Search Results (3802 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-34936 2 Mervinpraison, Praison 2 Praisonai, Praisonai 2026-04-15 7.7 High
PraisonAI is a multi-agent teams system. Prior to version 4.5.90, passthrough() and apassthrough() in praisonai accept a caller-controlled api_base parameter that is concatenated with endpoint and passed directly to httpx.Client.request() when the litellm primary path raises AttributeError. No URL scheme validation, private IP filtering, or domain allowlist is applied, allowing requests to any host reachable from the server. This issue has been patched in version 4.5.90.
CVE-2026-35036 2 Ech0, Lin-snow 2 Ech0, Ech0 2026-04-15 7.5 High
Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, Ech0 implements link preview (editor fetches a page title) through GET /api/website/title. That is legitimate product behavior, but the implementation is unsafe: the route is unauthenticated, accepts a fully attacker-controlled URL, performs a server-side GET, reads the entire response body into memory (io.ReadAll). There is no host allowlist, no SSRF filter, and InsecureSkipVerify: true on the outbound client. Anyone who can reach the instance can force the Ech0 server to open HTTP/HTTPS URLs of their choice as seen from the server’s network position (Docker bridge, VPC, localhost from the process view). This vulnerability is fixed in 4.2.8.
CVE-2026-35516 2 Kovah, Linkace 2 Linkace, Linkace 2026-04-15 5 Medium
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services (AWS IMDSv1, cloud metadata, internal APIs) by creating a link with a public URL and then updating it to a private IP. The links:check cron job makes the request server-side without IP filtering. This can expose cloud credentials, internal service data, and network topology. This vulnerability is fixed in 2.5.4.
CVE-2026-39361 1 Openobserve 1 Openobserve 2026-04-15 7.7 High
OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the validate_enrichment_url function in src/handler/http/request/enrichment_table/mod.rs fails to block IPv6 addresses because Rust's url crate returns them with surrounding brackets (e.g. "[::1]" not "::1"). An authenticated attacker can reach internal services blocked from external access. On cloud deployments this enables retrieval of IAM credentials via AWS IMDSv1 (169.254.169.254), GCP metadata, or Azure IMDS. On self-hosted deployments it allows probing internal network services.
CVE-2023-46945 1 Qd-today 1 Qd 2026-04-15 9.1 Critical
QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request
CVE-2026-31017 1 Frappe 3 Erpnext, Framework, Frappe 2026-04-15 9.1 Critical
A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before being rendered into PDF. When generating PDFs from user-controlled HTML content, the application allows the inclusion of HTML elements such as <iframe> that reference external resources. The PDF rendering engine automatically fetches these resources on the server side. An attacker can abuse this behavior to force the server to make arbitrary HTTP requests to internal services, including cloud metadata endpoints, potentially leading to sensitive information disclosure.
CVE-2025-50228 2 Cherry-toto, Jizhicms 2 Jizhicms, Jizhicms 2026-04-15 9.1 Critical
Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery (SSRF) in User Evaluation, Message, and Comment modules.
CVE-2026-30232 2 Chartbrew, Depomo 2 Chartbrew, Chartbrew 2026-04-15 9.6 Critical
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any IP address validation, enabling Server-Side Request Forgery attacks against internal networks and cloud metadata endpoints. This vulnerability is fixed in 4.8.5.
CVE-2026-40168 2 Gitroom, Gitroomhq 2 Postiz, Postiz-app 2026-04-15 8.2 High
Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Although the application validates the initially supplied URL and blocks direct private/internal hosts, it does not re-validate the final destination after HTTP redirects. As a result, an attacker can supply a public HTTPS URL that passes validation and then redirects the server-side request to an internal resource.
CVE-2026-34445 2 Linuxfoundation, Onnx 2 Onnx, Onnx 2026-04-15 8.6 High
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr() function to load metadata (like file paths or data lengths) directly from an ONNX model file. It didn’t check if the "keys" in the file were valid. Due to this, an attacker could craft a malicious model that overwrites internal object properties. This issue has been patched in version 1.21.0.
CVE-2026-3881 2 Performance Monitor, Wordpress 2 Performance Monitor, Wordpress 2026-04-15 5.8 Medium
The Performance Monitor WordPress plugin through 1.0.6 does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attacks
CVE-2026-34515 2 Aio-libs, Aiohttp 2 Aiohttp, Aiohttp 2026-04-15 7.5 High
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.4.
CVE-2026-2286 1 Crewai 1 Crewai 2026-04-15 9.8 Critical
CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime.
CVE-2025-42965 2026-04-15 4.1 Medium
SAP CMC Promotion Management allows an authenticated attacker to enumerate internal network systems by submitting crafted requests during job source configuration. By analysing response times for various IP addresses and ports, the attacker can infer valid network endpoints. Successful exploitation may lead to information disclosure. This vulnerability does not impact the integrity or availability of the application.
CVE-2022-50902 1 Wondershare 1 Famisafe 2026-04-15 8.4 High
Wondershare FamiSafe 1.0 contains an unquoted service path vulnerability in the FSService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\FamiSafe\ to inject malicious code that would run with LocalSystem permissions during service startup.
CVE-2025-1211 2026-04-15 6.5 Medium
Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://127.0.0.1?@127.2.2.2/, the URI function will parse and see the host as 127.0.0.1 (which is correct), and hackney will refer the host as 127.2.2.2/. This vulnerability can be exploited when users rely on the URL function for host checking.
CVE-2023-50733 2026-04-15 8.6 High
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer Lexmark devices.
CVE-2024-0216 2026-04-15 6.4 Medium
The Google Doc Embedder plugin for WordPress is vulnerable to Server Side Request Forgery via the 'gview' shortcode in versions up to, and including, 2.6.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
CVE-2024-10773 1 Sick 3 Inspector61x Firmware, Inspector62x Firmware, Tim3xx 2026-04-15 9 Critical
The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain full access to the device.
CVE-2024-12121 1 Wordpress 1 Wordpress 2026-04-15 5.4 Medium
The Broken Link Checker | Finder plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the 'moblc_check_link' function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.