Lucene search
K

7566 matches found

CVE
CVE
added 6 days ago20 views

CVE-2026-22874

Gitea up to version 1.26.2 has incomplete SSRF protection in webhook and migration allow-list filtering (CVE-2026-22874). Affected: Gitea 1.26.x prior to 1.26.3. The issue exposes SSRF risk due to insufficient filtering in webhook and migration allow-list mechanisms. Patches addressing this belon...

9.6CVSS7.1AI score0.00464EPSS
Exploits1References5
Microsoft CVE
Microsoft CVE
added 6 days ago5 views

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Server-side request forgery ssrf in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

5.4CVSS6AI score0.00282EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 6 days ago8 views

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Server-side request forgery ssrf in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

6.5CVSS6AI score0.00617EPSS
Exploits0
Snyk
Snyk
added 6 days ago5 views

Server-side Request Forgery (SSRF)

Overview @theia/core is a the main extension for all Theia-based applications, and provides the main framework for all dependent extensions. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request-service process. An attacker can access sensitive...

8.5CVSS6AI score0.00297EPSS
Exploits0References2
NVD
NVD
added 6 days ago10 views

CVE-2026-11397

The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 3.9.30 via the wpieimportuploadfilefromurl AJAX action. The plugin's URL downloader first calls wpsaferemoteget which correctly blocks private/reserved IP ranges, but wh...

5.5CVSS0.00235EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago10 views

EUVD-2026-41489

The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 3.9.30 via the wpieimportuploadfilefromurl AJAX action. The plugin's URL downloader first calls wpsaferemoteget which correctly blocks private/reserved IP ranges, but wh...

5.5CVSS5.9AI score0.00235EPSS
Exploits0References6
CVE
CVE
added 6 days ago14 views

CVE-2026-11397

The CVE-2026-11397 entry concerns the WordPress plugin WP Import Export Lite (versions

5.5CVSS5.9AI score0.00235EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 6 days ago9 views

CVE-2026-11397

The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 3.9.30 via the wpieimportuploadfilefromurl AJAX action. The plugin's URL downloader first calls wpsaferemoteget which correctly blocks private/reserved IP ranges, but wh...

5.5CVSS5.9AI score0.00235EPSS
Exploits0References7
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-11397 WP Import Export Lite <= 3.9.30 - Authenticated (Administrator+) Server-Side Request Forgery via 'file_url' Parameter

The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 3.9.30 via the wpieimportuploadfilefromurl AJAX action. The plugin's URL downloader first calls wpsaferemoteget which correctly blocks private/reserved IP ranges, but wh...

5.5CVSS0.00235EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-41442

Server-side request forgery ssrf in Microsoft Entra Provisioning Service SyncFabric allows an authorized attacker to elevate privileges over a network...

9.9CVSS5.8AI score0.00644EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-41443

Server-side request forgery ssrf in Azure OpenAI allows an authorized attacker to elevate privileges over a network...

9.9CVSS5.8AI score0.00608EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago15 views

PT-2026-55627

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Server-side request forgery SSRF allows an unauthorized attacker to perform spoofing over a network. SSRF is a flaw where an attacker can induce the server-side...

5.4CVSS5.9AI score0.00282EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-57100

Server-side request forgery ssrf in Microsoft Entra Provisioning Service SyncFabric allows an authorized attacker to elevate privileges over a network...

9.9CVSS5.8AI score0.00644EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 7:47 p.m.9 views

EUVD-2026-33273

Mautic Focus component Vulnerable to SSRF...

6.4CVSS5.8AI score0.00138EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 7:43 p.m.8 views

EUVD-2026-41432

AutoBangumi before 3.2.8 contains a server-side request forgery SSRF vulnerability that allows unauthenticated remote attackers to probe internal network services by supplying arbitrary host values to an unprotected setup endpoint. Attackers can send requests to the POST...

6.9CVSS6AI score0.00321EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/02 7:43 p.m.36 views

CVE-2026-59101 AutoBangumi < 3.2.8 - SSRF via /api/v1/setup/test-downloader

AutoBangumi before 3.2.8 contains a server-side request forgery SSRF vulnerability that allows unauthenticated remote attackers to probe internal network services by supplying arbitrary host values to an unprotected setup endpoint. Attackers can send requests to the POST...

6.9CVSS0.00321EPSS
Exploits0References4
CVE
CVE
added 2026/07/02 7:43 p.m.19 views

CVE-2026-59101

AutoBangumi

6.9CVSS6AI score0.00321EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/02 7:41 p.m.30 views

CVE-2026-59095 LobeChat < 2.2.10-canary.18 - SSRF via importFromUrl and fetchImageFromUrl

LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service importFromUrl and topic cover update fetchImageFromUrl...

8.3CVSS0.00235EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 7:41 p.m.8 views

EUVD-2026-41426

LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service importFromUrl and topic cover update fetchImageFromUrl...

8.3CVSS5.9AI score0.00235EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:41 p.m.6 views

CVE-2026-59095

LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service importFromUrl and topic cover update fetchImageFromUrl...

8.3CVSS5.9AI score0.00235EPSS
Exploits0References4
Rows per page
Query Builder