CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24880 matches found

Tenable Nessus•added 2026/05/29 12:0 a.m.•14 views

openSUSE 16 Security Update : apache2 (openSUSE-SU-2026:20810-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20810-1 advisory. Changes in apache2: Version update to 2.4.66 jscPED-16181 SECURITY: CVE-2025-66200: Apache HTTP Server: moduserdir+suexec bypass via AllowOverri...

9.1CVSS7AI score0.03322EPSS

Exploits2References24

Snyk•added 2026/05/28 10:45 p.m.•4 views

Server-side Request Forgery (SSRF)

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Webhook connector. An attacker can access internal network resources by configuring a...

7.7CVSS5.3AI score0.00272EPSS

Exploits0References2

Snyk•added 2026/05/28 10:44 p.m.•5 views

Server-side Request Forgery (SSRF)

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the connector management. An attacker can access internal network resources by bypassing...

7.7CVSS5.3AI score0.0018EPSS

Exploits0References2

NVD•added 2026/05/28 9:16 p.m.•8 views

CVE-2026-9645

Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complete system compromise as commands are executed as root...

9.9CVSS0.00316EPSS

Exploits0References1

NVD•added 2026/05/28 9:16 p.m.•9 views

CVE-2026-42398

Server-Side Request Forgery CWE-918 in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kibana to issue outbound requests to destinations...

7.7CVSS0.00272EPSS

Exploits0References1

Cvelist•added 2026/05/28 8:38 p.m.•28 views

CVE-2026-45366 typescript-utcp: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol

typescript-utcp is a typescript implementation of UTCP. Prior to 1.1.2, the @utcp/http package is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registerManual validates the discovery URL against an HTT...

4.7CVSS0.00122EPSS

Exploits0References1

EUVD•added 2026/05/28 8:38 p.m.•9 views

EUVD-2026-33053

4.7CVSS5.8AI score0.00122EPSS

Exploits0References1

Vulnrichment•added 2026/05/28 8:38 p.m.•7 views

CVE-2026-45366 typescript-utcp: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol

4.7CVSS5.8AI score0.00122EPSS

Exploits0References1

NVD•added 2026/05/28 8:16 p.m.•10 views

CVE-2026-49129

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...

6.9CVSS0.00281EPSS

Exploits0References7

OSV•added 2026/05/28 8:16 p.m.•5 views

UBUNTU-CVE-2026-49129

6.9CVSS5.8AI score0.00281EPSS

Exploits0References9

RedhatCVE•added 2026/05/28 8:12 p.m.•10 views

CVE-2026-45061

Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint POST /api/plugin validates the submitted URL with a single substring check: url.includes".tar.gz". Any URL containing .tar.gz anywhere in the string — in the path, query string, or fragment — passes thi...

7.7CVSS5.8AI score0.00263EPSS

Exploits0References1

EUVD•added 2026/05/28 7:51 p.m.•7 views

EUVD-2026-33035

Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...

6.3CVSS5.8AI score0.0018EPSS

Exploits0References1

CVE•added 2026/05/28 7:51 p.m.•25 views

CVE-2026-49093

CVE-2026-49093 describes a Server-Side Request Forgery (SSRF) in Kibana that can be exploited by an authenticated user with connector management privileges to bypass the operator-configured allowlist and make Kibana issue outbound requests to blocked destinations. The issue affects Kibana 9.x ver...

7.7CVSS5.8AI score0.0018EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/05/28 7:51 p.m.•25 views

CVE-2026-49093 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

6.3CVSS0.0018EPSS

Exploits0References1

Vulnrichment•added 2026/05/28 7:51 p.m.•7 views

CVE-2026-49093 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

6.3CVSS5.8AI score0.0018EPSS

Exploits0References1

CVE•added 2026/05/28 7:47 p.m.•14 views

CVE-2026-42398

Kibana is affected by SSRF (CWE-918) where authenticated users with connector-management privileges can bypass the operator-configured allowlist by configuring a Webhook connector to target destinations. The issue allows outbound requests to blocked destinations as per egress controls. Affected v...

7.7CVSS5.8AI score0.00272EPSS

Exploits0References1Affected Software1