Lucene search
K

679 matches found

Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.18 views

PT-2026-43434

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.22 Description A server-side request forgery SSRF issue exists where an unauthenticated attacker can send crafted requests to internal services due to insufficient input validation in an upload...

9.2CVSS5.8AI score0.06552EPSS
Exploits0References19
RedhatCVE
RedhatCVE
added 2026/05/25 11:37 p.m.16 views

CVE-2026-40682

A flaw was found in Apache OpenNLP. A remote attacker can exploit this vulnerability by providing a specially crafted dictionary file. This can lead to an XML External Entity XXE injection, which allows for the disclosure of local files or enables server-side request forgery SSRF, where the serve...

9.1CVSS5.8AI score0.00515EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/25 8:19 p.m.17 views

CVE-2026-44598

With valid login credentials, URL Redirection to Untrusted Site 'Open Redirect', Server-Side Request Forgery SSRF vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended t...

5.4CVSS5.9AI score0.00383EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/22 7:50 a.m.7 views

CVE-2026-7798 FluentCRM <= 2.9.87 - Unauthenticated Blind Server-Side Request Forgery via 'SubscribeURL' Parameter

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.9.87 via the 'SubscribeURL' parameter. This makes it possible for...

5.4CVSS5.8AI score0.00645EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.19 views

PT-2026-42735

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.9.87 via the 'SubscribeURL' parameter. This makes it possible for...

5.4CVSS5.8AI score0.00645EPSS
Exploits0References9
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Apache2

A properly crafted URI sent to httpd, configured as a forward proxy with ProxyRequests enabled, can cause a crash NULL pointer dereference. In configurations that mix forward and reverse proxy declarations, it can also allow requests to be directed to a declared Unix Domain Socket endpoint...

8.2CVSS7.2AI score0.82295EPSS
Exploits0References2
OSV
OSV
added 2026/05/19 3:16 p.m.5 views

GHSA-JH67-HWQW-M5R7 rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths

Summary Alice exposes a Python SDK ProxyShare with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to urllib.parse.urljoin, which replaces Alice's configured target host with Bob's host and returns the server-side response ...

9.9CVSS5.8AI score0.00061EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 12:51 a.m.10 views

CVE-2026-33234

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogptplatform/backend/backend/blocks/emailblock.py accepts a user-supplied smtpserver string and smtpport integer as...

5CVSS5.9AI score0.00304EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

terrascan 代码问题漏洞

Trenescan is an open-source infrastructure code static security analysis tool developed by Tenable. Versions of Trenescan 1.18.3 and earlier contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the webhookurl parameter of the file...

8.7CVSS6AI score0.00499EPSS
Exploits0References1
CVE
CVE
added 2026/05/18 8:41 a.m.36 views

CVE-2026-6333

Mattermost versions 11.5.x &lt;= 11.5.1 and 10.11.x

5CVSS5.8AI score0.00137EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2026/05/18 12:0 a.m.65 views

📄 Lobster_pro Arbitrary File Read / Server-Side Request Forgery

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services. -----BEGIN PGP...

7.7CVSS6AI score0.0047EPSS
Exploits2
EUVD
EUVD
added 2026/05/15 8:40 p.m.14 views

EUVD-2026-30636

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, a parsing difference between the urlparse and requests libraries led to an SSRF bypass vulnerability. This vulnerability is fixed in 0.9.5...

8.5CVSS5.8AI score0.00292EPSS
Exploits1References1
NVD
NVD
added 2026/05/15 7:16 p.m.22 views

CVE-2021-47958

CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. Attackers can upload SVG files containing external entity references through the browse.php endpoint to access internal service...

5.3CVSS0.00238EPSS
Exploits0References3
NVD
NVD
added 2026/05/15 3:16 p.m.12 views

CVE-2026-39053

Oinone Pamirs 7.0.0 contains an XML External Entity XXE issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML... or ViewXmlUtils.fromXML..., unsafe XML processing can lead to file disclosure or SSRF...

6.5CVSS0.00365EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/14 8:27 p.m.9 views

Server-side Request Forgery (SSRF)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through getcontentfromurl in retrieval/utils.py, SafeWebBaseLoader in web/base.py, and imageedits in routers/images.py. An attacker can cause the server to fetch internal...

8.5CVSS5.8AI score0.003EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 8:12 p.m.8 views

CVE-2026-44661

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS /...

4.7CVSS5.8AI score0.00168EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/14 6:35 p.m.46 views

CVE-2026-44589 nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect)

Nuxt OG Image generates OG Images with Vue templates in Nuxt. The isBlockedUrl denylist introduced in [email protected] to remediate GHSA-pqhr-mp3f-hrpp Dmitry Prokhorov / Positive Technologies, March 2026 is incomplete. It has an incomplete IPv6 prefix list and is missing redirect re-validatio...

3.7CVSS0.00171EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/14 6:0 p.m.11 views

Missing Authentication

github.com/dgraph-io/dgraph is vulnerable to Missing Authentication. The vulnerability is due to the restoreTenant admin mutation missing authorization middleware validation, which allows an unauthenticated attacker to overwrite the database, access server-side files via file:// paths, and perfor...

10CVSS7.3AI score0.00452EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/14 3:46 p.m.5 views

CVE-2026-42281 MagicMirror²: Unauthenticated SSRF via /cors endpoint

MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadat...

9.2CVSS6AI score0.01623EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/14 3:19 p.m.9 views

CVE-2026-42596 Gotenberg: Unauthenticated SSRF via default deny-list bypass in downloadFrom and webhook

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is regex-based and case-sensitive, an unauthenticated attacker can supply URLs such as...

9.4CVSS5.8AI score0.00352EPSS
Exploits1References1
Rows per page
Query Builder