Lucene search
K

56159 matches found

NVD
NVD
added 2026/07/02 11:16 p.m.11 views

CVE-2026-45499

Server-side request forgery ssrf in Azure OpenAI allows an authorized attacker to elevate privileges over a network...

9.9CVSS0.00608EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 11:16 p.m.31 views

CVE-2026-57100

Server-side request forgery ssrf in Microsoft Entra Provisioning Service SyncFabric allows an authorized attacker to elevate privileges over a network...

9.9CVSS0.0063EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 10:18 p.m.8 views

CVE-2026-45499

Server-side request forgery ssrf in Azure OpenAI allows an authorized attacker to elevate privileges over a network...

9.9CVSS5.8AI score0.00608EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 8:17 p.m.6 views

CVE-2026-59095

LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service importFromUrl and topic cover update fetchImageFromUrl...

8.3CVSS0.00235EPSS
Exploits0References3
CVE
CVE
added 2026/07/02 7:41 p.m.14 views

CVE-2026-59095

CVE-2026-59095 affects LobeChat prior to 2.2.10-canary.18. It is a server-side request forgery (SSRF) vulnerability where authenticated attackers can supply input to the skill import service (importFromUrl) and topic cover update (fetchImageFromUrl) endpoints that use the global fetch without the...

8.3CVSS5.9AI score0.00235EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 4:0 p.m.14 views

EUVD-2026-36318

OpenClaw's browser act interactions could bypass private-network navigation checks...

7.7CVSS5.8AI score0.00247EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/02 2:50 p.m.36 views

CVE-2026-55115

A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery SSRF in UniFi Protect Application to escalate privileges on the host device...

9.9CVSS0.00232EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:50 p.m.6 views

CVE-2026-55113

A malicious actor with access to the network could exploit a Server-Side Request Forgery SSRF vulnerability found in UniFi Talk Application to execute a Denial of Service DoS attack and bypass authentication in certain UniFi Talk API endpoints...

7.5CVSS5.8AI score0.00223EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 2:50 p.m.6 views

EUVD-2026-41394

A malicious actor with access to the network could exploit a Server-Side Request Forgery SSRF vulnerability found in UniFi Talk Application to execute a Denial of Service DoS attack and bypass authentication in certain UniFi Talk API endpoints...

7.5CVSS5.8AI score0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 2:49 p.m.34 views

CVE-2026-54401

A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery SSRF to escalate privileges within such UniFi OS devices or instances...

7.7CVSS0.00217EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:16 a.m.38 views

CVE-2026-57766 WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in WPIDE – File Manager & Code Editor = 3.5.6 versions...

8.8CVSS0.00142EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 11:16 a.m.8 views

EUVD-2026-41315

Unauthenticated Cross Site Request Forgery CSRF in ProfileGrid = 5.9.9.7 versions...

8.8CVSS5.8AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:16 a.m.15 views

CVE-2026-57759

CVE-2026-57759: Unauthenticated CSRF in WordPress ProfileGrid plugin (versions

8.8CVSS5.8AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:16 a.m.20 views

CVE-2026-57761

CVE-2026-57761 concerns the WordPress theme SEOWP, affected in versions &lt;= 3.12.2. The vulnerability is described as Unauthenticated CSRF . Several connected sources also frame the issue as a CSRF leading to Stored XSS in SEOWP

7.1CVSS5.8AI score0.00094EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 11:16 a.m.5 views

EUVD-2026-41314

Unauthenticated Cross Site Request Forgery CSRF in Permalink Manager for WooCommerce = 1.0.8.2 versions...

7.1CVSS5.8AI score0.00094EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.35 views

CVE-2026-57751 WordPress Heateor Social Login plugin <= 1.1.39 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Heateor Social Login = 1.1.39 versions...

8.1CVSS0.00139EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 11:15 a.m.6 views

EUVD-2026-41290

Subscriber Server Side Request Forgery SSRF in GeoDirectory = 2.8.161 versions...

6.4CVSS5.8AI score0.0023EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.8 views

CVE-2026-57681

Subscriber Server Side Request Forgery SSRF in GeoDirectory = 2.8.161 versions...

6.4CVSS5.8AI score0.0023EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.33 views

CVE-2026-57348 WordPress Paid Member Subscriptions plugin <= 3.0.4 - Server Side Request Forgery (SSRF) vulnerability

Unauthenticated Server Side Request Forgery SSRF in Paid Member Subscriptions = 3.0.4 versions...

7.2CVSS0.00203EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 10:30 a.m.20 views

CVE-2026-54430

liboauth2 is affected by a Server-Side Request Forgery in the oauth2_jose_jwks_aws_alb_resolve() function. The AWS ALB verifier reads signer and kid from the unverified JWT header; if the signer matches the configured ARN, the kid is appended to alb_base_url without URL encoding or path sanitizat...

5.1CVSS5.8AI score0.00121EPSS
Exploits0References3
Rows per page
Query Builder