CVE-2026-53782

CVE-2026-53782 affects Summarize

EUVD-2026-32554

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm Subscriber Data Management service. An unauthenticated attacker can inject control characters into the SUPI...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Glide process. An attacker can cause the server to initiate HTTP requests to internal network addresses, potentially exposing sensitive internal resources, by supplying specially crafted URLs tha...

Open WebUI 代码问题漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 had code vulnerabilities. These vulnerabilities stemmed from the processpictureurl function, which extracted arbitrary URLs from OAuth image claims without...

CVE-2026-42175

requests-hardened is a library that overrides the default behaviors of the requests library, and adds new security features. Prior to , the SSRF protection in requests-hardened fails to block IP addresses within the RFC 6598 Shared Address Space 100.64.0.0/10. An attacker who can supply arbitrary...

GHSA-96QJ-4JJ5-WCJC Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false

Summary There is a medium severity vulnerability in Traefik's Kubernetes Gateway API provider that allows a tenant with HTTPRoute creation permissions to expose the REST provider handler, bypassing the providers.rest.insecure=false setting. The Gateway provider accepts any TraefikService backend...

CVE-2026-33975

CVE-2026-33975 affects Twenty-server SSRF protection in Twenty (NestJS) and can be bypassed in versions ≤ 1.18.0 by using IPv4-mapped IPv6 literals. The Node.js URL parser normalizes these to hex form (for example ::ffff:169.254.169.254 to ::ffff:a9fe:a9fe), while the isPrivateIp utility only rec...

Axios: no_proxy bypass via IP alias allows SSRF

The fix for noproxy hostname normalization bypass 10661 is incomplete.When noproxy=localhost is set, requests to 127.0.0.1 and ::1 still route through the proxy instead of bypassing it. The shouldBypassProxy function does pure string matching — it does not resolve IP aliases or loopback...

Server-side Request Forgery (SSRF)

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the parseurl, prepareimage and openaiaudiototext functions. An attacker can access internal resources and potentially exfiltra...

WWBN AVideo has an incomplete fix for CVE-2026-33039: SSRF

Summary The incomplete SSRF fix in AVideo's LiveLinks proxy adds isSSRFSafeURL validation but leaves DNS TOCTOU vulnerabilities where DNS rebinding between validation and the actual HTTP request redirects traffic to internal endpoints. Affected Package - Ecosystem: Other - Package: AVideo -...

EUVD-2026-17956

A vulnerability in Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An...

OpenClaw affected by SSRF via unguarded image download in fal provider

Summary The fal provider used raw fetches for both provider API traffic and returned image download URLs instead of the existing SSRF-guarded fetch path. Impact A malicious or compromised fal relay could make the gateway fetch internal URLs and expose metadata or internal service responses throug...

📄 lollms-webui Server-Side Request Forgery

A critical server-side request forgery vulnerability has been identified in lollms-webui, the web interface for Lord of Large Language and Multi modal Systems. The @router.post"/api/proxy" endpoint allows unauthenticated attackers to force the server into making arbitrary GET requests. This can b...

CVE-2026-33126 Frigate has SSRF vulnerability in /ffprobe endpoint

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to version 0.16.3, the /ffprobe endpoint accepts arbitrary user-controlled URLs without proper validation, allowing Server-Side Request Forgery SSRF attacks. An attacker can use the Frigate server t...

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 1.4.2 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of UDM errors; when a downstream error of 400 was converted to an error of 500, it could lea...

PT-2026-23716

Name of the Vulnerable Software and Affected Versions Navtor NavBox affected versions not specified Description A remote, unauthenticated attacker can send crafted requests to the /api/ais-data endpoint, triggering an unhandled exception. This causes the server to return verbose .NET stack traces...

SUSE CVE-2025-50180

esm.sh is a no-build content delivery network CDN for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Version 137 fixes the vulnerability...

Server-side Request Forgery (SSRF)

Overview @opennextjs/cloudflare is a Cloudflare builder for next apps Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the cdn-cgi/image/ handler due to improper path normalization. An attacker can cause the server to fetch arbitrary remote URLs and...

CVE-2026-28416 Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery SSRF vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses...

CVE-2026-21902 Junos OS Evolved: PTX Series: A vulnerability allows a unauthenticated, network-based attacker to execute code as root

An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root. The On-Box Anomaly detection framework should only be...