Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-45503 |
|
Vulnerability in ssrf (CVE-2026-45503)
vulnerability in ssrf (CVE-2026-45503). Confidential information can be exposed externally.
|
| CVE-2026-41854 |
|
SSRF (Server-Side Request Forgery) in spring (CVE-2026-41854)
SSRF in spring (CVE-2026-41854). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11469 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-11469 (CVE-2026-11469)
SSRF in CVE-2026-11469 (CVE-2026-11469). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11437 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-11437 (CVE-2026-11437)
SSRF in CVE-2026-11437 (CVE-2026-11437). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11424 |
|
Information Disclosure in ssrf (CVE-2026-11424)
vulnerability in ssrf (CVE-2026-11424). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.1.1` or later.
|
| CVE-2026-47684 |
|
SSRF (Server-Side Request Forgery) in @sync-in/server (CVE-2026-47684)
SSRF in @sync-in/server (CVE-2026-47684). Confidential information can be exposed externally. Mitigation: upgrade to `2.3.0` or later.
|
| CVE-2026-47382 |
|
SSRF (Server-Side Request Forgery) in nocodb (CVE-2026-47382)
SSRF in nocodb (CVE-2026-47382). Risk of unauthorized operations or information disclosure. Exploitable via ``localhost``. Mitigation: upgrade to `2026.05.1` or later.
|
| CVE-2026-11346 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-11346)
SSRF in ssrf (CVE-2026-11346). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10586 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-10586)
SSRF in wordpress (CVE-2026-10586). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43986 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-43986)
SSRF in ssrf (CVE-2026-43986). Confidential information can be exposed externally. Exploitable via ``image_hash_lookup``.
|
| CVE-2026-10771 |
|
A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate...
A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate...
|
| CVE-2026-44016 |
|
Code Injection in docling (CVE-2026-44016)
code injection in docling (CVE-2026-44016). Confidential information can be exposed externally. Exploitable via ``enable_remote_fetch``. Mitigation: upgrade to `2.91.0` or later.
|
| CVE-2026-26379 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-26379)
SSRF in ssrf (CVE-2026-26379). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20230 KEV |
|
[KEV] SSRF (Server-Side Request Forgery) in Cisco ssrf (CVE-2026-20230)
SSRF in Cisco ssrf (CVE-2026-20230). Data can be tampered with by attackers. Listed in CISA KEV — actively exploited.
|
| CVE-2026-10690 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-10690 (CVE-2026-10690)
SSRF in CVE-2026-10690 (CVE-2026-10690). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10662 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-10662 (CVE-2026-10662)
SSRF in CVE-2026-10662 (CVE-2026-10662). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49120 |
|
Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription...
Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription...
|
| CVE-2026-10583 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-10583 (CVE-2026-10583)
SSRF in CVE-2026-10583 (CVE-2026-10583). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10581 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-10581 (CVE-2026-10581)
SSRF in CVE-2026-10581 (CVE-2026-10581). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49139 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-49139 (CVE-2026-49139)
SSRF in CVE-2026-49139 (CVE-2026-49139). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`.
|
| CVE-2026-49138 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-49138 (CVE-2026-49138)
SSRF in CVE-2026-49138 (CVE-2026-49138). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10287 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-10287 (CVE-2026-10287)
SSRF in CVE-2026-10287 (CVE-2026-10287). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10280 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-10280 (CVE-2026-10280)
SSRF in CVE-2026-10280 (CVE-2026-10280). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10276 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-10276 (CVE-2026-10276)
SSRF in CVE-2026-10276 (CVE-2026-10276). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10274 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-10274 (CVE-2026-10274)
SSRF in CVE-2026-10274 (CVE-2026-10274). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49328 |
|
SSRF (Server-Side Request Forgery) in apache (CVE-2026-49328)
SSRF in apache (CVE-2026-49328). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10241 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-10241 (CVE-2026-10241)
SSRF in CVE-2026-10241 (CVE-2026-10241). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10517 |
|
SSRF (Server-Side Request Forgery) in github.com/quay/claircore (CVE-2026-10517)
SSRF in github.com/quay/claircore (CVE-2026-10517). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10240 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-10240 (CVE-2026-10240)
SSRF in CVE-2026-10240 (CVE-2026-10240). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10239 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-10239 (CVE-2026-10239)
SSRF in CVE-2026-10239 (CVE-2026-10239). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10177 |
|
SSRF (Server-Side Request Forgery) in aider-chat (CVE-2026-10177)
SSRF in aider-chat (CVE-2026-10177). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47268 |
|
SSRF (Server-Side Request Forgery) in github.com/nezhahq/nezha (CVE-2026-47268)
SSRF in github.com/nezhahq/nezha (CVE-2026-47268). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/ddns`. Mitigation: upgrade to `2.0.10` or later.
