Lucene search
K

28 matches found

OSV
OSV
added 2026/07/06 5:30 p.m.8 views

GHSA-794R-5RP2-FPG8 flyto-core has SSRF guard bypass via IPv6 transition addresses (IPv4-mapped / 6to4 / NAT64) in validate_url_ssrf

Summary flyto-core's SSRF protection validateurlssrf / isprivateip in src/core/utils.py blocks private and metadata destinations by resolving the host and testing the resulting IP for membership in a hardcoded PRIVATEIPRANGES list. That list contains only the native RFC 1918 / loopback / link-loc...

7.1CVSS6.1AI score
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Summarize 代码问题漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.17.0 contained code vulnerabilities. These vulnerabilities were caused by server-side request forgeing attacks. Attackers could exploit these vulnerabilities by providing maliciou...

7.4CVSS5.4AI score0.00265EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 6:17 p.m.19 views

CVE-2026-43929

ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address e.g. http://::ffff:127.0.0.1/. The WHATWG URL parser bui...

8.2CVSS0.00226EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 5:49 p.m.7 views

CVE-2026-43929 ssrfcheck: Server-Side Request Forgery (SSRF) and Incomplete List of Disallowed Inputs

ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address e.g. http://::ffff:127.0.0.1/. The WHATWG URL parser bui...

8.2CVSS5.8AI score0.00226EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 5:49 p.m.14 views

CVE-2026-43929

The provided sources describe a concrete SSRF vulnerability in ssrfcheck (CVE-2026-43929) where IPv4 private addresses encoded as IPv4-mapped IPv6 inside URLs bypass the library’s private-IP denial logic. In ssrfcheck v1.3.0 and earlier, the WHATWG URL parser normalizes IPv4-mapped inputs to hex ...

8.2CVSS5.8AI score0.00226EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.14 views

PT-2026-38308

Name of the Vulnerable Software and Affected Versions MISP Modules versions prior to 3.0.7 Description Unsafe remote resource fetching exists in expansion modules. The html to markdown module accepts arbitrary HTTPS URLs without sufficient validation, enabling Server-Side Request Forgery SSRF—a...

5.8CVSS6AI score0.00102EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/16 12:54 a.m.8 views

ProcessWire: server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature

ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...

5.9AI score0.00385EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/31 11:26 p.m.57 views

GHSA-PQHR-MP3F-HRPP Nuxt OG Image vulnerable to Server-Side Request Forgery via user-controlled parameters

Product: Nuxt OG Image Version: injection via html parameter GET /og/d/og.png?html= When verbose errors are enabled, the response content is leaked in base64-encoded error messages. Vector 3: SVG injection via html parameter GET /og/d/og.png?html= Mitigation Fixed in v6.2.5. The image source plug...

5.3CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 2026/03/31 9:28 p.m.12 views

EUVD-2026-17674

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, checkIpByMask in app/Misc/Helper.php checks whether the input IP contains a / character. Plain IP addresses never contain /, so the function always returns false without checking any CIDR...

6.9CVSS5.8AI score0.00277EPSS
Exploits1References3
CVE
CVE
added 2026/03/31 9:28 p.m.10 views

CVE-2026-34443

FreeScout (Laravel) contains a flaw in checkIpByMask() in app/Misc/Helper.php prior to version 1.8.211: it only checks for a slash and returns false for plain IPs, bypassing CIDR evaluation. This leaves the 10.0.0.0/8 and 172.16.0.0/12 private ranges unprotected, enabling potential SSRF-like expo...

6.9CVSS5.8AI score0.00277EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.9 views

FreeScout 代码问题漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.211 contained code vulnerabilities. These vulnerabilities were caused by logical errors in the checkIpByMask function, which...

6.9CVSS5.9AI score0.00277EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.6 views

CVE-2026-31943

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, isPrivateIP in packages/api/src/auth/domain.ts fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests ...

8.5CVSS5.9AI score0.00213EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/27 7:21 p.m.4 views

EUVD-2026-16764

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, isPrivateIP in packages/api/src/auth/domain.ts fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests ...

8.5CVSS5.9AI score0.00213EPSS
Exploits1References1
CVE
CVE
added 2026/03/27 2:31 p.m.17 views

CVE-2026-33766

WWBN AVideo (open-source video platform) versions up to 26.0 are affected by an SSRF protection bypass in image-download endpoints. The root cause is that isSSRFSafeURL() validates the URL against private/reserved IP ranges at check-time, but url_get_contents() follows HTTP redirects without re-v...

6.5CVSS5.9AI score0.00233EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/19 10:6 p.m.11 views

EUVD-2026-13286

OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4 function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit webfetch functionality to acce...

6CVSS5.8AI score0.00206EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/12 6:37 p.m.39 views

CVE-2026-32236 @backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch

Backstage is an open framework for building developer portals. Prior to 0.27.1, a Server-Side Request Forgery SSRF vulnerability exists in @backstage/plugin-auth-backend when auth.experimentalClientIdMetadataDocuments.enabled is set to true. The CIMD metadata fetch validates the initial clientid...

6.3CVSS0.00292EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/10 9:43 p.m.30 views

CVE-2026-31829 Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including...

7.1CVSS0.023EPSS
Exploits1References1
OSV
OSV
added 2026/02/11 9:11 p.m.7 views

CVE-2026-26019 @langchain/community affected by SSRF Bypass in RecursiveUrlLoader via insufficient URL origin validation

LangChain is a framework for building LLM-powered applications. Prior to 1.1.14, the RecursiveUrlLoader class in @langchain/community is a web crawler that recursively follows links from a starting URL. Its preventOutside option enabled by default is intended to restrict crawling to the same site...

4.1CVSS5.5AI score0.00371EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : python3.12-3.12.5-2.el8_10 (AXSA:2024-8842:07)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8842:07 advisory. python: incorrect IPv4 and IPv6 private ranges CVE-2024-4032 cpython: python: email module doesn't properly quotes newlines in email headers, allowi...

8.7CVSS7.3AI score0.01275EPSS
Exploits0References4
OSV
OSV
added 2026/01/08 3:23 p.m.9 views

CVE-2026-22245 Mastodon has SSRF Protection bypass

Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP addresses unless specified in ALLOWEDPRIVATEADDRESSES to...

7.1CVSS6.2AI score0.00247EPSS
Exploits0References6
Rows per page
Query Builder