Lucene search
K

56159 matches found

CVE
CVE
added 5 days ago8 views

CVE-2026-54607

FastGPT exposed an SSRF issue in the HTTP-tool OpenAPI schema importer prior to 4.15.0-beta4. The importer validates only the top-level URL before handing refs to SwaggerParser.bundle, whose resolver can fetch and inline $ref URLs bypassing FastGPT’s internal-address guard, enabling an authentica...

7.7CVSS6AI score0.00238EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-59707 LocalAI - Server-Side Request Forgery via POST /models/apply

LocalAI contains an unauthenticated server-side request forgery vulnerability in the POST /models/apply endpoint that allows attackers to fetch arbitrary internal URLs. The endpoint passes unsanitized gallery URL fields directly to gallery.GetGalleryConfigFromURLWithContext without proper...

9.2CVSS0.0036EPSS
Exploits0References4
NVD
NVD
added 5 days ago6 views

CVE-2026-58468

NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin...

5.5CVSS0.002EPSS
Exploits0References4
CVE
CVE
added 5 days ago9 views

CVE-2026-58468

NocoBase up to version 2.1.20 is affected by a server-side request forgery via the serverRequest wrapper. Authenticated administrators can craft arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin. Exploitation ta...

5.5CVSS6.1AI score0.002EPSS
Exploits0References4
Snyk
Snyk
added 5 days ago3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the notification URL validation process. An attacker can access internal network resources and potentially expose sensitive internal data by configuring notification URLs to point to hostnames that...

7.7CVSS6AI score0.00437EPSS
Exploits0References2
NCSC
NCSC
added 5 days ago6 views

Vulnerabilities found in UniFi products from Ubiquiti Networks

Ubiquiti Networks has identified vulnerabilities in various UniFi products, including UniFi Connect Application, UniFi Talk Application, UniFi Access Application, UniFi OS, UniFi Network Application, and UniFi Protect Application. These vulnerabilities involve command injection, SQL injection,...

10CVSS6.2AI score0.00872EPSS
Exploits0References1
NVD
NVD
added 5 days ago9 views

CVE-2026-58315

Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...

5.1CVSS0.00102EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-34170 Coolify: Server-Side Request Forgery via attacker-controlled GitHub App API URL

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GithubApp apiurl field is used as the base URL for server-side HTTP requests without allowlisting or private IP blocking, allowing an authenticated user to configure a...

4.3CVSS0.00171EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago4 views

PT-2026-56298

Name of the Vulnerable Software and Affected Versions @better-auth/sso versions 0.1.0 through 1.6.10 @better-auth/sso versions 1.7.0-beta.x Description An SSRF flaw exists in the provider registration flow where OpenID Connect OIDC endpoint URLs are accepted without proper validation. When...

9.6CVSS6AI score0.00025EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-56257

Name of the Vulnerable Software and Affected Versions LocalAI affected versions not specified Description An unauthenticated server-side request forgery SSRF exists in the 'POST /models/apply' endpoint. This occurs because the endpoint passes unsanitized gallery URL fields to the...

9.2CVSS6.1AI score0.0036EPSS
Exploits0References6
OSV
OSV
added 6 days ago5 views

GHSA-CHWM-M7G7-685G Dragonfly scheduler v1 and v2 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFile

Summary The Dragonfly scheduler's v1 gRPC service contains an unauthenticated Server-Side Request Forgery SSRF. When a peer reports a successful download of a TINY task, the scheduler calls Peer.DownloadTinyFile and issues an HTTP GET to a host and port taken verbatim from the attacker-controlled...

6.9CVSS6.3AI score
Exploits0References11
NVD
NVD
added 6 days ago9 views

CVE-2025-53828

SharePoint for ownCloud is an application for using SharePoint with the file storage, synchronization, and sharing application ownCloud Classic. In SharePoint for ownCloud prior to version 0.4.1, which corresponds to ownCloud 10 prior to 10.15.3, an attacker with administrative privileges can use...

8.5CVSS0.00232EPSS
Exploits0References1
CVE
CVE
added 6 days ago15 views

CVE-2025-53828

CVE-2025-53828 describes a SSRF vulnerability in SharePoint for ownCloud prior to 0.4.1 (affecting ownCloud 10 prior to 10.15.3). An attacker with administrative privileges can trigger SSRF to execute arbitrary code on the system. The fixed version is SharePoint for ownCloud 0.4.1, delivered with...

8.5CVSS6.4AI score0.00232EPSS
Exploits0References1
CVE
CVE
added 6 days ago19 views

CVE-2026-44936

CVE-2026-44936 describes an SSRF risk in SUSE Rancher Fleet’s bundle reader when the helmRepoURLRegex field is not set on a GitRepo. The vulnerability allows forwarding Helm authentication credentials (BasicAuth) to any URL specified in the fleet.yaml helm.repo field, potentially leaking admin cr...

5CVSS6AI score0.00386EPSS
Exploits0References1Affected Software1
CVE
CVE
added 6 days ago15 views

CVE-2026-55994

The CVE concerns Apache Camel Iggy: an attacker publishing to the Iggy stream can inject Camel control headers into inbound messages because the consumer maps external user-headers into the Exchange header map without a HeaderFilterStrategy. This enables Server-Side Request Forgery (SSRF) by redi...

7.5CVSS6AI score0.00396EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-41849

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Atmosphere Websocket Component. The camel-atmosphere-websocket consumer mapped inbound WebSocket query parameters into the Camel Exchange header...

6AI score0.00536EPSS
Exploits0References1
CVE
CVE
added 6 days ago14 views

CVE-2026-48203

CVE-2026-48203 affects Apache Camel’s Solr component. The vulnerability arises because SolrParam.* and SolrField.* headers are copied into Solr request parameters and indexed fields without respecting the Camel/HTTP header boundary, enabling an unauthenticated HTTP client to inject arbitrary Solr...

9.1CVSS6.1AI score0.0037EPSS
Exploits0References2Affected Software1
CVE
CVE
added 6 days ago10 views

CVE-2026-46726

Apache Camel Vertx Websocket: the inbound WebSocket consumer maps external query/path parameters into the Exchange header map without HeaderFilterStrategy, enabling injection of Camel headers (e.g., CamelHttpUri) and potential server-side request forgery (SSRF) to attacker-controlled URIs. The HT...

7.5CVSS6AI score0.00536EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-46726

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Vertx Websocket component. The camel-vertx-websocket consumer mapped inbound WebSocket query and path parameters into the Camel Exchange header...

6AI score0.00536EPSS
Exploits0References2Affected Software1
OSV
OSV
added 6 days ago3 views

BIT-MASTODON-2026-47389 Mastodon: SSRF protection bypass on older Ruby versions

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, when using Ruby versions older than 3.4, PrivateAddressCheck.privateaddress? returns false for IPv4-mapped IPv6 addresses ::ffff:a.b.c.d corresponding to some private IPv4 addresses,...

8.6CVSS6AI score0.00232EPSS
Exploits0References2
Rows per page
Query Builder