Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-49372 |
|
In JetBrains TeamCity before 2026.1,
2025.11.5 unauthenticated SSRF via build status was possible
In JetBrains TeamCity before 2026.1,
2025.11.5 unauthenticated SSRF via build status was possible
|
| CVE-2026-35673 |
|
Authorization Flaw in ssrf (CVE-2026-35673)
vulnerability in ssrf (CVE-2026-35673). Confidential information can be exposed externally.
|
| CVE-2026-9557 |
|
SSRF (Server-Side Request Forgery) in mautic/core (CVE-2026-9557)
SSRF in mautic/core (CVE-2026-9557). Risk of unauthorized operations or information disclosure. Exploitable via ``MauticFocusBundle``. Mitigation: upgrade to `7.1.2` or later.
|
| CVE-2026-46526 |
|
SSRF (Server-Side Request Forgery) in local-deep-research (CVE-2026-46526)
SSRF in local-deep-research (CVE-2026-46526). Risk of unauthorized operations or information disclosure. Exploitable via ``validate_url``. Mitigation: upgrade to `1.6.10` or later.
|
| CVE-2026-48522 |
|
Vulnerability in pyjwt (CVE-2026-48522)
vulnerability in pyjwt (CVE-2026-48522). Risk of unauthorized operations or information disclosure. Exploitable via ``uri``. Mitigation: upgrade to `2.13.0` or later.
|
| CVE-2026-9813 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-9813)
SSRF in ssrf (CVE-2026-9813). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5737 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-5737)
SSRF in wordpress (CVE-2026-5737). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48146 |
|
SSRF (Server-Side Request Forgery) in @budibase/server (CVE-2026-48146)
SSRF in @budibase/server (CVE-2026-48146). Confidential information can be exposed externally. Exploitable via ``fetchWithBlacklist``. Mitigation: upgrade to `3.39.0` or later.
|
| CVE-2026-9312 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-9312)
SSRF in ssrf (CVE-2026-9312). Confidential information can be exposed externally.
|
| CVE-2026-8606 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-8606)
SSRF in ssrf (CVE-2026-8606). Confidential information can be exposed externally.
|
| CVE-2026-45412 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-45412)
SSRF in ssrf (CVE-2026-45412). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.9.1` or later.
|
| CVE-2026-42335 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-42335)
SSRF in ssrf (CVE-2026-42335). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.8.1` or later.
|
| CVE-2026-42336 |
|
Vulnerability in ssrf (CVE-2026-42336)
vulnerability in ssrf (CVE-2026-42336). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.8.1` or later.
|
| CVE-2026-2264 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-2264)
SSRF in ssrf (CVE-2026-2264). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-14290 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-14290)
SSRF in ssrf (CVE-2025-14290). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40564 |
|
Vulnerability in apache (CVE-2026-40564)
vulnerability in apache (CVE-2026-40564). Confidential information can be exposed externally.
|
| CVE-2026-45082 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-45082)
SSRF in ssrf (CVE-2026-45082). Confidential information can be exposed externally.
|
| CVE-2026-44598 |
|
Open Redirect in org.apache.shiro:shiro-jakarta-ee (CVE-2026-44598)
vulnerability in org.apache.shiro:shiro-jakarta-ee (CVE-2026-44598). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.0-alpha-2` or later.
|
| CVE-2026-48843 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-48843)
SSRF in ssrf (CVE-2026-48843). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3515 |
|
Vulnerability in prefect (CVE-2026-3515)
vulnerability in prefect (CVE-2026-3515). Confidential information can be exposed externally. Exploitable via ``GitHubRepository``.
|
| CVE-2026-46548 |
|
SSRF (Server-Side Request Forgery) in nocodb (CVE-2026-46548)
SSRF in nocodb (CVE-2026-46548). Risk of unauthorized operations or information disclosure. Exploitable via ``httpAgent``.
|
| CVE-2026-46683 |
|
SSRF (Server-Side Request Forgery) in knplabs/knp-snappy (CVE-2026-46683)
SSRF in knplabs/knp-snappy (CVE-2026-46683). Risk of unauthorized operations or information disclosure. Exploitable via ``http``. Mitigation: upgrade to `1.7.0` or later.
|
| CVE-2026-46497 |
|
SSRF (Server-Side Request Forgery) in crawlee (CVE-2026-46497)
SSRF in crawlee (CVE-2026-46497). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`. Mitigation: upgrade to `1.7.0` or later.
|
| CVE-2026-6394 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-6394)
SSRF in wordpress (CVE-2026-6394). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46417 |
|
SSRF (Server-Side Request Forgery) in @angular/platform-server (CVE-2026-46417)
SSRF in @angular/platform-server (CVE-2026-46417). Risk of unauthorized operations or information disclosure. Exploitable via ``ServerPlatformLocation``.
|
| CVE-2026-45796 |
|
SSRF (Server-Side Request Forgery) in github.com/coder/coder/v2 (CVE-2026-45796)
SSRF in github.com/coder/coder/v2 (CVE-2026-45796). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v2/workspaceagents/azure-instance-identity`. Mitigation: upgrade to `2.24.5` or later.
|
| CVE-2026-47358 |
|
Vulnerability in ssrf (CVE-2026-47358)
vulnerability in ssrf (CVE-2026-47358). Confidential information can be exposed externally.
