Lucene search
K

10788 matches found

Nuclei
Nuclei
added 2026/07/03 1:39 p.m.37 views

WordPress Social Warfare <3.5.3 - Cross-Site Scripting

WordPress Social Warfare plugin before 3.5.3 contains a cross-site scripting vulnerability via the wp-admin/admin-post.php?swpdebug=loadoptions swpurl parameter, affecting Social Warfare and Social Warfare Pro. id: CVE-2019-9978 info: name: WordPress Social Warfare 3.5.3 - Cross-Site Scripting...

6.1CVSS6.8AI score0.73543EPSS
Exploits20References5
OSV
OSV
added 2026/07/02 4:54 p.m.4 views

GHSA-HCM3-8F6R-6XWG OpenClaw: Browser debug/export routes could reuse already-open blocked tabs

Summary Browser debug/export routes could reuse already-open blocked tabs. In affected versions, a caller that can reference an already-open browser tab could reuse blocked private-network tabs without reapplying the expected SSRF policy. This advisory is scoped to the named feature and...

6.5CVSS6AI score0.00155EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 3:17 p.m.8 views

CVE-2026-55113

A malicious actor with access to the network could exploit a Server-Side Request Forgery SSRF vulnerability found in UniFi Talk Application to execute a Denial of Service DoS attack and bypass authentication in certain UniFi Talk API endpoints...

7.5CVSS0.00223EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 2:50 p.m.38 views

CVE-2026-55115

The CVE-2026-55115 entry describes a Server-Side Request Forgery (SSRF) in the UniFi Protect Application that could allow a low-privilege, network-accessible attacker to escalate privileges on the host. The available sources state the affected component as the UniFi Protect Application and identi...

9.9CVSS5.8AI score0.00232EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/07/02 10:30 a.m.6 views

EUVD-2026-41276

liboauth2 is vulnerable to Server-Side Request Forgery in oauth2josejwksawsalbresolve function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If signer matches the configured ARN, kid is appended to albbaseurl without URL encoding or path sanitization, and the HTT...

5.1CVSS5.8AI score0.00121EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.11 views

PT-2026-55296

Name of the Vulnerable Software and Affected Versions LobeChat versions prior to 2.2.10-canary.18 Description Authenticated attackers can perform server-side request forgery SSRF, a flaw where the server is tricked into making requests to an unintended location. By providing malicious input to th...

8.3CVSS6.1AI score0.00235EPSS
Exploits0References7
OSV
OSV
added 2026/07/01 9:6 p.m.2 views

GHSA-XF85-363P-868W oras-go: Malicious registry can hijack Bearer token realm to exfiltrate credentials and refresh tokens

Summary oras-go's auth.Client follows the realm URL from a registry's WWW-Authenticate: Bearer challenge without validating its scheme or host. The realm field is server-controlled by design in the OCI/distribution spec — registries legitimately point token requests at a separate auth endpoint e....

2.1CVSS5.9AI score
Exploits0References4
Cvelist
Cvelist
added 2026/06/30 7:51 p.m.38 views

CVE-2026-10564 SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection

IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery SSRF. The legacy RSSReaderComponent in rss.py and SearXNG component in searxng.py make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3. An authenticated attacker c...

8.2CVSS0.00199EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 9:53 a.m.6 views

EUVD-2026-40281

A flaw has been found in foreman when HTTP parameters are modified in httpproxiescontroller and httpproxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component...

4.4CVSS5.7AI score0.00105EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/30 9:52 a.m.8 views

CVE-2026-13316

A flaw has been found in foreman when HTTP parameters are modified in httpproxiescontroller and httpproxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component. Mitigation Mitigation for this issue is either not availab...

4.4CVSS5.6AI score0.00105EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/30 12:12 a.m.9 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.15 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.6CVSS7AI score0.0217EPSS
Exploits1References10
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-384 Lemur: ACME SSRF + creator-equality IDOR lead to AWS IAM/PKI compromise

Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via ACME acmeurl SSRF and creator-equality IDOR Vulnerability Summary Field | Value -- | -- Title | Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via...

9.9CVSS6AI score
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-577 rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths

Summary Alice exposes a Python SDK ProxyShare with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to urllib.parse.urljoin, which replaces Alice's configured target host with Bob's host and returns the server-side response ...

9.9CVSS5.7AI score0.00061EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 5:37 a.m.4 views

BIT-APPSMITH-2026-55454 Appsmith: Caddy admin API exposed without authentication

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no authentication by default — is bound on 0.0.0.0:2019 inside the container. While this listener is not directly published to the host by...

9.9CVSS5.8AI score0.00328EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.249 views

Skype for Business 2019 (SfB) - Blind Server-side Request Forgery

Skype Pre-Auth Server-side Request Forgery SSRF vulnerability id: CVE-2023-41763 info: name: Skype for Business 2019 SfB - Blind Server-side Request Forgery author: hateshape severity: medium description: | Skype Pre-Auth Server-side Request Forgery SSRF vulnerability impact: | Unauthenticated...

5.3CVSS7AI score0.90353EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.65 views

Oracle Business Intelligence/XML Publisher - XML External Entity Injection

Oracle Business Intelligence and XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 are vulnerable to an XML external entity injection attack. id: CVE-2019-2616 info: name: Oracle Business Intelligence/XML Publisher - XML External Entity Injection author: pdteam severity: high description: Oracle...

7.2CVSS7.1AI score0.92183EPSS
Exploits4References5
OSV
OSV
added 2026/06/26 9:8 p.m.4 views

GHSA-RP72-5V5Q-2446 @cardano402/mcp-server missing spending limits, LAN-exposed HTTP transport, and SSRF via catalog.server.url

Summary @cardano402/mcp-server versions = 0.1.1 ship three security gaps that can lead to unauthorized fund movement when the package is used as designed an MCP server exposing Cardano payment tools to an Impact 1. No spending limits on signed payments An LLM or prompt-injected LLM calling tools...

5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 8:44 p.m.34 views

CVE-2026-54353 Budibase: Potential SSRF DNS rebinding bypass in outbound fetch validation

Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypass Budibase's SSRF blacklist through DNS rebinding. The outbound fetch flow validates a hostname against the blacklist before the request is sent, but the actual socket connectio...

8.5CVSS0.00202EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 4:58 p.m.3 views

Security Bulletin:IBM Spectrum Control is vulnerable to weaknesses related to axios (CVE-2025-62718, CVE-2026-40175)

Summary Axios is vulnerable to infrastructure tampering and Critical SSRF and exposure of private internal/loopback endpoints attacks. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser an...

9.9CVSS6.6AI score0.01815EPSS
Exploits6Affected Software1
OSV
OSV
added 2026/06/26 4:36 p.m.4 views

GHSA-72F5-RR8C-R6GR Fluentd is Vulnerable to Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http`

The outhttp output plugin allows the use of placeholders such as $tag in the endpoint configuration parameter. It was discovered that if the placeholder value is derived from untrusted user input, an attacker can maliciously control the destination hostname of the outbound HTTP requests made by...

7.2CVSS6AI score0.00449EPSS
Exploits0References3
Rows per page
Query Builder