Lucene search
K

121638 matches found

CNNVD
CNNVD
added 2026/03/31 12:0 a.m.17 views

WWBN AVideo 跨站请求伪造漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of CSRF token verification at the administrator plugin configuration endpoint...

8.1CVSS5.7AI score0.00233EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/31 12:0 a.m.20 views

CVE-2026-30520

A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file specifically the saveloan action. The application fails to properly sanitize user input supplied to the "borrowerid" parameter in a POST request, allowing an...

0.0022EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.7 views

WordPress plugin Minify HTML 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.4CVSS5.7AI score0.00154EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.9 views

Admidio 跨站请求伪造漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.8, there was a cross-site request forgeing vulnerability. This...

4.3CVSS5.7AI score0.00133EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/31 12:0 a.m.2 views

CVE-2026-30520

A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file specifically the saveloan action. The application fails to properly sanitize user input supplied to the "borrowerid" parameter in a POST request, allowing an...

6AI score0.0022EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.8 views

Admidio 跨站请求伪造漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.8, there was a vulnerability related to cross-site request forgery. This...

7.3CVSS5.7AI score0.00169EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.5 views

PT-2026-29373

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.40.0 Description cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread body...

7.4CVSS5.9AI score0.00262EPSS
Exploits2References14
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.8 views

PT-2026-29424

Name of the Vulnerable Software and Affected Versions FastMCP versions affected versions not specified Description The OpenAPIProvider in FastMCP is susceptible to an authenticated Server-Side Request Forgery SSRF vulnerability due to insufficient URL encoding of path parameters. Specifically, th...

10CVSS6AI score0.00988EPSS
Exploits1References15
SUSE CVE
SUSE CVE
added 2026/03/30 11:27 p.m.6 views

SUSE CVE-2026-33870

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

7.5CVSS5.8AI score0.0064EPSS
Exploits1References4
Anthropic
Anthropic
added 2026/03/30 11:19 p.m.43 views

ANT-2026-6DSMTXZ8 · mastodon · SSRF

ssrf high GHSA-crr4-7rm4-8gpw Severity Claude high · Security research firm high · Maintainer unknown Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Doyensec. ANT-2026-6DSMTXZ8: SSRF Bypass via IPv6 Unspecified...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/03/30 10:36 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CEL-based HTTP functions. An attacker can make unauthorized network requests to internal or external resources and exfitrate sensitive information AWS IAM credentials, GCP tokens by crafting...

9.8CVSS5.6AI score0.00705EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/30 10:36 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CEL-based HTTP functions. An attacker can make unauthorized network requests to internal or external resources and exfitrate sensitive information AWS IAM credentials, GCP tokens by crafting...

9.8CVSS5.6AI score0.00705EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/30 10:36 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CEL-based HTTP functions. An attacker can make unauthorized network requests to internal or external resources and exfitrate sensitive information AWS IAM credentials, GCP tokens by crafting...

9.8CVSS5.6AI score0.00705EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/30 9:31 p.m.8 views

Duplicate Advisory: Kyverno is vulnerable to server-side request forgery (SSRF)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rggm-jjmc-3394. This link is maintained to preserve external references. Original Description Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions...

9.8CVSS6AI score0.00705EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/03/30 8:44 p.m.42 views

CVE-2026-4789

CVE-2026-4789 : Kyverno versions >=1.16.0 are vulnerable to SSRF via the CEL HTTP library used in CEL-based policies. The issue stems from the http.Get/http.Post functions in pkg/cel/libs/http/http.go not enforcing URL restrictions, enabling an attacker with namespace-scoped policy creation pe...

9.8CVSS5.9AI score0.00705EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/30 8:44 p.m.5 views

CVE-2026-4789 CVE-2026-4789

Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions...

5.9AI score0.00705EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/30 8:26 p.m.2 views

Server-side Request Forgery (SSRF)

Overview hillelcoren/invoice-ninja is an Invoices, expenses & time-tracking built with Laravel Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CheckDatabaseRequest.php process. An attacker can make unauthorized requests to internal or external systems ...

8.8CVSS5.9AI score0.00315EPSS
Exploits1References2
NVD
NVD
added 2026/03/30 7:16 p.m.33 views

CVE-2026-29925

Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery SSRF in CheckDatabaseRequest.php...

7.7CVSS0.00315EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/03/30 7:7 p.m.3 views

CVE-2026-21710

A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called on a non-array...

7.5CVSS7.8AI score0.26356EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/30 7:7 p.m.2 views

CVE-2026-21710

A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called on a non-array...

7.5CVSS7AI score0.26356EPSS
Exploits0References1
Rows per page
Query Builder