CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/06/16 8:13 p.m.•7 views

GHSA-365W-HQF6-VXFG Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS Execution

Summary Multiple security vulnerabilities in the Crawl4AI Docker API server affecting endpoints for crawling, markdown/LLM extraction, screenshots, PDFs, webhooks, monitoring, JavaScript execution, and configuration. Vulnerabilities 1. Arbitrary File Write via /screenshot and /pdf CWE-22, CVSS 9....

9.8CVSS5.8AI score

GitLab Advisory Database•added 2026/06/16 12:0 a.m.•8 views

Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS Execution

Multiple security vulnerabilities in the Crawl4AI Docker API server affecting endpoints for crawling, markdown/LLM extraction, screenshots, PDFs, webhooks, monitoring, JavaScript execution, and configuration...

9.2CVSS5.3AI score

Exploits0References3Affected Software1

CVE•added 2026/06/12 8:54 p.m.•11 views

CVE-2026-53607

Technical details are not publicly available in the provided documents. Monitor for updates and confirm when patched versions or advisories are published.

3.7CVSS5.4AI score0.00207EPSS

Positive Technologies•added 2026/06/12 12:0 a.m.•9 views

PT-2026-48965

Name of the Vulnerable Software and Affected Versions Koel versions prior to 9.7.1 Description An authenticated, non-admin user can cause the server to make HEAD or GET requests to arbitrary internal hosts. This occurs because the validation rules for the url field in the "POST /api/radio/station...

6.3CVSS5.4AI score0.0016EPSS

Cvelist•added 2026/06/11 5:16 p.m.•24 views

CVE-2026-46697 Fediverse Embeds: Unauthenticated SSRF / open proxy via REST media-proxy endpoint

Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.8, Fediverse Embeds registered an unauthenticated REST route ftf/media-proxy includes/MediaProxy.php with permissioncallback = returntrue that accepted a base64-encoded URL and forwarded it to wpremoteget$url without...

7.5CVSS0.00241EPSS

Cvelist•added 2026/06/10 8:27 p.m.•26 views

CVE-2026-50131 Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validation before runtime document and media fetching. However, the IPv4 validation logic present starting...

8.6CVSS0.00269EPSS

Positive Technologies•added 2026/06/09 12:0 a.m.•12 views

PT-2026-48274

Name of the Vulnerable Software and Affected Versions Adobe Campaign Classic ACC versions prior to 7.4.3 build 9395 Description A Server-Side Request Forgery SSRF issue exists where the server can be coerced into making unauthorized requests. This can lead to privilege escalation or arbitrary cod...

10CVSS6.2AI score0.00449EPSS

Exploits0References6

GithubExploit•added 2026/06/08 4:1 a.m.•53 views

PHANTOM_CTF_HACKINGCLUB_BY_BSIDESRECIFE

Phantom — CTF Writeup & Exploit HackingClub / BSides Recife...

5.5AI score

Exploits0

RedhatCVE•added 2026/06/06 12:43 p.m.•12 views

CVE-2026-11346

A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...

5.3CVSS5.6AI score0.00226EPSS

NVD•added 2026/06/05 7:16 p.m.•10 views

CVE-2026-46393

HAX CMS helps manage microsite universe with PHP or NodeJs backends. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 26.0.0 allows authenticated users to fetch arbitrary internal or local resources and write the responses to a web-accessible directory, enablin...

7.1CVSS0.00238EPSS

RedhatCVE•added 2026/06/05 7:15 p.m.•6 views

CVE-2026-20035

A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by...

7.2CVSS5.7AI score0.00427EPSS

Positive Technologies•added 2026/06/05 12:0 a.m.•11 views

PT-2026-46932

5.3CVSS5.6AI score0.00226EPSS

Tenable Nessus•added 2026/06/04 12:0 a.m.•8 views

JetBrains TeamCity < 2025.11.5 Multiple Vulnerabilities

The version of JetBrains TeamCity installed on the remote host is prior to 2025.11.5. It is, therefore, affected by multiple vulnerabilities: - In JetBrains TeamCity before 2026.1, 2025.11.5 authenticated users could expose server API to unauthorised access CVE-2026-44413 - In JetBrains TeamCity...

8.2CVSS5.6AI score0.00287EPSS

Cvelist•added 2026/06/02 6:5 p.m.•29 views

CVE-2026-49120 Medplum < 5.1.14 SSRF via FHIR Subscription Endpoint

Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHIR Subscription resources with arbitrary endpoint URLs. Attackers can point subscription endpoints ...

8.5CVSS0.00229EPSS

Packet Storm•added 2026/06/01 12:0 a.m.•52 views

📄 dmonitor 1.0.3 Server-Side Request Forgery / Redis Enumeration

Proof of concept demonstration exploit for dmonitor version 1.0.3 that leverages an unauthenticated server-side request forgery vulnerability to demonstrate redis access and data enumeration...

5.8AI score

Exploits0

Vulnrichment•added 2026/05/29 7:59 a.m.•9 views

CVE-2026-10052 Quay/config-tool: quay/config-tool: ssrf via unfiltered ldap and smtp config validation endpoints

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

4.1CVSS5.8AI score0.00194EPSS