CVE-2026-47382

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the connection-test endpoint opened a raw TCP socket to the user-supplied database host without resolving and range-checking the destination, so private and link-local addresses including IPv4-mapped IPv6 forms and...

CVE-2026-47382

CVE-2026-47382 concerns NocoDB, where the connection-test endpoint allowed SSRF by opening a raw TCP socket to a user-supplied database host without DNS resolution and range checks. This could reach private/link-local addresses (including IPv4-mapped IPv6 and localhost) before a fix. The issue is...

CVE-2026-47382 NocoDB: Server-Side Request Forgery via Database Connection Host

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the connection-test endpoint opened a raw TCP socket to the user-supplied database host without resolving and range-checking the destination, so private and link-local addresses including IPv4-mapped IPv6 forms and...

CVE-2026-50552

Koel is a free, open-source music streaming solution. Prior to version 9.7.1, Koel contains a Server-Side Request Forgery SSRF vulnerability in the radio station creation endpoint POST /api/radio/stations. The url field validation rules are declared without the bail keyword, so the...

SUSE CVE-2026-50127

Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCSRESTRICTPRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions...

CVE-2026-53782 Summarize < 0.17.0 SSRF via podcast:transcript URL fetch

Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying...

PT-2026-48732

Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying...

EUVD-2026-36113

Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCSRESTRICTPRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions...

GHSA-5G86-85RP-F9HX Papra HTTP redirect bypass can lead to SSRF via webhook delivery system

Summary Papra's webhook delivery system contains an SSRF protection bypass that allows any authenticated organisation member to cause the server to make HTTP requests to internal addresses — loopback, link-local, and RFC-1918 ranges. The SSRF protection validates the registered webhook URL but...

CVE-2026-42592

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when i...

GHSA-W43H-R5M5-P832 NocoDB: Server-Side Request Forgery via Database Connection Host

Summary The connection-test endpoint opened a raw TCP socket to the user-supplied database host without resolving and range-checking the destination, so private and link-local addresses including IPv4-mapped IPv6 forms and localhost reached the driver. Details A new validateDbConnectionHost helpe...

PT-2026-47080

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description The 'connection-test' endpoint opens a raw TCP socket to a user-supplied database host without resolving or range-checking the destination. This allows private and link-local addresses, including...

CVE-2026-49138 Nanobot < 0.2.1 SSRF via web_fetch Tool Redirect Following

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the webfetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL that redirects to a loopback or private address via a 3xx Location header. Attackers can exploit the...

EUVD-2026-33757

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the webfetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL that redirects to a loopback or private address via a 3xx Location header. Attackers can exploit the...

CVE-2026-9818

...

CVE-2026-45401

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the validateurl function in backend/openwebui/retrieval/web/utils.py only validates the initial URL submitted by the caller. The HTTP clients used downstream sync requests, async...

CVE-2026-45401 Open WebUI: SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the validateurl function in backend/openwebui/retrieval/web/utils.py only validates the initial URL submitted by the caller. The HTTP clients used downstream sync requests, async...

Open WebUI has a SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints (not addressed by CVE-2025-65958)

Server-Side Request Forgery SSRF Bypass via HTTP Redirect Following in Web-Fetch, Image-Load, and Chat-Completion Endpoints Summary The validateurl function in backend/openwebui/retrieval/web/utils.py only validates the initial URL submitted by the caller. The HTTP clients used downstream sync...

CVE-2026-42592 Gotenberg: DNS rebinding bypasses SSRF validation on Chromium URL conversion routes

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when i...

CVE-2026-41654 Weblate is Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url

Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission default on hosted Weblate SaaS and for any user holding an active billing/trial plan can import a crafted project backup ZIP whose components/.json contains an attacker-chosen repo...