Lucene search
+L

357 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/08 10:26 p.m.10 views

CVE-2026-42346

Postiz is an AI social media scheduling tool. From version 2.16.6 to before version 2.21.7, all SSRF protections added in v2.21.4–v2.21.6 share a fundamental TOCTOU Time-of-Check-Time-of-Use vulnerability: isSafePublicHttpsUrl resolves DNS to validate the target IP, but subsequent fetch calls...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/08 7:29 p.m.3 views

CVE-2026-42180 Lemmy: SSRF in /api/v3/post via Webmention dispatch

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy allows an authenticated low-privileged user to create a link post through POST /api/v3/post. When a post is created in a public community, the backend asynchronously sends a Webmention to the attacker-controll...

6.3CVSS6AI score0.00184EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.15 views

Flarum 路径遍历漏洞

Flarum is an open-source forum software developed by Flarum for building communities. Versions of Flarum prior to 1.8.16 and 2.0.0-rc.1 contained a path traversal vulnerability. This vulnerability stemmed from the lack of restrictions on the values of LESS configuration variables, which could lea...

4.9CVSS5.9AI score0.00404EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

FastGPT 代码问题漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.14.17 contained code vulnerabilities. These vulnerabilities stemmed from the fetchData function in the lafModule workflow node, which used axios t...

2.3CVSS5.9AI score0.00228EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 1:36 p.m.7 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality (CVE-2025-62718)

Summary Node.js module axios is used by IBM App Connect Enterprise Certified Container for HTTP communications. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in...

9.9CVSS5.8AI score0.01161EPSS
Exploits1Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 12:57 a.m.11 views

Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes

Summary FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when it navigates to the URL. An attacker who controls DNS for a hostname...

5.3CVSS5.8AI score0.00186EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/05/07 12:57 a.m.24 views

GHSA-2PMR-289P-44R3 Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes

Summary FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when it navigates to the URL. An attacker who controls DNS for a hostname...

5.3CVSS5.8AI score0.00186EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/06 6:30 p.m.16 views

EUVD-2026-27848

A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by...

7.2CVSS6AI score0.00304EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 8:29 p.m.11 views

GHSA-J4RJ-2JR5-M439 ssrfcheck Vulnerable to Server-Side Request Forgery (SSRF) and Incomplete List of Disallowed Inputs

Summary ssrfcheck v1.3.0 latest fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address e.g. http://::ffff:127.0.0.1/. The WHATWG URL parser built into Node.js silently normalizes the IPv4 notation inside the brackets to...

8.2CVSS5.8AI score0.00226EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 7:22 p.m.4 views

CVE-2026-34084 PhpSpreadsheet SSRF and RCE via PHP stream wrappers in IOFactory::load

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, 2.2.0 through 2.4.3, 3.3.0 through 3.10.3, and 4.0.0 through 5.5.0, when the filename argument to IOFactory::load is user-controlled, an attacker can supply a PHP stream...

9.2CVSS7.7AI score0.00712EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/05 7:19 p.m.15 views

CVE-2026-33975 twenty-server SSRF protection bypass via IPv4-mapped IPv6 address normalization

Twenty is an open source CRM built with NestJS Node.js. In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 addresses in URL IP literals. Node.js's URL parser normalizes IPv4-mapped IPv6 addresses to compressed hex...

8.3CVSS5.8AI score0.0024EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.12 views

PT-2026-37295

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions prior to 29.0 Description An authenticated user can configure a donation-notification webhook URL to point to internal, loopback, or metadata hosts, such as http://127.0.0.1:8080/ or http://169.254.169.254/latest/. When...

5.4CVSS5.8AI score0.00165EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.8 views

CVE-2026-6812

The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the onaactivatechildtheme. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating...

4.4CVSS5.9AI score0.0025EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/04 4:55 p.m.8 views

CVE-2026-40682 Apache OpenNLP: XXE via Dictionary Parsing in DictionaryEntryPersistor

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

5.8AI score0.00515EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-39087

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ntfy before 2.22.0 allows SSRF because of an unanchored regular expression for web push endpoint URLs. CVE-2026-39087 Note that Nessus relies on the presence of...

9.8CVSS6.1AI score0.00272EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.13 views

Apache OpenNLP 代码问题漏洞

Apache OpenNLP is a natural language processing toolkit developed by the Apache Foundation. Versions of Apache OpenNLP prior to 2.5.9 and 3.0.0-M3 contained code vulnerabilities. These vulnerabilities stemmed from the lack of enabling FEATURESECUREPROCESSING or disabling DTD processing during the...

9.1CVSS5.9AI score0.00515EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/30 12:0 a.m.5 views

CVE-2026-36756

A Server-Side Request Forgery SSRF in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

5.2AI score0.00143EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/30 12:0 a.m.34 views

CVE-2026-36759

A Server-Side Request Forgery SSRF in the /themes/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

0.00209EPSS
Exploits0References2
Veracode
Veracode
added 2026/04/29 6:40 a.m.16 views

Improper Input Validation

org.springframework.security:spring-security-oauth2-authorization-server is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of client metadata fields during dynamic client registration, which allows an attacker to register a malicious client and exploi...

9.6CVSS5.2AI score0.00425EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/25 11:48 p.m.16 views

OpenClaw: QQBot direct media upload skipped URL SSRF validation

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact The QQBot direct-upload media path could forward attacker-controlled image URLs without applying the SSRF validation used by the local download path. This could make configured...

6.3CVSS5.5AI score0.00236EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder