Lucene search
K

7 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/25 6:7 p.m.7 views

CVE-2026-56771

NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the addurl endpoint that allows authenticated users to make arbitrary server requests to internal networks by failing to filter private IP addresses. Attackers can exploit this to access localhost services and...

8.5CVSS6AI score0.00204EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/20 6:27 p.m.17 views

CVE-2026-56342 AVideo - Server-Side Request Forgery in Live/test.php via statsURL Parameter

AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenticated administrators to read arbitrary URLs via the statsURL parameter, which lacks isSSRFSafeURL validation and accepts requests to private IP ranges and cloud metadata...

6.8CVSS0.00236EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/27 7:23 p.m.3 views

CVE-2026-31945 LibreChat Server-Side Request Forgery using DNS resolution

LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery SSRF attack when using agent actions or MCP. Although a previous SSRF vulnerability...

7.7CVSS5.9AI score0.00249EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.10 views

PT-2026-28430

Name of the Vulnerable Software and Affected Versions LibreChat versions 0.8.2-rc2 through 0.8.2 Description LibreChat, a ChatGPT clone with additional features, has a server-side request forgery SSRF issue in versions 0.8.2-rc2 through 0.8.2 when utilizing agent actions or MCP. A prior SSRF fix...

7.7CVSS5.9AI score0.00249EPSS
Exploits1References6
CVE
CVE
added 2026/02/11 9:11 p.m.27 views

CVE-2026-26019

CVE-2026-26019 affects the LangChain JS library (@langchain/community) before version 1.1.14, specifically the RecursiveUrlLoader. The cause is insufficient URL origin validation: it relied on String.startsWith() to compare URLs, failing to validate semantic origin and permitting crawling of atta...

4.1CVSS5.4AI score0.00371EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/11 9:11 p.m.4 views

CVE-2026-26019 @langchain/community affected by SSRF Bypass in RecursiveUrlLoader via insufficient URL origin validation

LangChain is a framework for building LLM-powered applications. Prior to 1.1.14, the RecursiveUrlLoader class in @langchain/community is a web crawler that recursively follows links from a starting URL. Its preventOutside option enabled by default is intended to restrict crawling to the same site...

4.1CVSS5.4AI score0.00371EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-6740

Malware in sbrugna...

7.5CVSS7.6AI score0.01472EPSS
Exploits1References2
Rows per page
Query Builder