Lucene search
K

34 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-43555

CrewAI before 1.15.1 contains a server-side request forgery vulnerability in the validateurl function that performs one-shot DNS resolution and blocklist checks before returning the original URL unchanged. Attackers can bypass the security filter by supplying URLs that redirect to internal...

8.3CVSS6.1AI score0.00265EPSS
Exploits1References6
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42653

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILERSMTPURL value, and validateSMTPUrl in utils.ts permits path, query, or fragment content that nodemailer parses into...

7.2CVSS6.2AI score0.00518EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/18 1:56 p.m.6 views

Server-side Request Forgery (SSRF)

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the SpiderTools.validateurl process, which fails to resolve DNS hostnames before validation. An attacke...

8.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/17 5:55 p.m.6 views

Server-side Request Forgery (SSRF)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the validateurl process. An attacker can access internal network resources and sensitive information by supplying a URL that redirects to internal addresses, bypassing the...

7.7CVSS5.9AI score0.00287EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.14 views

CVE-2026-9304

A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the component Logo API. The manipulation results in server-side request forgery. It is possible to launch the attack remotely...

5CVSS5.3AI score0.00199EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.14 views

cal.diy 代码问题漏洞

cal.diy is an open-source calendar scheduling platform developed by Cal. Versions of cal.diy 4.9.4 and earlier have code vulnerabilities. These vulnerabilities stem from the Logo API component file apps/web/app/api/logo/route.ts, specifically the function validateUrlForSSRF, which may lead to...

5CVSS6AI score0.00199EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/15 8:40 p.m.57 views

CVE-2026-45400 Open WebUI: Server-Side Request Forgery (SSRF) bypass in `validate_url`

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, a parsing difference between the urlparse and requests libraries led to an SSRF bypass vulnerability. This vulnerability is fixed in 0.9.5...

8.5CVSS0.00292EPSS
Exploits1References1
OSV
OSV
added 2026/05/15 8:40 p.m.4 views

CVE-2026-45400 Open WebUI: Server-Side Request Forgery (SSRF) bypass in `validate_url`

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, a parsing difference between the urlparse and requests libraries led to an SSRF bypass vulnerability. This vulnerability is fixed in 0.9.5...

8.5CVSS5.9AI score0.00292EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/14 8:27 p.m.9 views

Server-side Request Forgery (SSRF)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the validateurl function in the URL parsing and request-routing path. An attacker can reach internal or loopback targets by supplying a URL containing a backslash, tab...

8.5CVSS5.8AI score0.00292EPSS
Exploits1References2
OSV
OSV
added 2026/05/14 8:19 p.m.3 views

GHSA-24C9-2M8Q-QHMH Open WebUI Vulnerable to SSRF via OAuth Profile Picture URL in _process_picture_url (oauth.py)

Summary A Server-Side Request Forgery SSRF vulnerability exists in processpictureurl in backend/openwebui/utils/oauth.py line 1338. The function fetches arbitrary URLs from OAuth picture claims without applying validateurl, allowing an attacker to force the server to make HTTP requests to interna...

7.7CVSS6AI score0.00381EPSS
Exploits1References4
OSV
OSV
added 2026/05/14 8:18 p.m.45 views

GHSA-4V7R-F4W8-8972 Open WebUI has a full SSRF Vulnerability in the RAG Web Search Feature

SSRF Bypass via IPv6/IPv4-mapped IPv6/IPv4-reserved-ranges in validateurl Summary validateurl in backend/openwebui/retrieval/web/utils.py calls validators.ipv6ip, private=True, but the validators library does NOT implement the private keyword for IPv6 — the call raises a ValidationError which is...

8.5CVSS5.8AI score0.00286EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/14 6:26 p.m.10 views

Karakeep SDK has SSRF via metascraper-logo-favicon that bypasses validateUrl protections

Summary The metascraper-logo-favicon plugin makes HTTP requests to URLs extracted from attacker-controlled HTML without going through the application's validateUrl SSRF protections. This allows any authenticated user to make the server fetch arbitrary internal URLs by bookmarking a page containin...

6AI score
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/14 6:26 p.m.5 views

GHSA-7RX4-C5VX-G8W3 Karakeep SDK has SSRF via metascraper-logo-favicon that bypasses validateUrl protections

Summary The metascraper-logo-favicon plugin makes HTTP requests to URLs extracted from attacker-controlled HTML without going through the application's validateUrl SSRF protections. This allows any authenticated user to make the server fetch arbitrary internal URLs by bookmarking a page containin...

7.1CVSS6AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.9 views

Unity Linux 20.1060e / 20.1070e Security Update: php (UTSA-2026-017575)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017575 advisory. In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filtervar function with FILTERVALIDATEURL...

5.3CVSS6.8AI score0.01945EPSS
Exploits1References4
CVE
CVE
added 2026/05/07 8:46 p.m.24 views

CVE-2026-42449

Summary: CVE-2026-42449 affects n8n-mcp SDK embedder paths where SSRF protection (SSRFProtection.validateUrlSync) fails to validate IPv4-mapped IPv6 addresses, enabling an attacker-controlled n8nApiUrl to cause the server to make HTTP requests to internal networks, cloud metadata endpoints, or lo...

8.5CVSS5.8AI score0.00206EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/07 8:46 p.m.8 views

CVE-2026-42449 n8n-MCP: IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRF for SDK embedders

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the SDK embedder path N8NDocumentationMCPServer constructor, getN8nApiClient, and validateInstanceContext, the synchronous URL validator in...

8.5CVSS5.8AI score0.00206EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/04 3:45 a.m.5 views

CVE-2026-7729 pixelsock directus-mcp MCP index.ts validateUrl server-side request forgery

A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initiated remotely. The...

6.5CVSS6.3AI score0.00214EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/04 3:45 a.m.24 views

EUVD-2026-26883

A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initiated remotely. The...

6.5CVSS5.5AI score0.00214EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/04/30 6:12 p.m.9 views

n8n-mcp's IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRF for SDK embedders

Impact In the SDK embedder path N8NDocumentationMCPServer constructor, getN8nApiClient, and validateInstanceContext, the synchronous URL validator in SSRFProtection.validateUrlSync had no IPv6 checks. IPv4-mapped IPv6 addresses such as http://::ffff:169.254.169.254 bypassed the cloud-metadata,...

8.5CVSS5.5AI score0.00206EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/27 9:31 p.m.10 views

mcp-url-downloader has a Server-Side Request Forgery issue

A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...

7.5CVSS6.7AI score0.00294EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder