PT-2026-37013

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.14 Description A server-side request forgery SSRF issue exists in the browser SSRF policy that allows private-network navigation by default. This misconfiguration enables attackers to access internal services ...

PT-2026-33422

Name of the Vulnerable Software and Affected Versions cms-fuer-motorrad-werkstaetten versions prior to 1.0.1 Description The cms-fuer-motorrad-werkstaetten plugin for WordPress is susceptible to Cross-Site Request Forgery. This occurs because eight AJAX deletion handlers lack nonce validation and...

PT-2026-37012

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.12 Description An issue exists in the QQBot reply media URL handling that allows server-side request forgery SSRF, a flaw where a server is tricked into making requests to an unintended location. Attackers can...

PT-2026-33461

Name of the Vulnerable Software and Affected Versions prasathmani TinyFileManager versions prior to 2.7 Description An issue in the File Upload Handler component allows for server-side request forgery, a flaw where an attacker can induce the server to make requests to an unintended location. This...

PT-2026-37028

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description A server-side request forgery SSRF policy bypass exists in existing-session browser interaction routes. This allows attackers to bypass navigation guards to interact with or navigate to...

SUSE CVE-2026-39845

Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not utilize existing SSRF protections. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable the webhook add-on as a workaround...

LangChain Text Splitters: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass

Summary HTMLHeaderTextSplitter.splittextfromurl validated the initial URL using validatesafeurl but then performed the fetch with requests.get with redirects enabled the default. Because redirect targets were not revalidated, a URL pointing to an attacker-controlled server could redirect to...

Server-side Request Forgery (SSRF)

Overview @angular/platform-server is an Angular - library for using Angular in Node.js Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the URL parsing during Server-Side Rendering SSR. An attacker can cause the server to make arbitrary HTTP requests to...

Server-side Request Forgery (SSRF)

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via postCore.ts. An attacker can cause the server to make arbitrary HTTP requests to internal or external systems by injecting malicious prompt templates that...

GHSA-XHMJ-RG95-44HV Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox

Summary A Server-Side Request Forgery SSRF protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTPDENYLIST for axios and node-fetch libraries, the built-in Node.js http, https, and net modules are allowed in the NodeVM sandb...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the jwksUri field of the RequestAuthentication resource. An attacker can access internal network resources by specifying a URL pointing to an internal service, causing the system to make unauthenticat...

Istio: SSRF via RequestAuthentication jwksUri

Impact When a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhost or link local ips. This can result in sensitive data being distributed to Envoy proxies via xDS...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the jwksUri field of the RequestAuthentication resource. An attacker can access internal network resources by specifying a URL pointing to an internal service, causing the system to make unauthenticat...

Server-side Request Forgery (SSRF)

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via ExecuteFlow.ts. An attacker can cause the server to initiate HTTP requests to internal network addresses, potentially accessing sensitive management...

Server-side Request Forgery (SSRF)

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the URL-fetching tool in ExecuteFlow.ts, APILoader.ts, FireCrawl.ts, SpiderApp.ts, AzureRerank.ts, Jira/core.ts, MCP/core.ts, OpenAPIToolkit.ts, and...

Weblate: SSRF via the webhook add-on using unprotected fetch_url()

Impact The webhook add-on did not utilize existing SSRF protection. Patches https://github.com/WeblateOrg/weblate/pull/18815 Workarounds Disabling the add-on would avoid misusing this. References Thanks to @Lihfdgjr for reporting this via GitHub...

GHSA-F8HV-G549-HWG2 Weblate: SSRF via the webhook add-on using unprotected fetch_url()

Impact The webhook add-on did not utilize existing SSRF protection. Patches https://github.com/WeblateOrg/weblate/pull/18815 Workarounds Disabling the add-on would avoid misusing this. References Thanks to @Lihfdgjr for reporting this via GitHub...

GHSA-5FHX-9JWJ-867M Weblate: Authenticated SSRF via redirect bypass of ALLOWED_ASSET_DOMAINS in screenshot URL uploads

Impact The ALLOWEDASSETDOMAINS setting applied only to the first issued requests and didn't restrict possible redirects. Patches https://github.com/WeblateOrg/weblate/pull/18550 References This issue was reported by @spbavarva via GitHub...

Server-side Request Forgery (SSRF)

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the screenshot upload, due to improper enforcement of domain restrictions after redirects. An attacker c...

WordPress Career Section plugin <= 1.6 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability

Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by Ivan Cese in WordPress Plugin Career Section versions = 1.6...