Lucene search
K

8 matches found

NVD
NVD
added last week5 views

CVE-2026-10564

IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery SSRF. The legacy RSSReaderComponent in rss.py and SearXNG component in searxng.py make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3. An authenticated attacker c...

8.2CVSS0.00199EPSS
Exploits0References1
CVE
CVE
added 2026/03/20 7:57 p.m.12 views

CVE-2026-33126

Frigate is a network video recorder (NVR) for IP cameras. A vulnerability exists in the /ffprobe endpoint where, prior to version 0.16.3, it accepts arbitrary user-controlled URLs without proper validation, enabling Server-Side Request Forgery (SSRF). An attacker could use the Frigate server to i...

5CVSS5.9AI score0.00189EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/02/19 3:30 p.m.24 views

CVE-2026-25738 Indico has Server-Side Request Forgery (SSRF) in multiple places

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to server-side request forgery. Indico makes outgoing requests to user-provides URLs in various places. This is mostly intentional and part of...

6.9CVSS0.00189EPSS
Exploits0References3
Veracode
Veracode
added 2025/08/13 11:38 a.m.6 views

Server Side Request Forgery (SSRF)

bentoml is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the file upload handlers automatically downloading files from user-provided URLs without validating their targets, which allows an attacker to make the server send arbitrary HTTP requests to internal or...

9.9CVSS7.2AI score0.11883EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2025/04/09 1:0 p.m.1 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:koa is a Koa web app framework Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ctx.redirect function. An attacker can execute scripts on the user's browser or redirect users to malicious sites by supplying malicious input as an achor...

5.8CVSS5.3AI score0.00228EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/09/13 3:19 a.m.6 views

pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools

A flaw was found in the packageindex module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to co...

8.8CVSS8.1AI score0.01939EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/09/09 11:20 a.m.7 views

pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools

A flaw was found in the packageindex module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to co...

8.8CVSS8.1AI score0.01939EPSS
Exploits0References6
Prion
Prion
added 2024/03/13 4:15 p.m.19 views

Cross site scripting

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Link Wrapper functionality in all versions up to, and including, 4.10.17 due to insufficient input sanitization and output escaping on user supplied links. This makes it possible fo...

5.5CVSS5.9AI score0.00613EPSS
Exploits0References5
Rows per page
Query Builder