CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

215 matches found

Github Security Blog•added 2026/03/20 8:57 p.m.•3 views

AVideo has Unauthenticated SSRF via plugin/Live/test.php

Summary An unauthenticated server-side request forgery vulnerability in plugin/Live/test.php allows any remote user to make the AVideo server send HTTP requests to arbitrary URLs. This can be used to probe localhost/internal services and, when reachable, access internal HTTP resources or cloud...

9.3CVSS6.5AI score0.00029EPSS

Exploits1References4Affected Software1

CVE•added 2026/03/06 4:13 a.m.•8 views

CVE-2026-28508

CVE-2026-28508 affects Idno: prior to 1.6.4, a logic error in the API authentication flow and missing login requirement on the URL unfurl endpoint results in CSRF protection bypass for unauthenticated requests. An attacker can set X-IDNO-USERNAME and X-IDNO-SIGNATURE headers to trigger is_api_req...

9.2CVSS6AI score0.0015EPSS

Exploits1References2Affected Software1

OSV•added 2026/02/09 9:15 p.m.•3 views

DEBIAN-CVE-2026-25765

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

5.8CVSS5.6AI score0.0002EPSS

Exploits0References1

Tenable Nessus•added 2026/01/13 12:0 a.m.•3 views

Atlassian Confluence 7.19.0 < 8.5.20 / 8.6.x < 9.2.6 / 9.3.x < 9.3.1 / 9.4.0 / 9.5.x < 9.5.2 / 10.0.x < 10.0.2 / 10.1.0 / 10.2.0 (CONFSERVER-101489)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101489 advisory. - The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and...

8.1CVSS6.8AI score0.8434EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 10:48 a.m.•5 views

CVE-2022-31827

MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery SSRF via the function performFetchRequest at HTTPFetcher.php...

9.1CVSS7.4AI score0.00451EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:48 a.m.•5 views

CVE-2022-31830

Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery SSRF via the init function at ImageCapture.class.php...

9.1CVSS7.3AI score0.00307EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:17 a.m.•7 views

CVE-2025-23411

mySCADA myPRO Manager is vulnerable to cross-site request forgery CSRF, which could allow an attacker to obtain sensitive information. An attacker would need to trick the victim in to visiting an attacker-controlled website...

6.5CVSS6.5AI score0.00318EPSS

Exploits0References1