CVE-2026-30637

Server-Side Request Forgery SSRF vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to internal services or any remote server...

Exposed Dangerous Method Or Function

MCP Gateway is vulnerable to Exposed Dangerous Method or Function. The vulnerability is due to lack of protection in SSE or streaming transport modes, which allows an attacker to exploit browser-based requests via a malicious website to interact with internal MCP servers...

CVE-2021-28910

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSRF vulnerability. It allow unauthenticated attackers to request to any internal and external server...

CVE-2025-68696

CVE-2025-68696 affects the httparty gem (versions ≤ 0.23.2). The vulnerability is SSRF that can lead to leakage of API keys and allow third parties to issue requests to internal servers. Details across connected sources confirm the affected component (httparty), the root cause (SSRF in SSRF-prone...

CVE-2025-68696 httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd...

PT-2025-52864

Name of the Vulnerable Software and Affected Versions httparty versions prior to 0.23.2 Description httparty is susceptible to a Server-Side Request Forgery SSRF condition in versions 0.23.2 and earlier. This issue could lead to the disclosure of API keys and enable unauthorized requests to...

EUVD-2019-14044

Malware in sbrugna...

EUVD-2017-16544

Malware in sbrugna...

EUVD-2024-46430

Malicious code in bioql PyPI...

EUVD-2025-20190

Malicious code in bioql PyPI...

EUVD-2023-3113

Malicious code in bioql PyPI...

CVE-2025-53473

CVE-2025-53473 is a server-side request forgery (SSRF) vulnerability reported in Nimesa Backup and Recovery. Public sources identify multiple affected branches and versions, including: - prior to v3.0.2025062305, - v2.3, and - v2.4, with the risk of unintended requests being sent to internal serv...

CVE-2025-53473

Server-side request forgery SSRF vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers...

PT-2025-28129 · Unknown · Nimesa Backup/Recovery

Name of the Vulnerable Software and Affected Versions: Nimesa Backup and Recovery affected versions not specified Description: A server-side request forgery SSRF issue exists, which may allow unintended requests to be sent to internal servers if exploited. Recommendations: At the moment, there is...

CVE-2024-47167

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to Server-Side Request Forgery SSRF in the /queue/join endpoint. Gradio’s asyncsaveurltocache function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This...

CVE-2023-6974

A malicious user could use this issue to access internal HTTPs servers and in the worst case ie: aws instance it could be abuse to get a remote code execution on the victim machine...

CVE-2020-28978

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF...

unsanitised Input in code node

Description We can run sandboxed code node with full permissions, before the the sandbox security restrictions are imposed. Javascript allows overriding global functions, thus by defining the parseInt function inside a javascript code node, we are able to execute code with full root permissions o...

CVE-2024-5885

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery SSRF vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain acces...

Server-Side Request Forgery (SSRF)

Gradio is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to SSRF in the /queue/join endpoint, allowing attackers to exploit the asyncsaveurltocache function to make HTTP requests to user-controlled URLs. This can enable attackers to target internal servers, exfiltrate...