Lucene search
+L

269 matches found

nvd
nvd
added 6 days ago7 views

CVE-2026-12123

The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locatio...

6.4CVSS0.00246EPSS
Exploits0References12
cve
cve
added 2026/07/08 9:2 p.m.17 views

CVE-2026-60105

Monsta FTP before 2.14.5 contains a server-side request forgery (SSRF) in the fetchRemoteFile action due to an incomplete IP blocklist in isBlockedIP(), which fails to detect IPv4 addresses embedded in IPv4-mapped IPv6 addresses. An unauthenticated attacker can obtain a CSRF token from the public...

8.6CVSS5.9AI score0.00353EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.6 views

PT-2026-56613

Name of the Vulnerable Software and Affected Versions Monsta FTP versions prior to 2.14.5 Description An unauthenticated attacker can trigger a server-side request forgery SSRF by bypassing an IP blocklist. The issue occurs in the fetchRemoteFile action due to an incomplete check in the isBlocked...

8.6CVSS5.9AI score0.00353EPSS
Exploits0References9
osv
osv
added 2026/07/07 9:18 p.m.5 views

CVE-2026-55418 FastGPT: S3 presign/read handlers do not bind the object key to the caller's team (cross-team file disclosure)

FastGPT is an open source AI knowledge base platform. Prior to v4.15.0-beta5, two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from the request, without checking that the key belongs to the caller's team. Because S3 object key...

8.6CVSS6AI score0.00299EPSS
Exploits0References6
cve
cve
added 2026/07/03 4:30 a.m.16 views

CVE-2026-11397

The CVE-2026-11397 entry concerns the WordPress plugin WP Import Export Lite (versions

5.5CVSS5.9AI score0.00235EPSS
Exploits0References6
osv
osv
added 2026/06/30 11:39 p.m.2 views

BIT-GHOST-2026-53944 Ghost: Private IP filtering bypass to make server-side requests to internal services

Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that ensures the request isn't going to an internal service using an IPv6 literal which maps to a private IPv4 address. This vulnerability is fixed in...

5.8CVSS5.8AI score0.00197EPSS
Exploits0References2
nvd
nvd
added 2026/06/30 8:17 p.m.6 views

CVE-2026-10134

IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally...

10CVSS0.00314EPSS
Exploits0References1
euvd
euvd
added 2026/06/30 7:56 p.m.7 views

EUVD-2026-40404

IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally...

10CVSS5.8AI score0.00314EPSS
Exploits0References1
ibm
ibm
added 2026/06/26 4:53 p.m.3 views

Security Bulletin: Vulnerabilities in lodash, cryptography and axios might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by lodash, cryptography and axios. Vulnerabilities include allowing an attacker to perform prototype pollution, create buffer overflows, improper validation of certificates and connect to internal services. More details are...

9.8CVSS7.7AI score0.01735EPSS
Exploits5Affected Software1
rubygems
rubygems
added 2026/06/26 12:0 a.m.6 views

Fluentd is Vulnerable to Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http`

The outhttp output plugin allows the use of placeholders such as $tag in the endpoint configuration parameter. It was discovered that if the placeholder value is derived from untrusted user input, an attacker can maliciously control the destination hostname of the outbound HTTP requests made by...

7.2CVSS5.9AI score0.00442EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/06/17 6:39 p.m.7 views

DRUPAL-CONTRIB-2026-049

The Flag attendance field module gives you the ability to add attendance by depending on Flag module. flagattendancefield stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can lead to an object injection vulnerability when th...

8.1CVSS5.5AI score0.00307EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 6:50 p.m.12 views

CVE-2026-47260 Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs

Koel is a free, open-source music streaming solution. Prior to version 9.3.5, Koel validates the podcast feed URL via the SafeUrl rule DNS resolution + public IP check, but the individual episode values extracted from the RSS XML are stored directly into the database without any SSRF validation...

7.7CVSS5.3AI score0.00263EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/05 7:26 p.m.11 views

CVE-2026-40002

Red Magic 11 Pro NX809J contains a vulnerability that allows non-privileged applications to trigger sensitive operations. The vulnerability stems from the lack of validation for applications accessing the service interface. Exploiting this vulnerability, an attacker can write files to specific...

8.8CVSS5.5AI score0.00121EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:17 p.m.9 views

CVE-2026-33362

In Meari IoT SDK builds embedded in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and white-label Android apps = 1.8.x latest observed, multiple security-critical secrets are hardcoded and shared, including API signing material, password-transport keying, and service access keys...

8.6CVSS5.5AI score0.00241EPSS
Exploits0References1
github
github
added 2026/06/05 4:19 p.m.17 views

NocoDB: Server-Side Request Forgery via Database Connection Host

Summary The connection-test endpoint opened a raw TCP socket to the user-supplied database host without resolving and range-checking the destination, so private and link-local addresses including IPv4-mapped IPv6 forms and localhost reached the driver. Details A new validateDbConnectionHost helpe...

5.3CVSS5.5AI score0.00207EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/06/05 12:53 a.m.9 views

MAL-2026-5267 Malicious code in wrangler-deploy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d2085fa4916157b99799df085aa11e3d29bdb9a47f5798c85375b1bfdf8bd7e Package name wrangler-deploy is close to Cloudflare's official wrangler CLI, which raises confusion-risk concerns for developers who may install it...

6.2AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/29 12:0 a.m.16 views

PT-2026-45047

Name of the Vulnerable Software and Affected Versions Koel versions prior to 9.3.5 Description Koel fails to validate individual episode enclosure URLs extracted from RSS XML feeds, despite validating the main podcast feed URL. These unvalidated URLs are stored in the database and subsequently...

7.7CVSS5.3AI score0.00263EPSS
Exploits0References8
nvd
nvd
added 2026/05/28 6:16 p.m.12 views

CVE-2026-45310

CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetchurl tool validates the initial URL's resolved IP address against a restricted-IP blocklist isrestrictedip to prevent SSRF attacks against internal services cloud metadata endpoints, localhost, private networks...

7.4CVSS0.00226EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/28 12:0 a.m.24 views

PT-2026-44731

Name of the Vulnerable Software and Affected Versions Trestle affected versions not specified Description Security issues were discovered in the trestle/core/remote/cache.py module. The HTTPSFetcher. do fetch function passes a user-supplied URL directly to requests.get without validation, enablin...

6.7CVSS6.2AI score0.00012EPSS
Exploits0References9
redhatcve
redhatcve
added 2026/05/26 8:14 p.m.17 views

CVE-2026-47076

Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackneyurl:normalize/2 URL-decodes the host component after the URL has been parsed into a hackneyurl record. OTP's uristring:parse/1 and inet:parseaddress/1 do not decode percent-escapes in the host, so ...

6.9CVSS5.8AI score0.00201EPSS
Exploits1References1
Rows per page
Query Builder