Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CVE
CVEadded 2026/05/14 9:2 p.m.7 views

CVE-2026-44430

CVE-2026-44430 affects the MCP Registry: unauthenticated SSRF via the HTTP namespace verification that dials attacker-controlled domains. The root cause is an allowlist that only covers classic IPv4-derived categories and a manual CGNAT range, while omitting IPv6 prefixes that embed IPv4—specific...

6.3CVSS5.9AI score0.00027EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/28 2:26 a.m.1 views

CVE-2025-12886 Oxygen <= 6.0.8 - Unauthenticated Server-Side Request Forgery via route_path

The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laboratorcalcroute AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web applicati...

7.2CVSS5.9AI score0.00074EPSS
Exploits0References2
OSV
OSVadded 2026/03/06 5:56 p.m.0 views

CVE-2026-29178 Lemmy: Unauthenticated SSRF via file_type query parameter injection in image endpoint

Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypubfederation, a framework for ActivityPub federation in Rust. Prior to version 0.19.16, the GET /api/v4/image/filename endpoint is vulnerable to unauthenticated SSRF...

8.7CVSS5.8AI score0.00061EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2025/12/03 12:0 a.m.2 views

RockyLinux 8 : idm:DL1 (RLSA-2025:21140)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:21140 advisory. python-kdcproxy: Unauthenticated SSRF via Realm?Controlled DNS SRV CVE-2025-59088 python-kdcproxy: Remote DoS via unbounded TCP upstream buffering...

8.6CVSS5.6AI score0.00076EPSS
Exploits0References5
Tenable Nessus
Tenable Nessusadded 2025/11/22 12:0 a.m.2 views

RHEL 8 : idm:DL1 (RHSA-2025:21819)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21819 advisory. Red Hat Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and...

8.6CVSS5.8AI score0.00076EPSS
Exploits0References6
Rockylinux
Rockylinuxadded 2025/11/21 6:19 p.m.2 views

python-kdcproxy security update

An update is available for python-kdcproxy. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

8.6CVSS7AI score0.00076EPSS
Exploits0
Cvelist
Cvelistadded 2025/10/03 12:0 a.m.4 views

CVE-2025-55971

TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 Android TV, Kernel 5.4.242+, is vulnerable to a blind, unauthenticated Server-Side Request Forgery SSRF vulnerability via the UPnP MediaRenderer service AVTransport:1. The device accepts unauthenticated SetAVTransportURI SOAP...

0.00047EPSS
Exploits1References2
Rows per page
Query Builder