89749 matches found
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the FilterOutboundURL process. An attacker can access internal network resources and retrieve sensitive information by exploiting DNS rebinding to bypass outbound URL filtering. This is only...
Server-side Request Forgery (SSRF)
Overview github.com/gotenberg/gotenberg/v7/pkg/modules/chromium is a Docker-powered stateless API for PDF files. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the FilterOutboundURL process. An attacker can access internal network resources and retrie...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the FilterOutboundURL process. An attacker can access internal network resources and retrieve sensitive information by exploiting DNS rebinding to bypass outbound URL filtering. This is only...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the FilterOutboundURL process. An attacker can access internal network resources and retrieve sensitive information by exploiting DNS rebinding to bypass outbound URL filtering. This is only...
Gotenberg has a Server-Side Request Forgery (SSRF) Issue
Summary The SSRF hardening shipped in v8.31.0 only covers outbound URLs that Gotenberg's Go code handles — Chromium asset fetches, webhook delivery, and download-from. The LibreOffice conversion endpoint /forms/libreoffice/convert passes uploaded documents directly to LibreOffice without inspecti...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the libreoffice process when uploaded files containing external references are passed directly for conversion without content inspection. An attacker can cause the server to make arbitrary outbound HT...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the libreoffice process when uploaded files containing external references are passed directly for conversion without content inspection. An attacker can cause the server to make arbitrary outbound HT...
GHSA-RM4C-XJ6X-49MW Gotenberg has a Server-Side Request Forgery (SSRF) Issue
Summary The SSRF hardening shipped in v8.31.0 only covers outbound URLs that Gotenberg's Go code handles — Chromium asset fetches, webhook delivery, and download-from. The LibreOffice conversion endpoint /forms/libreoffice/convert passes uploaded documents directly to LibreOffice without inspecti...
OpenClaw server-side request forgery vulnerability (CNVD-2026-19639)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a server-side request forgery vulnerability that can be exploited by an attacker to gain unauthorized access to internal resources by providing a malicious photo URL to the Zalo Bot API to bypass SSRF...
PT-2026-38584
Name of the Vulnerable Software and Affected Versions Azure Notification Service affected versions not specified Description Server-side request forgery SSRF, a flaw where an attacker can induce the server to make requests to an unintended location, in the Azure Notification Service allows an...
PT-2026-38625
Name of the Vulnerable Software and Affected Versions python-utcp versions prior to 1.1.3 Description The utcp-http plugin is subject to a blind Server-Side Request Forgery SSRF, a flaw where an attacker can induce the server to make requests to an unintended location. This occurs due to a...
DivvyDrive 跨站请求伪造漏洞
DivvyDrive is a file storage and sharing management platform developed by DivvyDrive Inc. in Turkey. Versions of DivvyDrive from 4.8.2.9 to 4.8.3.2 contained a cross-site request forgeing vulnerability. This vulnerability was caused by cross-site request forgeing, and it could lead to cross-site...
Microsoft Azure Notification Service 代码问题漏洞
Microsoft Azure Notification Service is a notification delivery service provided by Microsoft Corporation in the United States. There is a code vulnerability in Microsoft Azure Notification Service, which stems from server-side request forgery. This vulnerability could allow authorized attackers ...
PT-2026-38426
Name of the Vulnerable Software and Affected Versions DivvyDrive versions 4.8.2.9 through 4.8.3.1 Description DivvyDrive contains a Cross-Site Request Forgery CSRF flaw, which is a type of attack that tricks a victim into submitting a malicious request. This allows an attacker to perform actions ...
Admidio 跨站请求伪造漏洞
Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a cross-site request forgeing vulnerability. This...
PT-2026-38545
A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/api tools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote...
monetr 安全漏洞
Monetr is an open-source personal budget management application developed by Monetr. Versions of Monetr prior to 1.12.5 contained a security vulnerability. This vulnerability stemmed from server-side request forgeing in the Lunch Flow integration, which could allow authenticated users to send HTT...
PT-2026-38623
Name of the Vulnerable Software and Affected Versions nuxt-og-image versions 6.2.5 through 6.4.8 @nuxtjs/og-image versions 6.2.5 through 6.4.8 Description An issue exists in the isBlockedUrl function where the denylist used to prevent Server-Side Request Forgery SSRF is incomplete. This allows...
Wallos 代码问题漏洞
Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos 4.8.4 and earlier contained code vulnerabilities due to incomplete SSRF protections. The vulnerability arises from the use of gethostbyname to verify the Webhook URL without utilizing the...
Wallos 代码问题漏洞
Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.8.1 contained code vulnerabilities. These vulnerabilities stemmed from the SSRF protection mechanism not preventing the CGNAT address range, which could allow authenticated users to...