AI Threat Alert
All CVEs Papers
Severity:
Critical High Medium Low
125 results in 7ms
CVE MEDIUM CVE-2025-67743

Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service

CVSS 6.3 local-deep-research View details
CVE HIGH GHSA-mrvx-jmjw-vggc

SearXNG MCP Server: DNS-resolved Private Hostname SSRF in `web_url_read

CVSS 7.1 mcp-searxng View details
CVE HIGH CVE-2026-45338

Open WebUI Vulnerable to SSRF via OAuth Profile Picture URL in _process_picture_url (oauth.py

CVSS 7.7 open-webui View details
CVE HIGH GHSA-xhmj-rg95-44hv

Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox

CVSS 7.1 flowise-components View details
CVE HIGH CVE-2026-27826

Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers

CVSS 8.2 mcp-atlassian View details
CVE MEDIUM CVE-2026-47390

PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings

CVSS 5.5 PraisonAI View details
CVE MEDIUM GHSA-qqvm-66q4-vf5c

Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure

flowise-components View details
CVE HIGH GHSA-rjvw-7vvw-549v

PraisonAI: Jobs webhook SSRF protection bypass via DNS rebinding

CVSS 7.2 praisonai View details
CVE HIGH GHSA-4pcv-mg8v-vrgf

PraisonAI: Server-Side Request Forgery (SSRF) in SearxNG / search_web tools via attacker-controlled searxng_url parameter

CVSS 8.8 praisonaiagents View details
CVE HIGH GHSA-vxgj-xg5c-p4h7

praisonaiagents: SSRF guard validates literal IPs only and never resolves

CVSS 8.5 praisonaiagents View details
CVE HIGH CVE-2026-54008

Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url` (incomplete-fix sibling

CVSS 8.5 open-webui View details
CVE HIGH GHSA-hv85-774v-26fg

auth-fetch-mcp: SSRF and disk exfiltration via unvalidated auth_fetch and download_media URLs

CVSS 8.2 auth-fetch-mcp View details
CVE HIGH CVE-2026-45310

DeepSeek TUI has SSRF via HTTP Redirect Bypass in fetch_url Tool

CVSS 7.4 deepseek-tui View details
CVE HIGH CVE-2026-41270

customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection

CVSS 8.3 flowise View details
CVE HIGH GHSA-6r77-hqx7-7vw8

Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains

CVSS 7.1 flowise-components View details
CVE HIGH CVE-2026-54353

budibase/backend-core has potential SSRF DNS rebinding bypass in outbound fetch validation

CVSS 8.5 @budibase/backend-core View details
CVE MEDIUM GHSA-6h9p-93hq-q7h6

PraisonAI: SpiderTools redirect-target SSRF protection bypass

CVSS 6.5 praisonaiagents View details
CVE HIGH CVE-2026-54017

Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal

CVSS 7.7 open-webui View details
CVE HIGH CVE-2026-48146

Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection

CVSS 7.7 @budibase/server View details
CVE MEDIUM CVE-2026-43979

local-deep-research is Vulnerable to HTML Injection via Unescaped

CVSS 5.0 local-deep-research View details
Page 1 of 7 Next