Lucene search
K

121662 matches found

GithubExploit
GithubExploit
added 2026/03/31 2:18 p.m.158 views

Exploit for Server-Side Request Forgery in Useplunk Plunk

CVE-2026-32096 SSRF via unvalidated AWS SNS SubscriptionCon...

9.3CVSS6AI score0.00273EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/03/31 1:43 p.m.3 views

CVE-2026-34162 FastGPT: Unauthenticated SSRF via httpTools Endpoint Leads to Internal API Key Theft

FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint /api/core/app/httpTools/runTool is exposed without any authentication. This endpoint acts as a full HTTP proxy — it accepts a user-supplied baseUrl, toolPath, HTTP method, custom headers,...

10CVSS5.8AI score0.00416EPSS
Exploits1References4
CVE
CVE
added 2026/03/31 1:43 p.m.12 views

CVE-2026-34163

FastGPT prior to v4.14.9.5 exposes a Server-Side Request Forgery via MCP Tools endpoints /api/core/app/mcpTools/getTools and /api/core/app/mcpTools/runTool, which accept a user-supplied URL and perform server-side requests without validating internal/private addresses. Although an isInternalAddre...

7.7CVSS5.8AI score0.00283EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/31 1:43 p.m.3 views

EUVD-2026-17447

FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's MCP Model Context Protocol tools endpoints /api/core/app/mcpTools/getTools and /api/core/app/mcpTools/runTool accept a user-supplied URL parameter and make server-side HTTP requests to it without validating whether the...

7.7CVSS5.8AI score0.00283EPSS
Exploits1References4
OSV
OSV
added 2026/03/31 1:43 p.m.2 views

CVE-2026-34163 Server-Side Request Forgery via MCP Tools Endpoint in FastGPT

FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's MCP Model Context Protocol tools endpoints /api/core/app/mcpTools/getTools and /api/core/app/mcpTools/runTool accept a user-supplied URL parameter and make server-side HTTP requests to it without validating whether the...

7.7CVSS5.8AI score0.00283EPSS
Exploits1References6
EUVD
EUVD
added 2026/03/31 12:31 p.m.3 views

EUVD-2026-17367

The Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.12. This is due to missing or incorrect nonce validation on the 'minifyhtmlmenuoptions' function. This makes it possible for unauthenticated attackers to update plugin settin...

5.4CVSS5.8AI score0.00154EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/31 12:19 p.m.10 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.4.0 Vulnerability Details CVEID:CVE-2026-1525 DESCRIPTION: Undici allows duplicate HTTP Content-Length headers when they...

9.8CVSS7.3AI score0.0115EPSS
Exploits2Affected Software1
NVD
NVD
added 2026/03/31 12:16 p.m.6 views

CVE-2026-4267

The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$SERVER'REQUESTURI'’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS0.00302EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/31 11:29 a.m.25 views

CVE-2026-4267 Query Monitor <= 3.20.3 - Reflected Cross-Site Scripting via Request URI

The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$SERVER'REQUESTURI'’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS0.00302EPSS
Exploits0References5
CVE
CVE
added 2026/03/31 11:29 a.m.16 views

CVE-2026-4267

The CVE-2026-4267 issue affects the WordPress Query Monitor plugin (versions up to 3.20.3). It allows Reflected Cross-Site Scripting via the $_SERVER['REQUEST_URI'] parameter due to insufficient input sanitization and output escaping, enabling unauthenticated attackers to inject scripts that exec...

7.2CVSS6AI score0.00302EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/31 11:29 a.m.3 views

CVE-2026-4267

The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$SERVER'REQUESTURI'’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS6AI score0.00302EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/31 11:29 a.m.3 views

EUVD-2026-17397

The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$SERVER'REQUESTURI'’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS6AI score0.00302EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/31 11:29 a.m.2 views

CVE-2026-4267 Query Monitor <= 3.20.3 - Reflected Cross-Site Scripting via Request URI

The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$SERVER'REQUESTURI'’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS6AI score0.00302EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/31 9:31 a.m.3 views

EUVD-2026-17333

The Performance Monitor WordPress plugin through 1.0.6 does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attacks...

5.8CVSS5.9AI score0.00259EPSS
Exploits0References2
OSV
OSV
added 2026/03/31 9:1 a.m.6 views

CLSA-2026-1774947708 squid: Fix of 3 CVEs

CVE-2026-33526: fix heap Use-After-Free in ICP traffic handling causing DoS - CVE-2026-33515: fix out-of-bounds read in ICP message handling leaking sensitive information - CVE-2026-32748: fix HttpRequest lifetime in ICP v3 queries preventing Use-After-Free DoS...

9.2CVSS5.8AI score0.08942EPSS
Exploits0References1
OSV
OSV
added 2026/03/31 8:47 a.m.6 views

CLSA-2026-1774946829 squid: Fix of 3 CVEs

CVE-2026-33526: fix heap Use-After-Free in ICP traffic handling causing DoS - CVE-2026-33515: fix out-of-bounds read in ICP message handling leaking sensitive information - CVE-2026-32748: fix HttpRequest lifetime in ICP v3 queries preventing Use-After-Free DoS...

9.2CVSS5.8AI score0.08942EPSS
Exploits0References1
CloudLinux
CloudLinux
added 2026/03/31 8:47 a.m.7 views

squid: Fix of 3 CVEs

CVE-2026-33526: fix heap Use-After-Free in ICP traffic handling causing DoS - CVE-2026-33515: fix out-of-bounds read in ICP message handling leaking sensitive information - CVE-2026-32748: fix HttpRequest lifetime in ICP v3 queries preventing Use-After-Free DoS...

9.2CVSS5.9AI score0.08942EPSS
Exploits0
OSV
OSV
added 2026/03/31 8:46 a.m.5 views

CLSA-2026-1774874764 squid: Fix of 3 CVEs

CVE-2026-33526: fix heap use-after-free due to double rfc1738escape in ICP error handling - CVE-2026-33515: fix validation of ICP packet sizes and URLs to prevent out-of-bounds reads - CVE-2026-32748: fix HttpRequest use-after-free in ICP v3 query handling...

9.2CVSS5.8AI score0.08942EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/31 6:31 a.m.3 views

EUVD-2026-17323

OpenStack Glance =30.0.0 30.1.1, ==31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, the web-download and...

5CVSS5.9AI score0.00258EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/31 6:16 a.m.9 views

CVE-2026-34881

OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, th...

5CVSS5.9AI score0.00258EPSS
Exploits1References5
Rows per page
Query Builder