Lucene search
K

25661 matches found

CVE
CVE
added 3 hours ago5 views

CVE-2026-3576

CVE-2026-3576 affects the Planyo Online Reservation System plugin for WordPress (versions up to 3.0). The flaw is an unauthenticated Server-Side Request Forgery via the ulap_url AJAX proxy (ulap.php). The allowlist checks a host (e.g., localhost) but does not validate the URL scheme, allowing a c...

7.2CVSS6.2AI score
Exploits0References12
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-43084

Server-Side Request Forgery SSRF vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...

6.1AI score
Exploits0References2
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-43057

Server-Side Request Forgery SSRF vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2...

6.1AI score
Exploits0References2
CVE
CVE
added yesterday442 views

CVE-2026-55807

CVE-2026-55807 concerns a Server-Side Request Forgery in Drupal core related to the oEmbed URL discovery path within the Media module. The issue allows the server to make unauthorized requests to arbitrary URLs, as described by multiple sources. Affected Drupal core versions include 0.0.0–10.5.12...

6.1AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-13233

Summary: CVE-2026-13233 is a Server-Side Request Forgery (SSRF) vulnerability in the Drupal OpenAI Provider module. The issue arises because the module does not sufficiently sanitize user-supplied URLs, enabling SSRF. Affected software: Drupal OpenAI Provider module (OpenAI as a provider for the ...

6.1AI score
Exploits0References1
NVD
NVD
added yesterday7 views

CVE-2026-15146

GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...

5.9CVSS
Exploits0References3
CVE
CVE
added yesterday6 views

CVE-2026-15146

GNU Wget is vulnerable in FTP passive mode due to not validating the IP address in the PASV response, enabling potential SSRF to localhost/internal resources via a malicious FTP/redirected HTTP server. The issue is addressed in the 4f85853f... commit, which validates the PASV address against the ...

5.9CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added yesterday10 views

CVE-2026-15146 CVE-2026-15146

GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...

Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-55641

9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key authentication. In the default configuration, this...

8.2CVSS
Exploits0References3
NVD
NVD
added yesterday6 views

CVE-2026-15143

A flaw was found in the filetype content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition XSD string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file...

9.3CVSS
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-55641

9router (affected component: /v1 LLM proxy logic) had an unauthenticated bypass due to client-controlled Host header processing before version 0.5.2. This allowed a remote attacker to craft Host: localhost to bypass API-key checks, potentially enabling upstream provider calls with stored credenti...

8.2CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added yesterday9 views

CVE-2026-55641 9router: Unauthenticated `/v1` proxy access via `Host`-header spoofing → open AI relay + SSRF

9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key authentication. In the default configuration, this...

8.2CVSS
Exploits0References3
CVE
CVE
added yesterday10 views

CVE-2026-56676

9router is affected by an image prefetch DNS rebinding vulnerability (CVE-2026-56676). Prior to v0.5.2, the application validates the image URL by DNS resolution but then performs a server-side fetch with a separate DNS lookup, enabling an authenticated attacker with access to the LLM proxy to tr...

7.4CVSS6.1AI score
Exploits0References3
CVE
CVE
added yesterday9 views

CVE-2026-15143

CVE-2026-15143 affects guardrails-detectors' file_type content detector. An attacker can supply an arbitrary XML Schema (XSD) string, processed without proper restrictions, enabling server-side requests to arbitrary URLs or local file reads and risking disclosure of sensitive information.

9.3CVSS6.1AI score
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-60091

PraisonAI before 4.6.78 contains an unauthenticated server-side request forgery vulnerability in the Jobs API /api/v1/runs endpoint. The webhookurl parameter is validated at request time but re-resolved at connection time, allowing attackers to use DNS rebinding to reach internal services with a...

7.2CVSS
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-56261

Crawl4AI before 0.8.7 contains a server-side request forgery SSRF vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation. An attacker can supply webhook URLs pointing to private or internal IP ranges, Docker networks, o...

9.2CVSS
Exploits0References3
CVE
CVE
added yesterday5 views

CVE-2026-60091

PraisionAI before 4.6.78 is affected by an unauthenticated SSRF in the Jobs API /api/v1/runs. The webhook_url parameter is validated at request time but re-resolved at connection time, enabling DNS rebinding to reach internal services via a blind SSRF attack. CVSS metrics: CVSSv3.1 base score 7.2...

7.2CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added yesterday8 views

CVE-2026-60091 PraisonAI before 4.6.78 Unauthenticated SSRF via webhook_url

PraisonAI before 4.6.78 contains an unauthenticated server-side request forgery vulnerability in the Jobs API /api/v1/runs endpoint. The webhookurl parameter is validated at request time but re-resolved at connection time, allowing attackers to use DNS rebinding to reach internal services with a...

7.2CVSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-56261

CVE-2026-56261 affects Crawl4AI prior to 0.8.7. The Docker API server endpoints /crawl/job and /llm/job accept webhook URLs without destination validation, allowing SSRF to private/internal IP ranges, Docker networks, or cloud metadata endpoints (e.g., 169.254.169.254). Potential impact is exposu...

9.2CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added yesterday9 views

CVE-2026-56261 Crawl4AI - Server-Side Request Forgery via Webhook URLs

Crawl4AI before 0.8.7 contains a server-side request forgery SSRF vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation. An attacker can supply webhook URLs pointing to private or internal IP ranges, Docker networks, o...

9.2CVSS
Exploits0References3
Rows per page
Query Builder