Lucene search
+L

183 matches found

NVD
NVD
added 2026/04/08 8:16 p.m.5 views

CVE-2026-39362

InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, when INVENTREEDOWNLOADFROMURL is enabled opt-in, authenticated users can supply remoteimage URLs that are fetched server-side via requests.get with only Django's URLValidator check. There is no validation against...

7.1CVSS0.00233EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 6:34 p.m.9 views

EUVD-2026-20511

A Server-Side Request Forgery SSRF vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before being rendered into PDF. When generating PDFs from user-controlled HTML content, the application...

6.1AI score0.00236EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/08 12:8 a.m.7 views

WWBN AVideo has a Live restream log callback flow enabling stored SSRF to internal services

Summary The Live restream log callback flow accepted an attacker-controlled restreamerURL and later fetched that stored URL server-side, enabling stored SSRF for authenticated streamers. The vulnerable flow allowed a low-privilege user with streaming permission to store an arbitrary callback URL...

6.5CVSS6AI score0.0021EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/06 3:36 p.m.2 views

CVE-2026-34753 vLLM affected by Server-Side Request Forgery (SSRF) in `download_bytes_from_url `

vLLM is an inference and serving engine for large language models LLMs. From 0.16.0 to before 0.19.0, a server-side request forgery SSRF vulnerability in downloadbytesfromurl allows any actor who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests from t...

5.4CVSS6AI score0.00246EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

Ech0 代码问题漏洞

Ech0 is a self-hosted personal microblogging platform developed by L1nSn0w. Versions of Ech0 prior to 4.2.8 had code vulnerabilities. These vulnerabilities stemmed from the GET /api/website/title endpoint, which made server-side HTTP requests to arbitrary URLs without verification. This could all...

7.2CVSS6AI score0.00289EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/04/01 5:3 p.m.7 views

CVE-2026-34360

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the /loadIG HTTP endpoint in the FHIR Validator HTTP service accepts a user-supplied URL via JSON body and makes server-side HTTP requests to it without any hostname,...

5.8CVSS5.8AI score0.00235EPSS
Exploits1References1
NVD
NVD
added 2026/03/31 5:16 p.m.12 views

CVE-2026-34360

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the /loadIG HTTP endpoint in the FHIR Validator HTTP service accepts a user-supplied URL via JSON body and makes server-side HTTP requests to it without any hostname,...

5.8CVSS0.00235EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/31 4:56 p.m.7 views

CVE-2026-34360

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the /loadIG HTTP endpoint in the FHIR Validator HTTP service accepts a user-supplied URL via JSON body and makes server-side HTTP requests to it without any hostname,...

5.8CVSS5.8AI score0.00235EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 1:43 p.m.3 views

CVE-2026-34163

FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's MCP Model Context Protocol tools endpoints /api/core/app/mcpTools/getTools and /api/core/app/mcpTools/runTool accept a user-supplied URL parameter and make server-side HTTP requests to it without validating whether the...

7.7CVSS5.8AI score0.00283EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.8 views

FastGPT 代码问题漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.14.9.5 contained code vulnerabilities. These vulnerabilities stemmed from the HTTP tool testing endpoint /api/core/app/httpTools/runTool, which...

10CVSS5.9AI score0.00416EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.9 views

PT-2026-29163

Name of the Vulnerable Software and Affected Versions HAPI FHIR versions prior to 6.9.4 Description The /loadIG API endpoint in the FHIR Validator HTTP service does not properly validate user-supplied URLs provided via a JSON body before making server-side HTTP requests. This allows an...

5.8CVSS6AI score0.00235EPSS
Exploits1References7
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/30 12:0 a.m.13 views

FHIR Validator: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing

The /loadIG HTTP endpoint in the FHIR Validator HTTP service accepts a user-supplied URL via JSON body and makes server-side HTTP requests to it without any hostname, scheme, or domain validation. An unauthenticated attacker with network access to the validator can probe internal network services...

5.8CVSS5.9AI score0.00235EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.7 views

CVE-2026-33953

LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user t...

8.5CVSS5.9AI score0.00274EPSS
Exploits1References1
NVD
NVD
added 2026/03/27 10:16 p.m.8 views

CVE-2026-33953

LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user t...

8.5CVSS0.00274EPSS
Exploits1References1
CVE
CVE
added 2026/03/27 9:22 p.m.19 views

CVE-2026-33953

CVE-2026-33953 (LinkAce) : The SSRF protection in LinkAce can be bypassed via internal hostname resolution. In versions prior to 2.5.3, direct requests to private IP literals are blocked, but server-side requests to internal resources can still be triggered when those resources are referenced thr...

8.5CVSS5.9AI score0.00274EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/03/27 9:22 p.m.7 views

EUVD-2026-16868

LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user t...

8.5CVSS5.9AI score0.00274EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.11 views

LinkAce 代码问题漏洞

LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.3 had code vulnerabilities. These vulnerabilities stemmed from the fact that internal resources still executed server-side requests when referring ...

8.5CVSS5.9AI score0.00274EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/26 9:30 a.m.10 views

EUVD-2026-16142

A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery SSRF by manipulating the clientsessionhost parameter during refresh token requests. This occurs when a Keycloak client is configured to use the backchannel.logout.url with the application.session.host...

3.1CVSS5.8AI score0.00295EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 7:4 p.m.5 views

GHSA-HH8V-HGVP-G3F5 league/commonmark has an embed extension allowed_domains bypass

Impact The DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like youtube.com.evil passes the allowlist check when youtube.com is an allowed domain. This enabl...

6.3CVSS5.9AI score0.00241EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.10 views

SuiteCRM 代码问题漏洞

SuiteCRM is a customer relationship management system developed by the SuiteCRM team. Versions of SuiteCRM prior to 7.15.1 and 8.9.3 had code vulnerabilities. These vulnerabilities stemmed from the img tag in PDF templates, which could lead to server-side requests, potentially resulting in...

5.3CVSS5.9AI score0.00169EPSS
Exploits0References2
Rows per page
Query Builder