Lucene search
K

9291 matches found

Cvelist
Cvelist
added 2026/06/24 9:36 p.m.19 views

CVE-2026-55455 Appsmith: SSRF in REST API / GraphQL datasource plugins via insufficient host denylist

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the outbound HTTP host filter applied by WebClientUtils used by the REST API and GraphQL datasource plugins validates hosts against an exact-match string denylist. The comprehensive address-class check...

5.3CVSS0.0022EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 6:9 p.m.15 views

CVE-2026-53945

CVE-2026-53945 affects Ghost CMS: from 6.0.9 up to 6.21.1, the private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing the Ghost server to reach internal hosts through features that issue external fetches. Remediation: upgrade to Ghost 6.21.1 or later. Impact per...

4CVSS5.9AI score0.0014EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 5:42 p.m.29 views

CVE-2026-44016 Docling: Unsafe Playwright-based HTML Rendering

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering...

8.2CVSS0.00384EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 1:20 p.m.17 views

CVE-2026-57303

CVE-2026-57303 affects Jenkins Assembla Plugin 1.4 and earlier. The root cause is that the plugin’s XML parser is not configured to prevent XML external entity (XXE) attacks. This can allow an attacker who can influence the Assembla server responses to exfiltrate secrets from the Jenkins controll...

7.1CVSS5.9AI score0.00224EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/24 10:45 a.m.6 views

EUVD-2026-38735

Server-Side Request Forgery SSRF CWE-918 in the PDF generation endpoint GET /api/reports/id/pdf backend/main.py in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the...

6.9CVSS6.1AI score0.00292EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 7:16 a.m.8 views

CVE-2026-11370

The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'newlink' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations...

6.4CVSS0.00242EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:33 a.m.6 views

CVE-2026-12095

The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'apiurl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

7.2CVSS6AI score0.0029EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.32 views

CVE-2026-11370 WP Meta SEO <= 4.5.18 - Authenticated (Contributor+) Server-Side Request Forgery via 'new_link' Parameter

The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'newlink' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations...

6.4CVSS0.00242EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 5:33 a.m.15 views

CVE-2026-12100

CVE-2026-12100 affects the WordPress URL Preview plugin. It is vulnerable to unauthenticated Server-Side Request Forgery via the url parameter in all versions up to and including 1.0. An unauthenticated attacker can cause the web application to issue requests to arbitrary locations from the web a...

7.2CVSS5.9AI score0.00281EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52113

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 2.1 Description The bundled Caddy reverse-proxy admin API is bound to 0.0.0.0:2019 inside the container and lacks authentication by default. Although the listener is not published to the host, it remains accessible t...

9.9CVSS5.8AI score0.00328EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52163

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.3 Description A Server-Side Request Forgery SSRF issue exists in the URL component located at src/lfx/src/lfx/components/data source/url.py. This is caused by a Time-of-Check/Time-of-Use TOCTOU race...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2026/06/24 12:0 a.m.6 views

Gitlab -- Vulnerabilities

Gitlab reports: Cross-site Scripting issue in Analytics Dashboard impacts GitLab EE Cross-site Scripting issue in Web IDE workbench asset handler impacts GitLab CE/EE Information Disclosure issue in Duo Workflows impacts GitLab EE Authorization Bypass issue in Virtual Registry Cleanup Policy API...

8.7CVSS5.6AI score0.00328EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/23 9:22 p.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the JDKFromStringDeserializer class, which constructs InetSocketAddress and resolves the hostname through DNS at deserialization time. An attacker can force the server to issue outbound DNS lookups fo...

6.9CVSS5.8AI score0.00219EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 8:51 p.m.27 views

CVE-2026-54514 jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...

5.3CVSS0.00219EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 6:15 p.m.9 views

CVE-2026-53755

CVE-2026-53755 affects Crawl4AI up to version 0.8.9. The Docker API server fails to apply SSRF checks to proxy addresses, allowing an unauthenticated attacker to specify a proxy pointing at an internal IP while using a valid crawl URL. This can route Chromium egress through the proxy to reach int...

8.6CVSS5.9AI score0.00289EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/06/23 5:3 p.m.7 views

CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

5.4CVSS6AI score0.00146EPSS
Exploits1
Cvelist
Cvelist
added 2026/06/23 4:50 p.m.42 views

CVE-2026-54008 Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url`

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backend/openwebui/utils/oauth.py::processpictureurl calls validateurlpictureurl on the initial URL only, then invokes aiohttp.ClientSession.getpictureurl, ... without...

8.5CVSS0.00203EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/06/23 4:46 p.m.4 views

WordPress WP Meta SEO plugin <= 4.5.18 - Authenticated (Contributor+) Server-Side Request Forgery vulnerability

Authenticated Contributor+ Server-Side Request Forgery vulnerability discovered by Enes Ismail - Enes in WordPress Plugin WP Meta SEO versions = 4.5.18...

6.4CVSS5.8AI score0.00242EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/23 8:0 a.m.8 views

CVE-2026-12774

A flaw was found in BerriAI litellm. A remote attacker could exploit a Server-Side Request Forgery SSRF vulnerability in the MCP Server Connection Testing component. This flaw, specifically within the executewithmcpclient function, allows an attacker to trick the server into making unauthorized...

6.5CVSS6.5AI score0.00262EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.6 views

PT-2026-51623

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description A Server-Side Request Forgery SSRF issue exists in the repository migration functionality. The application validates the hostname of the initially submitted URL against a blocklist of local and...

8.7CVSS5.9AI score0.00384EPSS
Exploits0References13
Rows per page
Query Builder