Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-59702 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-59702 (CVE-2026-59702)
SSRF in CVE-2026-59702 (CVE-2026-59702). Confidential information can be exposed externally. Exploitable via `POST /api/pack`.
|
| CVE-2026-54607 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-54607 (CVE-2026-54607)
SSRF in CVE-2026-54607 (CVE-2026-54607). Confidential information can be exposed externally.
|
| CVE-2026-59707 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-59707 (CVE-2026-59707)
SSRF in CVE-2026-59707 (CVE-2026-59707). Confidential information can be exposed externally. Exploitable via `POST /models/apply`.
|
| CVE-2026-58468 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-58468 (CVE-2026-58468)
SSRF in CVE-2026-58468 (CVE-2026-58468). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42147 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-42147 (CVE-2026-42147)
SSRF in CVE-2026-42147 (CVE-2026-42147). Confidential information can be exposed externally.
|
| CVE-2026-34170 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-34170 (CVE-2026-34170)
SSRF in CVE-2026-34170 (CVE-2026-34170). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57573 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-57573)
SSRF in ssrf (CVE-2026-57573). Confidential information can be exposed externally. Exploitable via `POST /crawl/stream`.
|
| CVE-2026-58404 |
|
SSRF (Server-Side Request Forgery) in gohugo (CVE-2026-58404)
SSRF in gohugo (CVE-2026-58404). Confidential information can be exposed externally. Mitigation: upgrade to `0.163.1` or later.
|
| CVE-2025-53830 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-53830)
SSRF in ssrf (CVE-2025-53830). Successful exploitation can lead to full system takeover.
|
| CVE-2025-53828 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-53828)
SSRF in ssrf (CVE-2025-53828). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55993 |
|
Vulnerability in apache (CVE-2026-55993)
vulnerability in apache (CVE-2026-55993). Confidential information can be exposed externally.
|
| CVE-2026-48205 |
|
Vulnerability in apache (CVE-2026-48205)
vulnerability in apache (CVE-2026-48205). Confidential information can be exposed externally.
|
| CVE-2026-55994 |
|
Vulnerability in apache (CVE-2026-55994)
vulnerability in apache (CVE-2026-55994). Confidential information can be exposed externally.
|
| CVE-2026-46726 |
|
Vulnerability in apache (CVE-2026-46726)
vulnerability in apache (CVE-2026-46726). Confidential information can be exposed externally.
|
| CVE-2026-48203 |
|
Vulnerability in apache (CVE-2026-48203)
vulnerability in apache (CVE-2026-48203). Confidential information can be exposed externally.
|
| CVE-2026-14748 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-14748 (CVE-2026-14748)
SSRF in CVE-2026-14748 (CVE-2026-14748). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-58278 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-58278)
SSRF in ssrf (CVE-2026-58278). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57993 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-57993)
SSRF in ssrf (CVE-2026-57993). Confidential information can be exposed externally.
|
| CVE-2026-57987 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-57987)
SSRF in ssrf (CVE-2026-57987). Confidential information can be exposed externally.
|
| CVE-2026-58418 |
|
SSRF via HTTP Redirect in Repository Migration
SSRF via HTTP Redirect in Repository Migration
|
| CVE-2026-22874 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-22874)
SSRF in ssrf (CVE-2026-22874). Confidential information can be exposed externally.
|
| CVE-2026-10055 |
|
Information Disclosure in CVE-2026-10055 (CVE-2026-10055)
vulnerability in CVE-2026-10055 (CVE-2026-10055). Confidential information can be exposed externally.
|
| CVE-2026-11397 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-11397)
SSRF in wordpress (CVE-2026-11397). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57100 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-57100)
SSRF in ssrf (CVE-2026-57100). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45499 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-45499)
SSRF in ssrf (CVE-2026-45499). Successful exploitation can lead to full system takeover.
|
| CVE-2026-59101 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-59101)
SSRF in ssrf (CVE-2026-59101). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/setup/test-downloader`.
|
| CVE-2026-59095 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-59095)
SSRF in ssrf (CVE-2026-59095). Confidential information can be exposed externally.
|
| CVE-2026-55113 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-55113)
SSRF in ssrf (CVE-2026-55113). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55115 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-55115)
SSRF in ssrf (CVE-2026-55115). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54401 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-54401)
SSRF in ssrf (CVE-2026-54401). Confidential information can be exposed externally.
|
| CVE-2026-57681 |
|
Subscriber Server Side Request Forgery (SSRF) in GeoDirectory <= 2.8.161 versions.
Subscriber Server Side Request Forgery (SSRF) in GeoDirectory <= 2.8.161 versions.
|
| CVE-2026-57348 |
|
Unauthenticated Server Side Request Forgery (SSRF) in Paid Member Subscriptions <= 3.0.4 versions.
Unauthenticated Server Side Request Forgery (SSRF) in Paid Member Subscriptions <= 3.0.4 versions.
|
| CVE-2026-54430 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-54430 (CVE-2026-54430)
SSRF in CVE-2026-54430 (CVE-2026-54430). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-14336 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-14336 (CVE-2026-14336)
SSRF in CVE-2026-14336 (CVE-2026-14336). Data can be tampered with by attackers. Exploitable via `POST /v1/upload/sbom`.
|
| CVE-2026-44936 |
|
SSRF (Server-Side Request Forgery) in github.com/rancher/fleet (CVE-2026-44936)
SSRF in github.com/rancher/fleet (CVE-2026-44936). Risk of unauthorized operations or information disclosure. Exploitable via ``helmRepoURLRegex``. Mitigation: upgrade to `0.12.15` or later.
|
| CVE-2026-44937 |
|
SSRF (Server-Side Request Forgery) in github.com/rancher/fleet (CVE-2026-44937)
SSRF in github.com/rancher/fleet (CVE-2026-44937). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.12.15` or later.
|
| CVE-2026-24242 |
|
SSRF (Server-Side Request Forgery) in nvidia (CVE-2026-24242)
SSRF in nvidia (CVE-2026-24242). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13603 |
|
Vulnerability in CVE-2026-13603 (CVE-2026-13603)
vulnerability in CVE-2026-13603 (CVE-2026-13603). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56399 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-56399)
SSRF in ssrf (CVE-2026-56399). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-36324 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-36324)
SSRF in ssrf (CVE-2025-36324). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10564 |
|
SSRF (Server-Side Request Forgery) in c (CVE-2026-10564)
SSRF in c (CVE-2026-10564). Confidential information can be exposed externally.
|
| CVE-2026-11714 |
|
SSRF (Server-Side Request Forgery) in ibm (CVE-2026-11714)
SSRF in ibm (CVE-2026-11714). Confidential information can be exposed externally.
|
| CVE-2026-10546 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-10546)
SSRF in ssrf (CVE-2026-10546). Confidential information can be exposed externally.
|
| CVE-2026-13773 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-13773)
SSRF in ssrf (CVE-2026-13773). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11546 |
|
SSRF (Server-Side Request Forgery) in ibm (CVE-2026-11546)
SSRF in ibm (CVE-2026-11546). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10129 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-10129)
SSRF in ssrf (CVE-2026-10129). Confidential information can be exposed externally.
|
| CVE-2026-48285 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-48285)
SSRF in ssrf (CVE-2026-48285). Confidential information can be exposed externally.
|
| CVE-2026-13316 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-13316)
SSRF in ssrf (CVE-2026-13316). Confidential information can be exposed externally.
|
| CVE-2026-57947 |
|
Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook...
Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook...
|
| CVE-2026-56285 |
|
Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and...
Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and...
|