24846 matches found
PT-2026-45501
Name of the Vulnerable Software and Affected Versions horizon921 mcpilot version 0.1.0 Description A server-side request forgery SSRF exists in the MCP API Call Endpoint within the file client/src/app/api/mcp/call/route.ts. This issue allows a remote attacker to manipulate the serverBaseUrl...
CVE-2026-10177
A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file apidocs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has...
CVE-2026-10177
CVE-2026-10177 affects Aider-AI Aider 0.86.3, specifically the function requests.get in api_docs.py within the AWS EC2 Metadata Endpoint component. The issue enables a server-side request forgery (SSRF) and is exploitable remotely. Public disclosure has occurred, with the vulnerability categorize...
EUVD-2026-33497
A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file apidocs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has...
CVE-2026-10177 Aider-AI Aider AWS EC2 Metadata Endpoint api_docs.py requests.get server-side request forgery
A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file apidocs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has...
CVE-2026-10177 Aider-AI Aider AWS EC2 Metadata Endpoint api_docs.py requests.get server-side request forgery
A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file apidocs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has...
PT-2026-45187
A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file api docs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has...
Aider 代码问题漏洞
Aider is an open-source terminal AI pair programming tool developed by Aider AI. Version 0.86.3 of Aider contains a code vulnerability. This vulnerability stems from the requests.get operation in the apidocs.py file of the AWS EC2 Metadata Endpoint, which leads to server-side request forgeing...
CVE-2018-25409 SIM-PKH 2.4.1 Arbitrary File Upload via aksi_pengurus.php
SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksipengurus.php endpoint with module=pengurus and act=update parameters, which...
CVE-2018-25409 SIM-PKH 2.4.1 Arbitrary File Upload via aksi_pengurus.php
SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksipengurus.php endpoint with module=pengurus and act=update parameters, which...
CVE-2026-JBrowse-Injection
CVE-2026-XXXXX: JBrowse Configuration Injection via URL Parame...
CVE-2026-45373
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in URL as http://::1, the SSRF defenses do not work. This vulnerability is fixed in 0.8.26...
SUSE CVE-2026-49129
Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...
Server-side Request Forgery (SSRF)
Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper URL validation the spidertools component. An attacker can access internal loopback-only HTTP...
Server-side Request Forgery (SSRF)
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
GHSA-5JH9-2H63-PW4Q CC-Tweaked has an SSRF Protection Bypass with NAT64
Summary CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can...
CC-Tweaked has an SSRF Protection Bypass with NAT64
Summary CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can...
CVE-2026-48555
Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl method in InteractsWithMedia.php...
CVE-2026-44285
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery SSRF vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by...
CVE-2026-49093
Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...