Lucene search
K

17 matches found

Cvelist
Cvelist
added 2026/06/26 4:4 p.m.34 views

CVE-2026-56663 AutoGPT: SSRF-to-RCE Chain in `SendWebRequestBlock` via IP validation bypass and internal `pg-meta` access

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an authenticated user can bypass the SSRF / private-IP protections in SendWebRequestBlock and reach internal network services. isipblocked in...

8.5CVSS0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 7:56 p.m.7 views

CVE-2026-50127 Weblate SSRF: outbound URL guard misses the NAT64 well-known prefix (64:ff9b::/96)

Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCSRESTRICTPRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions...

5.9CVSS5.3AI score0.00291EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.10 views

CVE-2026-46561

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the PREREQFUNCTION-based private IP check was not applied to HTTPRequest used by the parseurls API. An authenticated attacker can supply a URL pointing to an attacker-controlled server that responds with...

5CVSS5.5AI score0.00176EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 5:11 p.m.8 views

CVE-2026-46561 pyLoad: SSRF via HTTP Redirect Bypass in parse_urls API

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the PREREQFUNCTION-based private IP check was not applied to HTTPRequest used by the parseurls API. An authenticated attacker can supply a URL pointing to an attacker-controlled server that responds with...

5CVSS5.8AI score0.00176EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/16 5:32 a.m.26 views

Server-Side Request Forgery

github.com/quantumnous/new-api, is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to incomplete SSRF protection that fails to block the unspecified address 0.0.0.0, allowing authenticated users to bypass private-IP filtering and force the server to make requests to...

7.1CVSS5.8AI score0.00258EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/05 7:19 p.m.13 views

CVE-2026-33975 twenty-server SSRF protection bypass via IPv4-mapped IPv6 address normalization

Twenty is an open source CRM built with NestJS Node.js. In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 addresses in URL IP literals. Node.js's URL parser normalizes IPv4-mapped IPv6 addresses to compressed hex...

8.3CVSS5.8AI score0.0024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/11 1:21 a.m.10 views

CVE-2026-39362

InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, when INVENTREEDOWNLOADFROMURL is enabled opt-in, authenticated users can supply remoteimage URLs that are fetched server-side via requests.get with only Django's URLValidator check. There is no validation against...

7.1CVSS5.8AI score0.00233EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 8:16 p.m.4 views

CVE-2026-39362

InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, when INVENTREEDOWNLOADFROMURL is enabled opt-in, authenticated users can supply remoteimage URLs that are fetched server-side via requests.get with only Django's URLValidator check. There is no validation against...

7.1CVSS0.00233EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 7:32 p.m.31 views

CVE-2026-39362

CVE-2026-39362 affects InvenTree (Open Source Inventory Management System). Before versions 1.2.7 and 1.3.0, when INVENTREE_DOWNLOAD_FROM_URL is enabled, authenticated users can supply remote_image URLs that are fetched server-side via requests.get() with only Django’s URLValidator check. There i...

7.1CVSS5.9AI score0.00233EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/27 7:23 p.m.2 views

EUVD-2026-16765

LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery SSRF attack when using agent actions or MCP. Although a previous SSRF vulnerability...

7.7CVSS5.9AI score0.00249EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.10 views

Twenty CRM 代码问题漏洞

Twenty CRM is an open-source customer relationship management system developed by Twenty. Versions of Twenty CRM prior to version 1.18 contained code vulnerabilities. These vulnerabilities stemmed from an SSRF protection mechanism that did not validate redirect targets, allowing authenticated use...

5CVSS5.9AI score0.00199EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/21 12:0 a.m.7 views

PT-2026-21371

Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...

7.7CVSS5.6AI score0.00307EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/12/11 5:3 a.m.9 views

CVE-2025-65512

A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...

7.5CVSS6.9AI score0.00459EPSS
Exploits1References1
OSV
OSV
added 2025/12/10 9:16 p.m.5 views

CVE-2025-65512

A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...

7.5CVSS5.8AI score0.00459EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/12/10 12:30 a.m.10 views

Fetch MCP Server has a Server-Side Request Forgery (SSRF) vulnerability

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...

7.5CVSS7AI score0.00388EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2025/12/10 12:0 a.m.21 views

CVE-2025-65512

Markdownify MCP Server vulnerability CVE-2025-65512 affects markdownify-mcp v0.0.2 and earlier. The flaw is a Server-Side Request Forgery (SSRF) in the webpage-to-markdown conversion feature that can bypass private IP restrictions via hostname-based bypass and HTTP redirect chains, enabling acces...

7.5CVSS6.6AI score0.00459EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/09 12:0 a.m.1 views

CVE-2025-65513

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...

6.5AI score0.00388EPSS
Exploits1References2
Rows per page
Query Builder