Lucene search
K

1997 matches found

NVD
NVD
added yesterday7 views

CVE-2026-55113

A malicious actor with access to the network could exploit a Server-Side Request Forgery SSRF vulnerability found in UniFi Talk Application to execute a Denial of Service DoS attack and bypass authentication in certain UniFi Talk API endpoints...

7.5CVSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-41276

liboauth2 is vulnerable to Server-Side Request Forgery in oauth2josejwksawsalbresolve function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If signer matches the configured ARN, kid is appended to albbaseurl without URL encoding or path sanitization, and the HTT...

5.1CVSS5.8AI score
Exploits0References3
Nuclei
Nuclei
added yesterday27 views

Visualizer <3.3.1 - Blind Server-Side Request Forgery

Visualizer prior to 3.3.1 suffers from a blind server-side request forgery vulnerability via the /wp-json/visualizer/v1/upload-data endpoint. id: CVE-2019-16932 info: name: Visualizer 3.3.1 - Blind Server-Side Request Forgery author: akincibor severity: critical description: | Visualizer prior to...

10CVSS7.3AI score0.39137EPSS
Exploits2References5
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-10564 SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection

IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery SSRF. The legacy RSSReaderComponent in rss.py and SearXNG component in searxng.py make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3. An authenticated attacker c...

8.2CVSS0.0021EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 3 days ago6 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.15 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.6CVSS7AI score0.0217EPSS
Exploits1References10
OSV
OSV
added 4 days ago5 views

PYSEC-2026-577 rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths

Summary Alice exposes a Python SDK ProxyShare with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to urllib.parse.urljoin, which replaces Alice's configured target host with Bob's host and returns the server-side response ...

9.9CVSS5.7AI score0.00061EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added last week3 views

Security Bulletin:IBM Spectrum Control is vulnerable to weaknesses related to axios (CVE-2025-62718, CVE-2026-40175)

Summary Axios is vulnerable to infrastructure tampering and Critical SSRF and exposure of private internal/loopback endpoints attacks. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser an...

9.9CVSS6.6AI score0.01815EPSS
Exploits6Affected Software1
Cvelist
Cvelist
added last week35 views

CVE-2026-28385 SSRF via image import from URL allows internal network probing by authenticated users

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

5CVSS0.00172EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 8:13 a.m.2 views

SUSE-SU-2026:2627-1 Security update for python-PyJWT

This update for python-PyJWT fixes the following issues - CVE-2026-48522: PyJWKClient passes URI arguments directly to urllib.request.urlopen and allows for SSRF and token forgery bsc1266798. - CVE-2026-48523: verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are...

7.4CVSS5.8AI score0.00379EPSS
Exploits4References9
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52216

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description An authentication bypass exists in Gitea Docker images due to the REVERSE PROXY TRUSTED PROXIES variable defaulting to . When reverse-proxy authentication is enabled, this configuration allows...

5.8AI score
Exploits2References4
CVE
CVE
added 2026/06/24 9:38 p.m.14 views

CVE-2026-55454

Appsmith (prior to 2.1) exposes the bundled Caddy admin API without authentication inside the container, bound to 0.0.0.0:2019. Although not exposed to the host via docker-compose, it is reachable from the Appsmith server process and can be targeted via SSRF to issue admin-API calls (e.g., POST /...

9.9CVSS5.9AI score0.00328EPSS
Exploits1References1Affected Software1
The Hacker News
The Hacker News
added 2026/06/24 6:50 a.m.10 views

Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root

Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager Unified CM and Unified Communications Manager Session Management Edition Unified CM SME. The vulnerability, tracked as CVE-2026-20230 CVSS score: 8.6, is a case of improp...

8.6CVSS7.7AI score0.41694EPSS
Exploits3
NVD
NVD
added 2026/06/23 6:18 p.m.8 views

CVE-2026-54018

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the SafePlaywrightURLLoader implements a validateurl function to prevent SSRF attacks by checking the IP address of the user-provided URL. However, this validation is performed only ...

7.7CVSS0.00287EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 6:15 p.m.6 views

EUVD-2026-38567

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through...

8.6CVSS5.9AI score0.00289EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 4:9 p.m.3 views

Security Bulletin: SSRF via HTTP Redirect Following in Langflow API Request Component

Summary Langflow OSS contains SSRF vulnerability in API Request component allowing authenticated flow authors to read localhost/private HTTP services via redirect following. APIRequestComponent.makeapirequest validates only initial URL with validateandresolveurl and pins DNS for initial hostname,...

8.5CVSS5.9AI score0.00195EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/22 6:16 p.m.10 views

CVE-2026-46417

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.12, 21.2.13, 20.3.21, and 19.2.22, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server. The issue stems from how...

8.8CVSS0.0021EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/22 3:39 p.m.6 views

CVE-2026-50168

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/platform-server package allows remote attackers to bypass host allowlist constraints an...

8.8CVSS6.1AI score0.00193EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in unoconv

The unoconv package before version 0.9 mishandles untrusted pathnames, resulting in SSRF and local file inclusions...

7.5CVSS7.1AI score0.01927EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in libuv1

libuv is a multi-platform support library that focuses on asynchronous I/O operations. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its Windows counterpart src/win/getaddrinfo.c truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to generat...

7.3CVSS6.8AI score0.02003EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/17 5:50 p.m.16 views

CVE-2026-48818 Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...

7.5CVSS0.00368EPSS
Exploits0References4
Rows per page
Query Builder