Lucene search
+L

26316 matches found

Cvelist
Cvelist
added yesterday14 views

CVE-2026-53727 css_parser: SSRF and Local File Disclosure in `CssParser::Parser#read_remote_file`

cssparser is a Ruby CSS parser. From 2.2.0 until 3.0.0, CssParser::Parserreadremotefile in lib/cssparser/parser.rb, and therefore loaduri! and the @import-following branch of addblock!, issued HTTP and HTTPS requests against any host, port, and URI without a scheme allowlist, host or IP filtering...

8.9CVSS
Exploits0References4
Cvelist
Cvelist
added yesterday10 views

CVE-2026-16074 AstrBotDevs AstrBot Plugin Update plugin.py update_all_plugins server-side request forgery

A vulnerability was detected in AstrBotDevs AstrBot up to 4.25.2. This affects the function updateplugin/updateallplugins of the file astrbot/dashboard/routes/plugin.py of the component Plugin Update Handler. The manipulation of the argument downloadurl/downloadurls/proxy results in server-side...

6.5CVSS
Exploits0References5
CVE
CVE
added yesterday7 views

CVE-2026-16074

CVE-2026-16074 affects AstrBot up to version 4.25.2. The vulnerability lies in the function update_plugin/update_all_plugins (file astrbot/dashboard/routes/plugin.py) where manipulation of the arguments download_url/download_urls/proxy enables server-side request forgery (SSRF). Exploitation may ...

6.5CVSS6.1AI score
Exploits0References5
CVE
CVE
added yesterday16 views

CVE-2026-7754

CVE-2026-7754 affects Langflow OSS versions 1.0.0–1.10.0, where SSRF protection could be disabled by default settings, allowing an authenticated user to trigger server-side requests to arbitrary URLs (including metadata endpoints). The IBM bulletin confirms the vulnerability stems from misconfigu...

7.7CVSS5.3AI score
Exploits0References1
Cvelist
Cvelist
added yesterday13 views

CVE-2026-7754 SSRF Protection Configuration Vulnerability

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow 1.9.0 could allow server-side request forgery SSRF due to insecure default configuration and incomplete enforcement of the SSRF protection mechanism...

7.7CVSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-45286

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow 1.9.0 could allow server-side request forgery SSRF due to insecure default configuration and incomplete enforcement of the SSRF protection mechanism...

7.7CVSS5.3AI score
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-9135

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 commit 94981c443d4918517b9e8163d70fc598dc33a32d contain a code injection vulnerability in the Policies component's ToolGuard integration that bypasses the allowcustomcomponents=false security control. The vulnerability exists...

9.9CVSS
Exploits0References1
Github Security Blog
Github Security Blog
added yesterday4 views

TAK-PS-Stats Web UI: Authenticated full-read SSRF in CloudTAK basemap import (PUT /api/basemap) — no IP-classification guard

Summary PUT /api/basemap the basemap import endpoint fetches an attacker-supplied URL server-side with no SSRF protection whatsoever. Any authenticated user can submit a JSON body "type": "...", "url": "" ; the server calls fetchurl against that URL and then reflects the response body name,...

5.6AI score
Exploits0References2Affected Software1
Cvelist
Cvelist
added yesterday13 views

CVE-2026-9135 Policies Component Dynamic CodeInput Fields Bypass Custom Component Validation

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 commit 94981c443d4918517b9e8163d70fc598dc33a32d contain a code injection vulnerability in the Policies component's ToolGuard integration that bypasses the allowcustomcomponents=false security control. The vulnerability exists...

9.9CVSS
Exploits0References1
Github Security Blog
Github Security Blog
added yesterday5 views

meta-ads-mcp: Server-Side Request Forgery (SSRF) in `upload_ad_image` via Unrestricted `image_url` Fetch

Server-Side Request Forgery SSRF in uploadadimage via Unrestricted imageurl Fetch Summary The uploadadimage MCP tool in meta-ads-mcp v1.0.113 passes an attacker-controlled imageurl parameter directly to an HTTP fetch helper httpx.AsyncClientfollowredirects=True.geturl without any scheme, host, or...

6AI score
Exploits0References4Affected Software1
NVD
NVD
added yesterday5 views

CVE-2026-63096

Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows unauthenticated attackers to cause the server to open outbound TLS connections to arbitrary hosts and ports by supplying an unvalidated serverName parameter to the legacy media download endpoint. Attackers ca...

6.9CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added yesterday5 views

CVE-2026-9588 Authenticated Stored Cross-Site Scripting (XSS) in Switchvox SMB Web Portal

A stored cross-site scripting XSS vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997 within the voicemail notification template functionality. The submitmodifyvoicemailtemplate endpoint fails to properly sanitize HTML content supplied by authenticated users, allowing malicious...

7CVSS4.9AI score
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-9588

The CVE concerns Sangoma Switchvox SMB Edition 8.3 (104997). A vulnerability in the voicemail notification template functionality allows an authenticated user to submit HTML via template_text to the submit_modify_voicemail_template endpoint, which is not properly sanitized, enabling stored XSS th...

7CVSS4.9AI score
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-63096

CVE-2026-63096 affects Dendrite up to version 0.13.8, which contains a server-side request forgery (SSRF) flaw in the legacy media download endpoint. An unauthenticated attacker can supply an unvalidated serverName parameter to trigger outbound TLS connections to arbitrary hosts/ports. Error mess...

6.9CVSS5.5AI score
Exploits0References2
Cvelist
Cvelist
added yesterday16 views

CVE-2026-63096 Dendrite 0.13.8 SSRF via Unauthenticated Legacy Media Download Endpoint

Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows unauthenticated attackers to cause the server to open outbound TLS connections to arbitrary hosts and ports by supplying an unvalidated serverName parameter to the legacy media download endpoint. Attackers ca...

6.9CVSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-45194

Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows unauthenticated attackers to cause the server to open outbound TLS connections to arbitrary hosts and ports by supplying an unvalidated serverName parameter to the legacy media download endpoint. Attackers ca...

6.9CVSS5.5AI score
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-16016

A vulnerability was identified in poco-ai poco-claw up to 0.5.4. This issue affects the function runtask of the file executor/app/api/v1/task.py. The manipulation of the argument callbackurl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is...

7.5CVSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-16016

A vulnerability was identified in poco-ai poco-claw up to 0.5.4. This issue affects the function runtask of the file executor/app/api/v1/task.py. The manipulation of the argument callbackurl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is...

7.5CVSS7AI score
Exploits0References5Affected Software1
Cvelist
Cvelist
added yesterday13 views

CVE-2026-16016 poco-ai poco-claw task.py run_task server-side request forgery

A vulnerability was identified in poco-ai poco-claw up to 0.5.4. This issue affects the function runtask of the file executor/app/api/v1/task.py. The manipulation of the argument callbackurl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is...

7.5CVSS
Exploits0References6
CVE
CVE
added yesterday8 views

CVE-2026-16016

The CVE-2026-16016 entry affects Poco AI’s poco-claw up to version 0.5.4. Affected component: run_task in executor/app/api/v1/task.py. Root cause: manipulation of the callback_url argument enables server-side request forgery (SSRF). Impact: remote exploitation with potential access to internal re...

7.5CVSS7AI score
Exploits0References6
Rows per page
Query Builder