|
| CVE-2026-48555 |
|
SSRF (Server-Side Request Forgery) in spatie/laravel-medialibrary (CVE-2026-48555)
SSRF in spatie/laravel-medialibrary (CVE-2026-48555). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.23.0` or later.
|
| CVE-2026-44285 |
|
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network prot...
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by exploi...
|
| CVE-2026-47260 |
|
SSRF (Server-Side Request Forgery) in phanan/koel (CVE-2026-47260)
SSRF in phanan/koel (CVE-2026-47260). Confidential information can be exposed externally. Exploitable via `POST /api/podcasts`. Mitigation: upgrade to `9.3.5` or later.
|
| CVE-2026-49372 |
|
In JetBrains TeamCity before 2026.1,
2025.11.5 unauthenticated SSRF via build status was possible
In JetBrains TeamCity before 2026.1,
2025.11.5 unauthenticated SSRF via build status was possible
|
| CVE-2026-10107 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-10107 (CVE-2026-10107)
SSRF in CVE-2026-10107 (CVE-2026-10107). Confidential information can be exposed externally.
|
| CVE-2026-10068 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-10068 (CVE-2026-10068)
SSRF in CVE-2026-10068 (CVE-2026-10068). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44492 |
|
Vulnerability in axios (CVE-2026-44492)
vulnerability in axios (CVE-2026-44492). Confidential information can be exposed externally. Mitigation: upgrade to `1.16.0` or later.
|
| CVE-2026-42965 |
|
SSRF (Server-Side Request Forgery) in redhat (CVE-2026-42965)
SSRF in redhat (CVE-2026-42965). Confidential information can be exposed externally.
|
| CVE-2026-9557 |
|
SSRF (Server-Side Request Forgery) in mautic/core (CVE-2026-9557)
SSRF in mautic/core (CVE-2026-9557). Risk of unauthorized operations or information disclosure. Exploitable via ``MauticFocusBundle``. Mitigation: upgrade to `7.1.2` or later.
|
| CVE-2026-10052 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-10052 (CVE-2026-10052)
SSRF in CVE-2026-10052 (CVE-2026-10052). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49093 |
|
SSRF (Server-Side Request Forgery) in elk (CVE-2026-49093)
SSRF in elk (CVE-2026-49093). Confidential information can be exposed externally. Mitigation: upgrade to `9.3.3` or later.
|
| CVE-2026-42398 |
|
SSRF (Server-Side Request Forgery) in elk (CVE-2026-42398)
SSRF in elk (CVE-2026-42398). Confidential information can be exposed externally. Mitigation: upgrade to `9.2.8, 9.3.2` or later.
|
| CVE-2026-49129 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-49129 (CVE-2026-49129)
SSRF in CVE-2026-49129 (CVE-2026-49129). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46526 |
|
SSRF (Server-Side Request Forgery) in local-deep-research (CVE-2026-46526)
SSRF in local-deep-research (CVE-2026-46526). Risk of unauthorized operations or information disclosure. Exploitable via ``validate_url``. Mitigation: upgrade to `1.6.10` or later.
|
| CVE-2026-48522 |
|
Vulnerability in pyjwt (CVE-2026-48522)
vulnerability in pyjwt (CVE-2026-48522). Risk of unauthorized operations or information disclosure. Exploitable via ``uri``. Mitigation: upgrade to `2.13.0` or later.
|
| CVE-2026-9813 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-9813)
SSRF in ssrf (CVE-2026-9813). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5737 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-5737)
SSRF in wordpress (CVE-2026-5737). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48153 |
|
SSRF (Server-Side Request Forgery) in @budibase/server (CVE-2026-48153)
SSRF in @budibase/server (CVE-2026-48153). Confidential information can be exposed externally. Exploitable via ``fetchToken``. Mitigation: upgrade to `3.39.0` or later.
|