Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-59702 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-59702 (CVE-2026-59702)
SSRF in CVE-2026-59702 (CVE-2026-59702). Confidential information can be exposed externally. Exploitable via `POST /api/pack`.
|
| CVE-2025-53830 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-53830)
SSRF in ssrf (CVE-2025-53830). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48205 |
|
Vulnerability in apache (CVE-2026-48205)
vulnerability in apache (CVE-2026-48205). Confidential information can be exposed externally.
|
| CVE-2026-48203 |
|
Vulnerability in apache (CVE-2026-48203)
vulnerability in apache (CVE-2026-48203). Confidential information can be exposed externally.
|
| CVE-2026-22874 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-22874)
SSRF in ssrf (CVE-2026-22874). Confidential information can be exposed externally.
|
| CVE-2026-57100 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-57100)
SSRF in ssrf (CVE-2026-57100). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45499 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-45499)
SSRF in ssrf (CVE-2026-45499). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55115 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-55115)
SSRF in ssrf (CVE-2026-55115). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49869 |
|
OS Command Injection in kestra (CVE-2026-49869)
OS command injection in kestra (CVE-2026-49869). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.45` or later.
|
| CVE-2026-55455 |
|
SSRF (Server-Side Request Forgery) in appsmith (CVE-2026-55455)
SSRF in appsmith (CVE-2026-55455). Confidential information can be exposed externally. Mitigation: upgrade to `2.1` or later.
|
| CVE-2026-54157 |
|
SSRF (Server-Side Request Forgery) in @lobehub/lobehub (CVE-2026-54157)
SSRF in @lobehub/lobehub (CVE-2026-54157). Confidential information can be exposed externally. Exploitable via `POST /webapi/proxy`. Mitigation: upgrade to `2.1.57` or later.
|
| CVE-2026-50887 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50887)
SSRF in ssrf (CVE-2026-50887). Confidential information can be exposed externally.
|
| CVE-2026-47938 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-47938)
SSRF in ssrf (CVE-2026-47938). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43986 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-43986)
SSRF in ssrf (CVE-2026-43986). Confidential information can be exposed externally. Exploitable via ``image_hash_lookup``.
|
| CVE-2026-9813 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-9813)
SSRF in ssrf (CVE-2026-9813). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56348 |
|
SSRF (Server-Side Request Forgery) in n8n (CVE-2026-56348)
SSRF in n8n (CVE-2026-56348). Confidential information can be exposed externally. Exploitable via `POST /rest/dynamic-node-parameters/options`. Mitigation: upgrade to `2.20.0` or later.
|
| CVE-2026-30118 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-30118)
SSRF in ssrf (CVE-2026-30118). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42596 |
|
SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-42596)
SSRF in github.com/gotenberg/gotenberg/v8 (CVE-2026-42596). Confidential information can be exposed externally. Exploitable via `POST /upload`. Mitigation: upgrade to `8.32.0` or later.
|
| CVE-2026-42864 |
|
Vulnerability in firefighter-incident (CVE-2026-42864)
vulnerability in firefighter-incident (CVE-2026-42864). Confidential information can be exposed externally. Exploitable via `POST /api/v2/firefighter/raid/jira_bot`. Mitigation: upgrade to `0.0.54` or later.
|
| CVE-2026-44313 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44313)
SSRF in ssrf (CVE-2026-44313). Confidential information can be exposed externally. Exploitable via `GET /api/v1/archives/{linkId}`.
|
| CVE-2026-44694 |
|
Vulnerability in n8n-mcp (CVE-2026-44694)
vulnerability in n8n-mcp (CVE-2026-44694). Confidential information can be exposed externally. Exploitable via ``N8N_API_URL``. Mitigation: upgrade to `2.50.2` or later.
|
| CVE-2026-44335 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44335)
SSRF in ssrf (CVE-2026-44335). Successful exploitation can lead to full system takeover. Exploitable via ``requests``. Mitigation: upgrade to `>= 1.6.32` or later.
|
| CVE-2026-8034 |
|
Vulnerability in ssrf (CVE-2026-8034)
vulnerability in ssrf (CVE-2026-8034). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34084 |
|
Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-34084)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-34084). Successful exploitation can lead to full system takeover. Exploitable via ``is_file``. Mitigation: upgrade to `1.30.3` or later.
