Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 2026/05/19 2:44 p.m.2 views

GHSA-Q862-GCGQ-5M6G HAXcms createSite SSRF Enables Arbitrary File Read

Summary An authenticated Server-Side Request Forgery SSRF vulnerability in HAXcms allows users to fetch arbitrary internal or local resources and write the responses to a web-accessible directory, enabling arbitrary file read and internal network access. Details The createSite endpoint in HAXcms...

7.1CVSS5.9AI score0.00038EPSS
Exploits0References2
Snyk
Snykadded 2026/05/06 10:31 p.m.7 views

Server-side Request Forgery (SSRF)

Overview misp-modules is a MISP modules are autonomous modules that can be used for expansion and other services in MISP Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the htmltomarkdown and qrcode modules when handling remote resource fetching. An attacke...

8.3CVSS5.5AI score0.00007EPSS
Exploits0References2
CVE
CVEadded 2026/03/31 8:16 p.m.4 views

CVE-2026-34367

InvoiceShelf (open-source web/mobile app) is affected by a Server-Side Request Forgery (SSRF) in the PDF generation module prior to version 2.2.0. User-supplied HTML in the Notes field is passed unsanitised to the Dompdf renderer, which fetches remote resources referenced in the markup. The vulne...

8.7CVSS5.8AI score0.0005EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2026/03/27 2:13 p.m.7 views

CVE-2026-4984

CVE-2026-4984 affects Botpress’s Twilio integration webhook handler. The vulnerability arises because the webhook accepts POST requests without validating Twilio’s X-Twilio-Signature, and when processing media messages it fetches user-controlled URLs (MediaUrlN) via HTTP requests that include the...

8.2CVSS5.9AI score0.00008EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/25 9:14 p.m.1 views

EUVD-2026-14916

Vikunja has SSRF via Todoist/Trello Migration File Attachment URLs that Allows Reading Internal Network Resources...

6.4CVSS5.8AI score0.00053EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2025/12/16 12:0 a.m.2 views

PT-2025-51766

Name of the Vulnerable Software and Affected Versions Ctera Portal versions 8.1.x 8.1.1417.24 Description A Server-Side Request Forgery SSRF issue exists in Ctera Portal. This allows remote attackers to make arbitrary HTTP requests by providing a crafted HTML file containing an iframe. The...

7.5CVSS6.7AI score0.00058EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2025/05/22 5:43 p.m.7 views

CVE-2020-14160

An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources...

7.5CVSS6.7AI score0.00526EPSS
Exploits0
OSV
OSVadded 2018/06/04 7:29 p.m.4 views

CVE-2017-16040

gfe-sass is a library for promises CommonJS/Promises/A,B,D gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the...

8.1CVSS6.3AI score0.00735EPSS
Exploits0References1
Rows per page
Query Builder