46 matches found
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadFrom and webhook processes. An attacker can access internal network resources and potentially exfiltrate sensitive information or interact with internal-only services by supplying special...
Server-side Request Forgery (SSRF)
Overview github.com/gotenberg/gotenberg/v7/pkg/modules/chromium is a Docker-powered stateless API for PDF files. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the FilterOutboundURL process. An attacker can access internal network resources and retrie...
Flowise 访问控制错误漏洞
Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior to Flowise 3.1.0, there was a security vulnerability related to access control. This vulnerability stemmed from a bypass of the SRFI protection in the Custom Function feature, allowing...
EUVD-2026-25102
Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the RestoreController.PostRestoreJob endpoint allows an administrator to supply an arbitrary URL for downloading backup archives. This URL is fetched using the "Backup" HttpClient...
CVE-2026-41297
OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows attackers to access internal resources by following unvalidated redirects. The marketplace.ts module fails to restrict redirect destinations during archive...
CVE-2026-41302 OpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Plugin Download
OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch calls to access internal resources or interact with external...
Server-side Request Forgery (SSRF)
Overview langchain-text-splitters is a LangChain text splitting utilities Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the splittextfromurl function. An attacker can access internal network resources and potentially exfiltrate sensitive data by supplying...
Server-side Request Forgery (SSRF)
Overview @frontmcp/adapters is an Adapters for the FrontMCP framework Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the initialize process. An attacker can access internal network resources or sensitive local files by submitting a crafted OpenAPI...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the GET /api/website/title endpoint. An attacker can access internal or restricted network resources and potentially exfiltrate sensitive information by supplying a crafted URL to the unauthenticated...
CVE-2026-31945
LibreChat (versions 0.8.2-rc2 to 0.8.2) is vulnerable to SSRF via DNS resolution in agent actions or MCP. The issue arises because prior fixes only added hostname validation and do not verify whether DNS results map to private IPs, allowing access to internal resources (e.g., internal RAG API or ...
Server-side Request Forgery (SSRF)
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the urlgetcontents function. An attacker can access internal network resources or cloud metadata endpoints by supplying a publ...
CVE-2026-32255
Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...
CVE-2026-32255
Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the URL validation logic due to improper handling of underscores in hostnames. An attacker can access internal resources or sensitive endpoints by submitting specially crafted URLs containing...
Server-side Request Forgery (SSRF)
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the webfetch process when environment proxy variables are configured. An attacker can access internal or private network resources by supplying...
PT-2026-21933
Name of the Vulnerable Software and Affected Versions esm.sh versions prior to 137 Description esm.sh is susceptible to a full-response Server-Side Request Forgery SSRF issue. This allows an attacker to retrieve information from internal websites. The issue resides in the routing logic,...
CVE-2026-27567 Payload has Server-Side Request Forgery (SSRF) in External File URL Uploads
Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery SSRF vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an...
CVE-2026-25991
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, there is a Blind Server-Side Request Forgery SSRF vulnerability in the Cookmate recipe import feature of Tandoor Recipes. The application fails to validate the destination URL afte...
CVE-2026-25580
Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 0.0.26 to before 1.56.0, aServer-Side Request Forgery SSRF vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources,...
📄 Mailpit Server-Side Request Forgery
A server-side request forgery vulnerability exists in Mailpit's /proxy endpoint that allows attackers to make requests to internal network resources. Versions prior to 1.28.0 are affected. Mailpit - Server-Side Request Forgery SSRF Advisory ID: RO-26-001 CVE ID: CVE-2026-21859 Severity: Medium...