|
| CVE-2026-43995 |
|
SSRF (Server-Side Request Forgery) in flowise (CVE-2026-43995)
SSRF in flowise (CVE-2026-43995). Successful exploitation can lead to full system takeover. Exploitable via ``httpSecurity.ts``. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-40089 |
|
SSRF (Server-Side Request Forgery) in c (CVE-2026-40089)
SSRF in c (CVE-2026-40089). Confidential information can be exposed externally.
|
| CVE-2025-62718 |
|
Vulnerability in axios (CVE-2025-62718)
vulnerability in axios (CVE-2025-62718). Confidential information can be exposed externally. Exploitable via ``NO_PROXY``. Mitigation: upgrade to `0.31.0` or later.
|
| CVE-2026-31017 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-31017)
SSRF in ssrf (CVE-2026-31017). Confidential information can be exposed externally.
|
| CVE-2026-32871 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-32871)
SSRF in ssrf (CVE-2026-32871). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`.
|
| CVE-2025-11242 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-11242)
SSRF in ssrf (CVE-2025-11242). Successful exploitation can lead to full system takeover.
|
| CVE-2025-25785 |
|
SSRF (Server-Side Request Forgery) in c (CVE-2025-25785)
SSRF in c (CVE-2025-25785). Confidential information can be exposed externally.
|
| CVE-2024-55875 |
|
Information Disclosure in org.http4k:http4k-format-xml (CVE-2024-55875)
vulnerability in org.http4k:http4k-format-xml (CVE-2024-55875). Successful exploitation can lead to full system takeover. Exploitable via ``DocumentBuilderFactory``. Mitigation: upgrade to `6.50.0.0` or later.
|
| CVE-2024-25294 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2024-25294)
SSRF in ssrf (CVE-2024-25294). Confidential information can be exposed externally.
|
| CVE-2023-41449 |
|
SSRF (Server-Side Request Forgery) in phpkobo (CVE-2023-41449)
SSRF in phpkobo (CVE-2023-41449). Successful exploitation can lead to full system takeover.
|
| CVE-2023-35175 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-35175)
SSRF in ssrf (CVE-2023-35175). Successful exploitation can lead to full system takeover.
|
| CVE-2023-27162 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-27162)
SSRF in ssrf (CVE-2023-27162). Confidential information can be exposed externally.
|
| CVE-2023-1725 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-1725)
SSRF in ssrf (CVE-2023-1725). Successful exploitation can lead to full system takeover.
|
| CVE-2022-40842 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2022-40842)
SSRF in ssrf (CVE-2022-40842). Confidential information can be exposed externally.
|
| CVE-2022-38580 |
|
Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).
Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).
|
| CVE-2020-25466 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2020-25466)
SSRF in ssrf (CVE-2020-25466). Successful exploitation can lead to full system takeover.
|
| CVE-2021-42637 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2021-42637)
SSRF in ssrf (CVE-2021-42637). Successful exploitation can lead to full system takeover.
|
| CVE-2017-17674 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2017-17674)
SSRF in ssrf (CVE-2017-17674). Successful exploitation can lead to full system takeover.
|
| CVE-2017-11291 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2017-11291)
SSRF in ssrf (CVE-2017-11291). Confidential information can be exposed externally.
|
| CVE-2017-0907 |
|
SSRF (Server-Side Request Forgery) in csharp (CVE-2017-0907)
SSRF in csharp (CVE-2017-0907). Successful exploitation can lead to full system takeover.
|
| CVE-2017-0905 |
|
SSRF (Server-Side Request Forgery) in recurly (CVE-2017-0905)
SSRF in recurly (CVE-2017-0905). Successful exploitation can lead to full system takeover.
|
| CVE-2017-0889 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2017-0889)
SSRF in ssrf (CVE-2017-0889). Successful exploitation can lead to full system takeover.
|
| CVE-2017-0906 |
|
SSRF (Server-Side Request Forgery) in recurly (CVE-2017-0906)
SSRF in recurly (CVE-2017-0906). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12905 |
|
SSRF (Server-Side Request Forgery) in vebto (CVE-2017-12905)
SSRF in vebto (CVE-2017-12905). Successful exploitation can lead to full system takeover.
|
| CVE-2017-9458 |
|
XXE (XML External Entity) in ssrf (CVE-2017-9458)
vulnerability in ssrf (CVE-2017-9458). Successful exploitation can lead to full system takeover.
|
| CVE-2017-8794 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2017-8794)
SSRF in ssrf (CVE-2017-8794). Confidential information can be exposed externally.
|