Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-28385

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

5CVSS5.8AI score0.00172EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/11 7:17 p.m.9 views

EUVD-2026-36308

Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying...

7.4CVSS5.5AI score0.00265EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/15 9:25 p.m.6 views

CVE-2026-40500

ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...

6.8CVSS5.9AI score0.00385EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.6 views

CVE-2026-34443

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, checkIpByMask in app/Misc/Helper.php checks whether the input IP contains a / character. Plain IP addresses never contain /, so the function always returns false without checking any CIDR...

6.9CVSS5.8AI score0.00277EPSS
Exploits1References1
Rows per page
Query Builder