|
| CVE-2026-47356 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-47356)
SSRF in ssrf (CVE-2026-47356). Confidential information can be exposed externally. Exploitable via `POST /v1/{iac}/{iacVersion}/{cloud}/local/file/scan`.
|
| CVE-2026-47357 |
|
Vulnerability in ssrf (CVE-2026-47357)
vulnerability in ssrf (CVE-2026-47357). Confidential information can be exposed externally. Exploitable via `POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan`.
|
| CVE-2026-30118 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-30118)
SSRF in ssrf (CVE-2026-30118). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46393 |
|
SSRF (Server-Side Request Forgery) in @haxtheweb/haxcms-nodejs (CVE-2026-46393)
SSRF in @haxtheweb/haxcms-nodejs (CVE-2026-46393). Risk of unauthorized operations or information disclosure. Exploitable via `POST /createSite`. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-31910 |
|
SSRF (Server-Side Request Forgery) in apache (CVE-2026-31910)
SSRF in apache (CVE-2026-31910). Confidential information can be exposed externally.
|
| CVE-2026-29226 |
|
SSRF (Server-Side Request Forgery) in apache (CVE-2026-29226)
SSRF in apache (CVE-2026-29226). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33234 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-33234)
SSRF in ssrf (CVE-2026-33234). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45609 |
|
SSRF (Server-Side Request Forgery) in org.springaicommunity:mcp-client-security (CVE-2026-45609)
SSRF in org.springaicommunity:mcp-client-security (CVE-2026-45609). Risk of unauthorized operations or information disclosure. Exploitable via ``McpOAuth2ClientManager``. Mitigation: upgrade to `0.1.9` or later.
|
| CVE-2026-45717 |
|
Vulnerability in @budibase/server (CVE-2026-45717)
vulnerability in @budibase/server (CVE-2026-45717). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/datasources/`. Mitigation: upgrade to `3.38.1` or later.
|
| CVE-2026-39053 |
|
XXE (XML External Entity) in ssrf (CVE-2026-39053)
vulnerability in ssrf (CVE-2026-39053). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44661 |
|
SSRF (Server-Side Request Forgery) in utcp-http (CVE-2026-44661)
SSRF in utcp-http (CVE-2026-44661). Risk of unauthorized operations or information disclosure. Exploitable via ``tool_call_template.url``. Mitigation: upgrade to `1.1.2` or later.
|
| CVE-2026-45366 |
|
SSRF (Server-Side Request Forgery) in @utcp/http (CVE-2026-45366)
SSRF in @utcp/http (CVE-2026-45366). Risk of unauthorized operations or information disclosure. Exploitable via ``toolCallTemplate.url``. Mitigation: upgrade to `1.1.2` or later.
|
| CVE-2026-45373 |
|
SSRF (Server-Side Request Forgery) in deepseek-tui (CVE-2026-45373)
SSRF in deepseek-tui (CVE-2026-45373). Confidential information can be exposed externally. Mitigation: upgrade to `0.8.26` or later.
|
| CVE-2026-45310 |
|
SSRF (Server-Side Request Forgery) in deepseek-tui (CVE-2026-45310)
SSRF in deepseek-tui (CVE-2026-45310). Confidential information can be exposed externally. Exploitable via ``fetch_url``. Mitigation: upgrade to `0.8.22` or later.
|
| CVE-2026-45400 |
|
SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-45400)
SSRF in open-webui (CVE-2026-45400). Confidential information can be exposed externally. Exploitable via ``requests``. Mitigation: upgrade to `0.9.5` or later.
|
| CVE-2026-45347 |
|
SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-45347)
SSRF in open-webui (CVE-2026-45347). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/utils/pdf`. Mitigation: upgrade to `0.5.11` or later.
|
| CVE-2026-45338 |
|
SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-45338)
SSRF in open-webui (CVE-2026-45338). Confidential information can be exposed externally. Exploitable via ``picture``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-45012 |
|
SSRF (Server-Side Request Forgery) in apostrophe (CVE-2026-45012)
SSRF in apostrophe (CVE-2026-45012). Confidential information can be exposed externally. Exploitable via `POST /api/v1/`.
|
| CVE-2026-44520 |
|
Open Redirect in docling-graph (CVE-2026-44520)
vulnerability in docling-graph (CVE-2026-44520). Confidential information can be exposed externally. Exploitable via ``URLInputHandler``. Mitigation: upgrade to `1.5.1` or later.
|
| CVE-2026-44515 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44515)
SSRF in ssrf (CVE-2026-44515). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `28.3.0-beta.1` or later.
|
| CVE-2026-42591 |
|
SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-42591)
SSRF in github.com/gotenberg/gotenberg/v8 (CVE-2026-42591). Confidential information can be exposed externally. Exploitable via `GET /GOTENBERG_SSRF`.
|
| CVE-2026-42281 |
|
SSRF (Server-Side Request Forgery) in magicmirror (CVE-2026-42281)
SSRF in magicmirror (CVE-2026-42281). Confidential information can be exposed externally. Exploitable via `GET /cors`. Mitigation: upgrade to `2.36.0` or later.
|
| CVE-2026-0258 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-0258)
SSRF in ssrf (CVE-2026-0258). Risk of unauthorized operations or information disclosure.
|