121576 matches found
Cross-site Scripting (XSS)
Overview com.shopizer:shopizer is an open source e-commerce software. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getInputStream or getReader functions in the XssHttpServletRequestWrapper class. An attacker can inject and execute arbitrary web scripts or...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /ureport/datasource/testConnection endpoint. An authenticated user can access internal network resources by sending a malicious GET request. Remediation There is no fixed version for...
n8n-mcp's IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRF for SDK embedders
Impact In the SDK embedder path N8NDocumentationMCPServer constructor, getN8nApiClient, and validateInstanceContext, the synchronous URL validator in SSRFProtection.validateUrlSync had no IPv6 checks. IPv4-mapped IPv6 addresses such as http://::ffff:169.254.169.254 bypassed the cloud-metadata,...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the FilterDeadline function. An attacker can force the application to make arbitrary outbound HTTP POST requests to internal or external destinations by supplying a crafted URL in the...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the FilterDeadline process. An attacker can access internal network services and potentially exfiltrate sensitive information by submitting URLs with uppercase schemes that bypass the deny-list...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the FilterDeadline process. An attacker can access internal network services and potentially exfiltrate sensitive information by submitting URLs with uppercase schemes that bypass the deny-list...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the FilterDeadline process. An attacker can access internal network services and potentially exfiltrate sensitive information by submitting URLs with uppercase schemes that bypass the deny-list...
GHSA-5Q7P-7JGV-WW56 Gotenberg has case-insensitive URL scheme that bypasses webhook and downloadFrom deny-list SSRF protection
Vulnerability Details CWE: CWE-918 - Server-Side Request Forgery SSRF The default private-IP deny-lists for --webhook-deny-list and --api-download-from-deny-list use a case-sensitive regex ^https?://. Any uppercase URL scheme variant HTTP://, HTTPS://, Http:// bypasses the pattern. Go's...
CVE-2026-36764
A Server-Side Request Forgery SSRF in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request...
CVE-2026-36758
A Server-Side Request Forgery SSRF in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
CVE-2026-42430
OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in Playwright redirect handling that allows attackers to bypass strict SSRF checks. Attackers can exploit request-time navigation to reach private targets that should be restricted by browser SSRF protections...
tomcat: security constraint bypass with HTTP/0.9
A flaw was found in Tomcat. An improper input validation vulnerability allows an attacker to bypass security constraints. Specifically, if a security constraint is configured to permit HEAD requests to a URI but deny GET requests, a malformed or specification invalid HEAD request using the HTTP/0...
CVE-2024-13971
The CVE-2024-13971 item covers Lobster_pro’s XML parser vulnerability prior to version 4.12.6-GA. The issue allows unauthenticated attackers to read files on the application server and adjacent network shares and to issue HTTP GET requests to arbitrary services via XML External Entities handling....
Server-Side Request Forgery (SSRF)
Axios is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to inadequate hostname normalization and reliance on string matching in proxy bypass logic, which allows an attacker to route local requests through a proxy instead of bypassing it...
BIT-PYTORCH-2026-4538 PyTorch pt2 Loading deserialization
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The projec...
Null Pointer Dereference
github.com/emiago/sipgo is vulnerable to a Null pointer dereference. The vulnerability is due to missing nil checks for the To header in the NewResponseFromRequest function, which allows an attacker to exploit it by sending a malformed SIP request without a To header and crash the application...
Stream Request Bypass
Axios is vulnerable to Stream Request Bypass. The vulnerability is due to the bypassing of maxBodyLength when maxRedirects is set to 0 for stream request bodies, where oversized streamed uploads are sent fully even when the caller sets strict body limits...
SUSE CVE-2026-40560
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...
EUVD-2026-26383
A Server-Side Request Forgery SSRF in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
PT-2026-36187
IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...