Lucene search
K

121698 matches found

NVD
NVD
added 2026/03/26 11:16 p.m.7 views

CVE-2026-4902

A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is n...

9CVSS0.00632EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/26 11:11 p.m.3 views

CVE-2026-4905 Tenda AC5 POST Request WifiWpsOOB formWifiWpsOOB stack-based overflow

A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the attack is possible...

9CVSS7.6AI score0.00632EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/26 11:11 p.m.3 views

CVE-2026-4905

A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the attack is possible...

9CVSS7.8AI score0.00632EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 11:11 p.m.2 views

CVE-2026-4904 Tenda AC5 POST Request setcfm formSetCfm stack-based overflow

A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. Such manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit...

9CVSS7.9AI score0.00746EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/26 11:11 p.m.2 views

CVE-2026-4904

A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. Such manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit...

9CVSS8.1AI score0.00746EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.5 views

CVE-2026-1015

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.4CVSS5.8AI score0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/26 10:30 p.m.23 views

CVE-2026-4903 Tenda AC5 POST Request QuickIndex formQuickIndex memory corruption

A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. Th...

9CVSS0.05461EPSS
Exploits1References5
CVE
CVE
added 2026/03/26 10:30 p.m.8 views

CVE-2026-4903

CVE-2026-4903 affects the Tenda AC5 (firmware 15.03.06.47). The vulnerability is in the POST /goform/QuickIndex handler function formQuickIndex, where manipulating the PPPOEPassword argument triggers a stack-based buffer overflow. The attack can be mounted remotely, with the exploit published and...

9CVSS8.1AI score0.05461EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/03/26 10:30 p.m.21 views

CVE-2026-4902 Tenda AC5 POST Request addressNat fromAddressNat memory corruption

A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is n...

9CVSS0.00632EPSS
Exploits1References5
OSV
OSV
added 2026/03/26 9:53 p.m.4 views

GHSA-9Q82-XGWF-VJ6H Apollo Server: Browser bug allows for bypass of XS-Search (read-only Cross-Site Request Forgery) prevention

Impact In a Cross-Site Request Forgery attack, untrusted web content causes browsers to send authenticated requests to web servers which use cookies for authentication. While the web content is prevented from reading the request's response due to the Cross-Origin Request Sharing CORS protocol, an...

6.3CVSS6AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/26 9:45 p.m.4 views

CVE-2026-33682

Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...

4.7CVSS5.9AI score0.00282EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/26 9:45 p.m.5 views

CVE-2026-33682 Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)

Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...

4.7CVSS5.9AI score0.00282EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/26 9:45 p.m.22 views

CVE-2026-33682 Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)

Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...

4.7CVSS0.00282EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 9:42 p.m.2 views

CVE-2026-3530

A flaw was found in the Drupal OpenID Connect / OAuth client. This Server-Side Request Forgery SSRF vulnerability allows a remote attacker to trick the server into making unauthorized requests to internal or external resources. This could lead to the disclosure of sensitive information or enable...

5.8AI score0.00162EPSS
Exploits0References2
NVD
NVD
added 2026/03/26 9:17 p.m.2 views

CVE-2026-33537

Lychee is a free, open-source photo-management tool. The patch introduced for GHSA-cpgw-wgf3-xc6v SSRF via Photo::fromUrl contains an incomplete IP validation check that fails to block loopback addresses and link-local addresses. Prior to version 7.5.1, an authenticated user can still reach...

5.3CVSS0.0026EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/26 8:34 p.m.27 views

CVE-2026-33619 PinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrl

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to POST /tasks with a user-controlled callbackUrl, the v0.8.3...

4.1CVSS0.00249EPSS
Exploits1References3
OSV
OSV
added 2026/03/26 8:33 p.m.3 views

GO-2026-4851 Vikunja has SSRF via Todoist/Trello Migration File Attachment URLs that Allows Reading Internal Network Resources in code.vikunja.io/api

Vikunja has SSRF via Todoist/Trello Migration File Attachment URLs that Allows Reading Internal Network Resources in code.vikunja.io/api. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causin...

6.4CVSS5.9AI score0.00272EPSS
Exploits1References4
OSV
OSV
added 2026/03/26 8:33 p.m.5 views

GO-2026-4835 NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing in github.com/nats-io/nats-server

NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing in github.com/nats-io/nats-server...

6.4CVSS5.8AI score0.00211EPSS
Exploits0References2
OSV
OSV
added 2026/03/26 8:33 p.m.4 views

GO-2026-4830 NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers in github.com/nats-io/nats-server

NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers in github.com/nats-io/nats-server...

6.4CVSS5.8AI score0.00143EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/26 8:33 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the callbackUrl parameter in the Task Scheduler process. An attacker can cause the server to make arbitrary HTTP requests to external or internal systems by supplying a crafted URL. Remediation Upgra...

5.5CVSS6AI score0.00249EPSS
Exploits1References3
Rows per page
Query Builder