Server-side Request Forgery (SSRF)

Overview pagekit/pagekit is a modular and lightweight CMS built with Symfony components and Vue.js. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the url argument in the /index.php/admin/system/update/download process. An attacker can access internal...

GHSA-7R9J-R86Q-7G45 Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist

Summary | Field | Value | |-------|-------| | Title | SSRF via REST Connector with Empty Default Blacklist Leading to Full Internal Data Exfiltration | | Product | Budibase | | Version | 3.30.6 latest stable as of 2026-02-25 | | Component | REST Datasource Integration + Backend-Core Blacklist...

CVE-2026-31959 SSRF in Quill via unvalidated URL from Apple notarization log retrieval

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple'...

CVE-2026-27696 changedetection.io Vulnerable to Server-Side Request Forgery (SSRF) via Watch URLs

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery SSRF because the URL validation function issafevalidurl does not validate the resolved IP address of watch URLs against private,...

CVE-2026-27696 changedetection.io Vulnerable to Server-Side Request Forgery (SSRF) via Watch URLs

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery SSRF because the URL validation function issafevalidurl does not validate the resolved IP address of watch URLs against private,...

CVE-2026-27696

CVE-2026-27696 affects changedetection.io prior to 0.54.1. The SSRF vulnerability arises because is_safe_valid_url() does not validate the resolved IP against private, loopback, or link-local ranges, allowing an authenticated user (or any user when no password is configured by default) to add wat...

CVE-2026-27696

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery SSRF because the URL validation function issafevalidurl does not validate the resolved IP address of watch URLs against private,...

CVE-2026-22597

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

CVE-2026-22597

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

Ghost vulnerable to Server Side Request Forgery (SSRF) via oEmbed Bookmark

Impact A vulnerability in Ghost's oEmbed mechanism allows staff users to exfiltrate data from internal systems via SSRF. Vulnerable versions This vulnerability is present in Ghost v5.99.0 to v5.130.3 to and Ghost v6.0.0 to v6.0.8. Patches v5.130.4 and v6.0.9 contain a fix for this issue. Referenc...