL out of that certificate's Authority Information Access AIA extension and connects to it...

5.8CVSS6AI score0.00133EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/20 3:24 p.m.29 views

CVE-2026-56227 Capgo - Server-Side Request Forgery via Webhook URL Validation

Capgo before 12.128.2 contains a server-side request forgery vulnerability in webhook URL validation that allows loopback and internal addresses. Organization admins can configure webhooks pointing to localhost or 127.0.0.1, and when triggered, the backend performs outbound requests to these...

5.4CVSS0.00156EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 3:24 p.m.39 views

CVE-2026-56227

Capgo before 12.128.2 is affected by a server-side request forgery (SSRF) in webhook URL validation. The flaw permits configuring webhooks to loopback or internal addresses (e.g., localhost/127.0.0.1). When triggered, the backend makes outbound requests to those addresses, and error responses are...

5.4CVSS5.8AI score0.00156EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 10:10 p.m.6 views

Server-side Request Forgery (SSRF)

Overview zeep is an A Python SOAP client Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the process of parsing WSDL or XSD documents, where transitive references such as xsd:import, xsd:include, wsdl:import, and lxml entity/DTD resolution are followed. An...

8.2CVSS6.1AI score0.00252EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 8:16 p.m.15 views

CVE-2026-49345

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery SSRF vulnerability exists in Mercator's CVE configuration panel /admin/config/parameters. The testProvider method in ConfigurationController passes...

5.3CVSS0.0054EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 7:23 p.m.18 views

CVE-2026-49345

CVE-2026-49345 affects Mercator before 2025.05.19. The SSRF flaw resides in the CVE configuration panel (/admin/config/parameters) where ConfigurationController.testProvider() passes user input directly to curl_init() without validating scheme/host/IP. An authenticated user with configure permiss...

5.3CVSS6.1AI score0.0054EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 7:23 p.m.24 views

CVE-2026-49345 Mercator CVE Configuration Vulnerable to Server-Side Request Forgery (SSRF)

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery SSRF vulnerability exists in Mercator's CVE configuration panel /admin/config/parameters. The testProvider method in ConfigurationController passes...

5.3CVSS0.0054EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 6:48 a.m.14 views

MAL-2026-6196 Malicious code in build-tracker-n5p1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e731775fde27ad6db493d20397b27eee9b4a6ea0bf515f9516cc974ea3e12619 Package name suggests build telemetry tooling, but the tarball ships beacon scripts beacon18.js, beaconlinux.js wired to a postinstall lifecycle hook...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 6:48 a.m.16 views

Malicious code in build-tracker-n5p1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e731775fde27ad6db493d20397b27eee9b4a6ea0bf515f9516cc974ea3e12619 Package name suggests build telemetry tooling, but the tarball ships beacon scripts beacon18.js, beaconlinux.js wired to a postinstall lifecycle hook...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 4:30 a.m.8 views

Malicious code in ts-linter-builders (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a22153f1e71ba9fb51ce22d5fc57180ce4d8998995fbc4bd554d6dd532c195b6 index.js imports childprocess and contains a hardcoded outbound POST to https://tg-wallet-manager.vercel.app, with additional fetch calls to the same...

6.2AI score
Exploits0References2
Rows per page
Query Builder