Lucene search
K

5 matches found

CVE
CVE
added yesterday7 views

CVE-2026-57573

CVE-2026-57573 affects Crawl4AI: unauthenticated SSRF via the Docker stream endpoint. Before 0.9.0, SSRF checks were only on the non‑streaming /crawl path; handle_stream_crawl_request forwarded seed URLs with no destination validation. This allowed a remote, unauthenticated client to POST to /cra...

8.6CVSS6AI score
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/12 12:0 a.m.5 views

Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2026:0183-1 Rating: important References: 1266329 1266331 1266332 1266333 1266334 1266335 1266336 1266337 Cross-References: CVE-2026-48842 CVE-2026-48843 CVE-2026-48844 CVE-2026-48845 CVE-2026-48846...

8.1CVSS5.9AI score0.00764EPSS
Exploits1References8
CVE
CVE
added 2026/05/28 12:16 p.m.24 views

CVE-2026-9818

CVE-2026-9818 is rejected/not used; this entry does not represent an active vulnerability.

5.8AI score
Exploits0
OSV
OSV
added 2026/04/30 5:28 p.m.10 views

GHSA-CWCX-382V-8M9G Weblate Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url

Impact An authenticated user with project.add permission default on hosted Weblate SaaS and for any user holding an active billing/trial plan can import a crafted project backup ZIP whose components/.json contains an attacker-chosen repo URL pointing at a private address e.g. http://127.0.0.1:999...

5.3CVSS5.8AI score0.00371EPSS
Exploits0References8
Snyk
Snyk
added 2026/02/17 6:53 p.m.2 views

Server-side Request Forgery (SSRF)

Overview indico is a conference lifecycle management and meeting/lecture scheduling tool. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in isprivateurl in util/network.py. A user can access internal network resources or sensitive endpoints by supplying...

6.9CVSS5.5AI score0.00189EPSS
Exploits0References2
Rows per page
Query Builder