Lucene search
K

803 matches found

Nuclei
Nuclei
added yesterday116 views

Versa Concerto API Path Based - Authentication Bypass

Authentication bypass in the Versa Concerto API, caused by URL decoding inconsistencies. It allowed unauthorized access to certain API endpoints by manipulating the URL path.This issue enabled attackers to bypass authentication controls and access restricted resources. id: CVE-2025-34027 info:...

10CVSS7.1AI score0.35993EPSS
Exploits0References4
EUVD
EUVD
added yesterday5 views

EUVD-2026-44515

A weakness has been identified in mastergo-design mastergo-magic-mcp up to 0.2.0. Impacted is the function z.string of the file src/tools/get-component-link.ts of the component mcpgetComponentLink. Executing a manipulation of the argument url can lead to server-side request forgery. The attack ma...

7.5CVSS6.3AI score0.00227EPSS
Exploits0References7
NVD
NVD
added 2 days ago4 views

CVE-2026-15750

A weakness has been identified in mastergo-design mastergo-magic-mcp up to 0.2.0. Impacted is the function z.string of the file src/tools/get-component-link.ts of the component mcpgetComponentLink. Executing a manipulation of the argument url can lead to server-side request forgery. The attack ma...

7.5CVSS0.00227EPSS
Exploits0References6
CVE
CVE
added 2 days ago9 views

CVE-2026-15750

CVE-2026-15750 affects the project: mastergo-design / mastergo-magic-mcp, specifically the mcp__getComponentLink component. The vulnerable element is the function z.string in the file src/tools/get-component-link.ts . The issue arises from manipulating the argument url , enabling a server‑side re...

7.5CVSS6.3AI score0.00227EPSS
Exploits0References6
Nuclei
Nuclei
added 2 days ago177 views

Docassemble - Local File Inclusion

Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the mast...

7.5CVSS6.9AI score0.69486EPSS
Exploits2References3
NVD
NVD
added 2 days ago6 views

CVE-2026-15619

A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function webfetch of the file tools/toolwebfetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The exploi...

7.5CVSS0.00252EPSS
Exploits0References6
CVE
CVE
added 3 days ago13 views

CVE-2026-15525

CVE-2026-15525 affects the kLOsk adloop package up to version 0.9.0. The vulnerability is in the function _validate_urls in src/adloop/ads/write.py, where manipulating the argument final_url can trigger a server-side request forgery (SSRF). The issue can be exploited remotely and the exploit is p...

6.5CVSS6.4AI score0.00214EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/07/06 10:33 a.m.12 views

CVE-2026-58467

A flaw was found in Cockpit CMS. This vulnerability, a path traversal and local file inclusion, allows an unauthenticated attacker to read arbitrary files or execute PHP files. By manipulating the URL, an attacker can bypass security checks and access restricted directories. This could lead to...

8.2CVSS6.3AI score0.00406EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.14 views

PT-2026-55793

Name of the Vulnerable Software and Affected Versions AIAnytime Awesome-MCP-Server versions up to a884bb51bcd99e08e14fd712c749d55d9d9a13ab Description A flaw in the mcp-wiki/wiki-summary component, specifically within the mcp-wiki/src/mcp wiki/server.py file, allows for server-side request forger...

6.5CVSS6.6AI score0.00231EPSS
Exploits0References11
OSV
OSV
added 2026/06/29 5:45 a.m.3 views

CVE-2026-13540 GitBucket RepositoryCreationService.scala Git.cloneRepository.setURI server-side request forgery

A security flaw has been discovered in GitBucket up to 4.46.1. This affects the function Git.cloneRepository.setURI of the file src/main/scala/gitbucket/core/service/RepositoryCreationService.scala. Performing a manipulation of the argument url results in server-side request forgery. The attack i...

5.3CVSS5.5AI score0.00227EPSS
Exploits0References10
CVE
CVE
added 2026/06/25 4:16 p.m.16 views

CVE-2026-9800

CVE-2026-9800 affects Keycloak Policy Enforcer. The issue allows any authenticated user to bypass authorization checks (roles, scopes, UMA) by leveraging the configured access-denied page path in the request URL, either as a path segment or a query parameter. Root cause described in records as an...

8.1CVSS5.8AI score0.00301EPSS
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-12804

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of...

5.3CVSS5.3AI score0.00264EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 1:19 p.m.11 views

CVE-2026-10839

Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users to malicious sites following login procedures or...

5.1CVSS0.0042EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.12 views

CVE-2026-6618

A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parseopenaipluginjsontotoolbundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. The...

6.5CVSS6.1AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.10 views

CVE-2026-7158

A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...

7.5CVSS6.6AI score0.00294EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 10:16 p.m.14 views

CVE-2026-10771

A vulnerability was found in crmeb crmebjava 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server-side request...

7.5CVSS0.00294EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/03 9:30 p.m.7 views

CVE-2026-10771

A vulnerability was found in crmeb crmebjava 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server-side request...

7.5CVSS6.8AI score0.00294EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 11:15 p.m.7 views

CVE-2026-10690

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component readfile. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...

6.5CVSS5.4AI score0.00209EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/06/01 7:45 p.m.15 views

EUVD-2026-33758

A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function getheaders of the file /index.php. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

7.5CVSS5.6AI score0.00294EPSS
Exploits0References6
CVE
CVE
added 2026/06/01 7:45 p.m.27 views

CVE-2026-10287

The vulnerability affects SourceCodester SEO Meta Tag Extractor 1.0, specifically the get_headers function in /index.php. The issue arises from manipulating the url parameter, enabling server-side request forgery (SSRF) that can be initiated remotely. Exploit details have been publicly disclosed....

7.5CVSS5.6AI score0.00294EPSS
Exploits0References6
Rows per page
Query Builder