Lucene search
K

343 matches found

Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-49213 TypeBot: SSRF protection bypass via IPv6 unspecified address in Typebot HTTP request execution

TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in packages/lib/src/ssrf/validateHttpReqUrl.ts can be bypassed with the IPv6 unspecified address :: because validateIPAddress blocks local, metadata, and private ranges but does not block :: or its expanded form. ...

8.1CVSS0.00319EPSS
Exploits0References4
CVE
CVE
added last week9 views

CVE-2026-54607

FastGPT exposed an SSRF issue in the HTTP-tool OpenAPI schema importer prior to 4.15.0-beta4. The importer validates only the top-level URL before handing refs to SwaggerParser.bundle, whose resolver can fetch and inline $ref URLs bypassing FastGPT’s internal-address guard, enabling an authentica...

7.7CVSS6AI score0.00238EPSS
Exploits0References4
CVE
CVE
added last week9 views

CVE-2026-58468

NocoBase up to version 2.1.20 is affected by a server-side request forgery via the serverRequest wrapper. Authenticated administrators can craft arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin. Exploitation ta...

5.5CVSS6.1AI score0.002EPSS
Exploits0References4
NCSC
NCSC
added last week6 views

Vulnerabilities found in UniFi products from Ubiquiti Networks

Ubiquiti Networks has identified vulnerabilities in various UniFi products, including UniFi Connect Application, UniFi Talk Application, UniFi Access Application, UniFi OS, UniFi Network Application, and UniFi Protect Application. These vulnerabilities involve command injection, SQL injection,...

10CVSS6.2AI score0.00922EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 8:6 a.m.15 views

CVE-2026-48203

CVE-2026-48203 affects Apache Camel’s Solr component. The vulnerability arises because SolrParam.* and SolrField.* headers are copied into Solr request parameters and indexed fields without respecting the Camel/HTTP header boundary, enabling an unauthenticated HTTP client to inject arbitrary Solr...

9.1CVSS6.1AI score0.0037EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/02 2:50 p.m.36 views

CVE-2026-55115

A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery SSRF in UniFi Protect Application to escalate privileges on the host device...

9.9CVSS0.00232EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 5:16 p.m.3 views

DEBIAN-CVE-2026-28385

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

5CVSS5.8AI score0.0017EPSS
Exploits1References1
NVD
NVD
added 2026/06/26 12:16 a.m.10 views

CVE-2026-13318

A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...

6.4CVSS0.00149EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 9:12 p.m.27 views

CVE-2026-12975 Apicurio/apicurio-registry: apicurio-registry: unhardened saxparser in content-type detection leads to blind xxe / ssrf / billion-laughs dos

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

8.5CVSS0.00233EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 3:16 p.m.10 views

CVE-2026-57535

Content injected to PDF rendering contexts could, in many places, include HTML content including tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would download the image from that place and display it, thereby leaking information about the rendering server a...

2.1CVSS0.00308EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 9:38 p.m.24 views

CVE-2026-49979

Appsmith prior to version 1.99 exposes a vulnerability in the POST /api/v1/admin/send-test-email endpoint. An attacker can supply smtpHost and smtpPort values to establish a raw JavaMail TCP connection, bypassing WebClientUtils.IP_CHECK_FILTER (which only applies to Spring WebClient HTTP requests...

5.1CVSS5.9AI score0.00218EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/06/23 5:3 p.m.6 views

EUVD-2026-38537

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

5.3CVSS6AI score0.00146EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.19 views

PT-2026-51459

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description An information disclosure issue exists in the Mirror Settings functionality, which allows authenticated users to import local repositories from the server filesystem. This occurs due to a lack o...

8.1CVSS5.8AI score0.00569EPSS
Exploits0References11
CVE
CVE
added 2026/06/19 5:6 p.m.18 views

CVE-2026-49359

PhpWeasyPrint (pontedilana/php-weasyprint) prior to version 2.6.0 is vulnerable: the attachment option for Pdf can accept any value that passes filter_var(url), including http, https, ftp, file, and PHP streams like php://. The library fetches these values server-side via file_get_contents, allow...

6.5CVSS6AI score0.00242EPSS
Exploits0References4
OSV
OSV
added 2026/06/17 5:55 p.m.6 views

GHSA-JRFP-M64G-PCWV Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects

Summary The SafePlaywrightURLLoader implements a validateurl function to prevent SSRF attacks by checking the IP address of the user-provided URL. However, this validation is performed only on the initial URL. Since Playwright automatically follows HTTP redirects 301/302 by default, an attacker c...

7.7CVSS5.5AI score0.00287EPSS
Exploits1References2
OSV
OSV
added 2026/06/16 8:13 p.m.16 views

GHSA-365W-HQF6-VXFG Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS Execution

Summary Multiple security vulnerabilities in the Crawl4AI Docker API server affecting endpoints for crawling, markdown/LLM extraction, screenshots, PDFs, webhooks, monitoring, JavaScript execution, and configuration. Vulnerabilities 1. Arbitrary File Write via /screenshot and /pdf CWE-22, CVSS 9....

9.8CVSS5.8AI score0.00421EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/16 12:0 a.m.12 views

Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS Execution

Multiple security vulnerabilities in the Crawl4AI Docker API server affecting endpoints for crawling, markdown/LLM extraction, screenshots, PDFs, webhooks, monitoring, JavaScript execution, and configuration...

9.2CVSS5.3AI score0.00276EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/16 12:0 a.m.8 views

Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)

The Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach internal services and cloud metadata endpoints e.g. 169.254.169.254 despite the...

7.5CVSS5.3AI score0.00267EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/12 8:54 p.m.19 views

CVE-2026-53607

Technical details are not publicly available in the provided documents. Monitor for updates and confirm when patched versions or advisories are published.

3.7CVSS5.4AI score0.00226EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-48965

Name of the Vulnerable Software and Affected Versions Koel versions prior to 9.7.1 Description An authenticated, non-admin user can cause the server to make HEAD or GET requests to arbitrary internal hosts. This occurs because the validation rules for the url field in the "POST /api/radio/station...

6.3CVSS5.4AI score0.0016EPSS
Exploits0References4
Rows per page
Query Builder