Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added last week5 views

CVE-2026-59707 LocalAI - Server-Side Request Forgery via POST /models/apply

LocalAI contains an unauthenticated server-side request forgery vulnerability in the POST /models/apply endpoint that allows attackers to fetch arbitrary internal URLs. The endpoint passes unsanitized gallery URL fields directly to gallery.GetGalleryConfigFromURLWithContext without proper...

9.2CVSS6.1AI score0.0036EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45560

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the web fetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL that redirects to a loopback or private address via a 3xx Location header. Attackers can exploit the...

5.3CVSS5.8AI score0.00287EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.14 views

nanobot 代码问题漏洞

Nanobot is a lightweight personal AI assistant open-source by Data Intelligence Lab@HKU. Versions of Nanobot prior to 0.2.1 contained code vulnerabilities. These vulnerabilities stemmed from issues with server-side request forgeing in the webFetch tool. This could allow remote attackers to access...

5.3CVSS5.5AI score0.00287EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/14 3:19 p.m.50 views

CVE-2026-42596 Gotenberg: Unauthenticated SSRF via default deny-list bypass in downloadFrom and webhook

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is regex-based and case-sensitive, an unauthenticated attacker can supply URLs such as...

9.4CVSS0.00352EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:24 p.m.7 views

CVE-2026-41195

mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server later fetches. Because the server follows http/https redirects and...

5CVSS5.8AI score0.00197EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/10 7:49 p.m.9 views

Ech0 has SSRF via DNS Resolution Bypass in Webhook URL Validation

Summary The validateWebhookURL function in webhooksettingservice.go attempts to block webhooks targeting private/internal IP addresses, but only checks literal IP strings via net.ParseIP. Hostnames that DNS-resolve to private IPs e.g., 169.254.169.254.nip.io, 10.0.0.1.nip.io bypass all checks,...

5.9AI score
Exploits0References3Affected Software1
Rows per page
Query Builder