Lucene search
+L

183 matches found

CNNVD
CNNVD
added 2026/03/13 12:0 a.m.7 views

centrifugo 代码问题漏洞

Centrifugo is a real-time message pushing server open-sourced by Centrifugal Labs. Versions of Centrifugo prior to 6.7.0 had code vulnerabilities. These vulnerabilities stemmed from improper configuration of dynamic JWKS endpoint URLs, which could allow unauthenticated attackers to forge...

9.3CVSS6.5AI score0.00258EPSS
Exploits1References1
NVD
NVD
added 2026/03/12 8:16 p.m.5 views

CVE-2026-32251

Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources .xml and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files...

9.3CVSS0.00424EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/12 7:21 p.m.2 views

CVE-2026-32251 Tolgee has an XXE Injection in Translation Import

Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources .xml and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files...

9.3CVSS5.9AI score0.00424EPSS
Exploits1References3
OSV
OSV
added 2026/03/12 2:23 p.m.7 views

GHSA-FMFG-9G7C-3VQ7 ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle

Summary The ha-mcp OAuth consent form beta feature accepts a user-supplied haurl and makes a server-side HTTP request to haurl/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network reconnaissance via an error oracle. Two additional co...

5.3CVSS6AI score0.00278EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/11 9:45 p.m.9 views

EUVD-2026-11414

2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server to internal networks and cloud metadata endpoints. Th...

7.8CVSS5.9AI score0.00505EPSS
Exploits1References1
CVE
CVE
added 2026/03/11 9:45 p.m.14 views

CVE-2026-32133

CVE-2026-32133 concerns the 2FAuth web app versioned before 6.1.0. A blind SSRF flaw in the OTP URL’s image parameter allows authenticated users to cause the server to make arbitrary HTTP requests from internal networks and cloud metadata endpoints. The issue is triggered by insufficient validati...

9.1CVSS5.9AI score0.00505EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/03/11 3:15 a.m.7 views

CVE-2026-21294

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A high-privileged attacker could exploit this vulnerability to manipulate...

5.5CVSS0.00232EPSS
Exploits0References1
OSV
OSV
added 2026/03/11 12:24 a.m.6 views

GHSA-FVCW-9W9R-PXC7 Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access

Description: Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including private/internal IP ranges RFC 1918, localhost, or cloud metadata endpoints. This enables...

7.1CVSS5.8AI score0.023EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.9 views

pinchtab 代码问题漏洞

Pinchtab is an open-source AI proxy browser control tool developed by Pinchtab. Versions of Pinchtab prior to 0.7.7 contained code vulnerabilities. These vulnerabilities stemmed from the download endpoint’s server-side request forgeing, which could allow the server to make requests to arbitrary...

7.5CVSS7.4AI score0.00423EPSS
Exploits1References1
OSV
OSV
added 2026/03/03 8:43 a.m.4 views

BIT-KIBANA-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)

Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...

8.6CVSS6.1AI score0.00254EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/27 9:30 a.m.6 views

EUVD-2026-9015

An XML External Entity XXE vulnerability allows malicious user to perform Server-Side Request Forgery SSRF via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core...

7.5CVSS5.9AI score0.00265EPSS
Exploits0References2
OSV
OSV
added 2026/02/26 12:36 a.m.9 views

CVE-2026-27829 Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize

Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing image.domains / image.remotePatterns restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an inferSize option that fetches remote images at rend...

6.5CVSS5.9AI score0.00281EPSS
Exploits1References4
OSV
OSV
added 2026/02/25 10:42 p.m.5 views

GHSA-X288-3778-4HHX Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline

A Server-Side Request Forgery SSRF vulnerability has been identified in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL reconstruction logic directly trusts and consumes user-controlled HTTP headers specifically the Host and X-Forwarded- family t...

9.2CVSS5.7AI score0.00497EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/02/24 2:56 p.m.1 views

CVE-2026-27732 AVideo has Authenticated Server-Side Request Forgery via downloadURL in aVideoEncoder.json.php

WWBN AVideo is an open source video platform. Prior to version 22.0, the aVideoEncoder.json.php API endpoint accepts a downloadURL parameter and fetches the referenced resource server-side without proper validation or an allow-list. This allows authenticated users to trigger server-side requests ...

8.6CVSS6AI score0.00235EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/19 7:22 p.m.7 views

CVE-2026-27472

SPIP before 4.4.9 allows Blind Server-Side Request Forgery SSRF via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is a valid remote URL, allowing an authenticated attacker to make the server issue requests to arbitra...

5.3CVSS6AI score0.00262EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.14 views

PT-2026-20876

Name of the Vulnerable Software and Affected Versions Hyland Alfresco Transformation Service affected versions not specified Description The Hyland Alfresco Transformation Service is susceptible to exploitation allowing unauthenticated attackers to perform arbitrary file read and server-side...

9.8CVSS5.4AI score0.00544EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/02/14 8:26 a.m.5 views

CVE-2026-1249 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 5.3 - 5.10 - Authenticated (Author+) Server-Side Request Forgery

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the 'loadlyricsajaxcallback' function. This makes it possible for authenticated attackers, with author level access and above, to mak...

5CVSS5.7AI score0.00183EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.8 views

WordPress plugin User Language Switch 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.5CVSS5.9AI score0.00335EPSS
Exploits0References5
NVD
NVD
added 2026/02/06 10:16 p.m.10 views

CVE-2026-25123

Homarr is an open-source dashboard. Prior to 1.52.0, a public unauthenticated tRPC endpoint widget.app.ping accepts an arbitrary url and performs a server-side request to that URL. This allows an unauthenticated attacker to trigger outbound HTTP requests from the Homarr server, enabling SSRF...

5.3CVSS0.00264EPSS
Exploits0References1
CVE
CVE
added 2026/02/06 9:19 p.m.17 views

CVE-2026-25123

Homarr (open-source dashboard) prior to version 1.52.0 contains an unauthenticated tRPC endpoint widget.app.ping that accepts an arbitrary URL and performs a server-side request. This enables SSRF from the Homarr server and can be used as a port-scanning primitive (open vs closed ports inferred f...

5.3CVSS5.7AI score0.00264EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder