Lucene search
K

56068 matches found

EUVD
EUVD
added 5 days ago6 views

EUVD-2026-41290

Subscriber Server Side Request Forgery SSRF in GeoDirectory = 2.8.161 versions...

6.4CVSS5.8AI score0.0023EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-57348 WordPress Paid Member Subscriptions plugin <= 3.0.4 - Server Side Request Forgery (SSRF) vulnerability

Unauthenticated Server Side Request Forgery SSRF in Paid Member Subscriptions = 3.0.4 versions...

7.2CVSS0.00203EPSS
Exploits0References1
CVE
CVE
added 5 days ago14 views

CVE-2026-54430

liboauth2 is affected by a Server-Side Request Forgery in the oauth2_jose_jwks_aws_alb_resolve() function. The AWS ALB verifier reads signer and kid from the unverified JWT header; if the signer matches the configured ARN, the kid is appended to alb_base_url without URL encoding or path sanitizat...

5.1CVSS5.8AI score0.00121EPSS
Exploits0References3
Debian CVE
Debian CVE
added 5 days ago4 views

CVE-2026-54430

liboauth2 is vulnerable to Server-Side Request Forgery in oauth2josejwksawsalbresolve function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If signer matches the configured ARN, kid is appended to albbaseurl without URL encoding or path sanitization, and the HTT...

5.1CVSS5.8AI score0.00121EPSS
Exploits0
Nuclei
Nuclei
added 5 days ago89 views

DedeCMS 5.7SP2 - Cross-Site Request Forgery/Remote Code Execution

DedeCMS 5.7SP2 is susceptible to cross-site request forgery with a corresponding impact of arbitrary code execution because the partcode parameter in a tagtestaction.php request can specify a runphp field in conjunction with PHP code. id: CVE-2018-7700 info: name: DedeCMS 5.7SP2 - Cross-Site...

8.8CVSS7.6AI score0.74842EPSS
Exploits1References5
Nuclei
Nuclei
added 5 days ago78 views

Apache HTTPd Windows UNC - Server-Side Request Forgery

SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note- Existing configurations that access UNC paths will have to configure new...

7.5CVSS6.6AI score0.6795EPSS
Exploits1References5
Nuclei
Nuclei
added 5 days ago77 views

Adminer <4.7.9 - Server-Side Request Forgery

Adminer before 4.7.9 is susceptible to server-side request forgery due to exposure of sensitive information in error messages. Users of Adminer versions bundling all drivers, e.g. adminer.php, are affected. An attacker can possibly obtain this information, modify data, and/or execute unauthorized...

7.2CVSS7.4AI score0.90461EPSS
Exploits3References5
Nuclei
Nuclei
added 5 days ago140 views

SAP NetWeaver Development Infrastructure - Server Side Request Forgery

Server-Side Request Forgery SSRF vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the...

9.9CVSS7.2AI score0.67699EPSS
Exploits0References5
Nuclei
Nuclei
added 5 days ago94 views

WordPress Fusion Builder <3.6.2 - Server-Side Request Forgery

WordPress Fusion Builder plugin before 3.6.2 is susceptible to server-side request forgery. The plugin does not validate a parameter in its forms, which can be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. An attacker can...

9.8CVSS7.5AI score0.71722EPSS
Exploits6References5
Nuclei
Nuclei
added 5 days ago105 views

VMware vSphere - Server-Side Request Forgery

VMware vSphere HTML5 is susceptible to server-side request forgery due to improper validation of URLs in a vCenter Server plugin. An attacker with network access to port 443 can exploit this issue by sending a POST request to the plugin. This affects VMware vCenter Server 7.x before 7.0 U1c, 6.7...

5.3CVSS7.2AI score0.88012EPSS
Exploits8References5
NVD
NVD
added 5 days ago8 views

CVE-2026-55791

Craft CMS is a content management system CMS. Versions 4.0.0-RC1 and above, prior to 4.18.0 and 5.0.0-RC1, and above, prior to 5.10.0, are vulnerable to Server-Side Request Forgery SSRF and Arbitrary JavaScript Injection through the /actions/app/resource-js endpoint. By exploiting the default...

6.9CVSS0.0033EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-55321

Name of the Vulnerable Software and Affected Versions Microsoft Entra Provisioning Service SyncFabric affected versions not specified Description Server-side request forgery SSRF in the Microsoft Entra Provisioning Service SyncFabric allows an authorized attacker to elevate privileges over a...

9.9CVSS5.9AI score0.00644EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-55319

Name of the Vulnerable Software and Affected Versions Azure OpenAI affected versions not specified Description A server-side request forgery SSRF issue exists in Azure OpenAI. This flaw allows an authorized attacker to elevate privileges over a network. SSRF is a vulnerability where an attacker c...

9.9CVSS5.9AI score0.00622EPSS
Exploits0References5
Snyk
Snyk
added 6 days ago5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the helm.repo process when the helmRepoURLRegex field is not set on a GitRepo resource. An attacker with git push access to a monitored repository can cause the system to forward Helm authentication...

5.3CVSS6.1AI score0.00346EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the helm.repo process when the helmRepoURLRegex field is not set on a GitRepo resource. An attacker with git push access to a monitored repository can cause the system to forward Helm authentication...

5.3CVSS6.1AI score0.00346EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-41097

Cross-Site Request Forgery CSRF vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows Path Traversal. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.12...

7.4CVSS5.8AI score0.00124EPSS
Exploits0References1
Patchstack
Patchstack
added 6 days ago6 views

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.12 - CSRF to Arbitrary File Deletion vulnerability

CSRF to Arbitrary File Deletion vulnerability discovered by VDsec in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.12...

7.4CVSS5.8AI score0.00124EPSS
Exploits0Affected Software1
Nuclei
Nuclei
added 6 days ago94 views

Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery

Jenkins GitHub Plugin 1.29.1 and earlier is susceptible to server-side request forgery via GitHubTokenCredentialsCreator.java, which allows attackers to leverage attacker-specified credentials IDs obtained through another method and capture the credentials stored in Jenkins. id: CVE-2018-1000600...

8.8CVSS7.3AI score0.90894EPSS
Exploits0References5
CVE
CVE
added last week11 views

CVE-2026-56264

CVE-2026-56264 affects Crawl4AI prior to 0.8.7. The Docker API server’s /execute_js endpoint accepts and executes arbitrary JavaScript in the server’s browser context with --disable-web-security enabled, enabling an attacker to run arbitrary JS and, given relaxed browser security, perform server-...

9.2CVSS6.2AI score0.00521EPSS
Exploits0References3Affected Software1
CVE
CVE
added last week12 views

CVE-2025-36324

CVE-2025-36324 affects IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0. The issue is a server-side request forgery (SSRF) that could allow an authenticated attacker to make unauthorized requests from the system, potentially enabling network enumeration or facilitating other ...

4.3CVSS5.8AI score0.0027EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder