PT-2026-29852

Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the POST /public/v1/upload-from-url endpoint accepts a user-supplied URL and fetches it server-side using axios.get with no SSRF protections. The only validation is a file extension check .png, .jpg, etc. which is trivially...

PT-2026-29951

Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery SSRF in github.com/docker/model-runner...

WordPress plugin Webmention 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Microsoft Azure Databricks 代码问题漏洞

Microsoft Azure Databricks is an open analysis platform provided by the American company Microsoft. There is a code vulnerability in Microsoft Azure Databricks, which stems from server-side request forgery. This vulnerability could allow unauthorized attackers to gain elevated privileges through...

WordPress plugin Webmention 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

FastMCP 安全漏洞

FastMCP is a MCP server building software developed by Jeremiah Lowin. Versions of FastMCP prior to 3.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of URL encoding for path parameters, which could lead to credential-stealing request forge attacks...

PT-2026-29907

Name of the Vulnerable Software and Affected Versions Azure Databricks affected versions not specified Description Server-side request forgery ssrf in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information abou...

CVE-2026-34383

Admidio is an open-source user management solution. Prior to version 5.0.8, the inventory module's itemsave endpoint accepts a user-controllable POST parameter imported that, when set to true, completely bypasses both CSRF token validation and server-side form validation. An authenticated user ca...

CVE-2026-34740

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the EPG Electronic Program Guide link feature in AVideo allows authenticated users with upload permissions to store arbitrary URLs that the server fetches on every EPG page visit. The URL is validated only with PHP's...

CVE-2026-34367

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Invoice PDF generation module. User-supplied HTML in the invoice Notes field i...

Server-side Request Forgery (SSRF)

Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the visit endpoint of the /api/search process. An attacker can access internal network resources and retrieve their responses by submitting specially...

EUVD-2026-18011

Payload has Authenticated SSRF via Upload Functionality...

GHSA-C4XJ-X7P8-3X7Q AVideo: CSRF on emailAllUsers.json.php Enables Mass Phishing Email to All Users

Summary The AVideo endpoint objects/emailAllUsers.json.php allows administrators to send HTML emails to every registered user on the platform. While the endpoint verifies admin session status, it does not validate a CSRF token. Because AVideo sets SameSite=None on session cookies, a cross-origin...

CVE-2026-34515

CVE-2026-34515 affects the AIOHTTP framework prior to 3.13.4. On Windows, the static resource handler could expose information about a NTLMv2 remote path, enabling UNC SSRF and potential credential exposure or local file read. The issue has been fixed in version 3.13.4. The CVE entry (CVE-2026-34...

CVE-2026-34746

CVE-2026-34746 concerns Payload CMS, specifically an authenticated Server-Side Request Forgery (SSRF) in the upload functionality present before version 3.79.1. The vulnerability requires an authenticated user with create or update access to an upload-enabled collection and could cause the server...

CVE-2026-34076

Clerk JavaScript is the official JavaScript repository for Clerk authentication. In @clerk/hono from versions 0.1.0 to before 0.1.5, @clerk/express from versions 2.0.0 to before 2.0.7, @clerk/backend from versions 3.0.0 to before 3.2.3, and @clerk/fastify from versions 3.1.0 to before 3.1.5, the...

CVE-2026-34163

FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's MCP Model Context Protocol tools endpoints /api/core/app/mcpTools/getTools and /api/core/app/mcpTools/runTool accept a user-supplied URL parameter and make server-side HTTP requests to it without validating whether the...

CVE-2026-34076 Clerk JavaScript: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host

Clerk JavaScript is the official JavaScript repository for Clerk authentication. In @clerk/hono from versions 0.1.0 to before 0.1.5, @clerk/express from versions 2.0.0 to before 2.0.7, @clerk/backend from versions 3.0.0 to before 3.2.3, and @clerk/fastify from versions 3.1.0 to before 3.1.5, the...

CVE-2026-34076

The CVE-2026-34076 issue is a SSRF in Clerk JavaScript’s opt-in clerkFrontendApiProxy feature. Affected packages and fix versions are: @clerk/backend (3.0.0–3.2.2; fixed in 3.2.3), @clerk/express (2.0.0–2.0.6; fixed in 2.0.7), @clerk/hono (0.1.0–0.1.4; fixed in 0.1.5), and @clerk/fastify (3.1.0–3...

CVE-2026-20041 Cisco Nexus Dashboard Server Side Request Forgery Vulnerability

A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attack...