CVE-2026-0560

Summary of the vulnerability (CVE-2026-0560): In parisneo/lollms

Server-side Request Forgery (SSRF)

Overview @openclaw/mattermost is an OpenClaw Mattermost channel plugin Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch process in multiple channel extensions when outbound requests are made to configured base URLs without proper validation. An...

OpenClaw: SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions (Incomplete Fix for CVE-2026-28476)

Summary SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions Incomplete Fix for CVE-2026-28476 Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24...

CVE-2026-31943

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, isPrivateIP in packages/api/src/auth/domain.ts fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests ...

CVE-2026-5016

A vulnerability was identified in elecV2 elecV2P up to 3.8.3. This affects the function eAxios of the file /mock of the component URL Handler. Such manipulation of the argument req leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly availabl...

CVE-2025-15604

Amon2 versions before 6.17 for Perl use an insecure randomstring implementation for security functions. In versions 6.06 through 6.16, the randomstring function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 has...

SUSE CVE-2026-2455

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation which allows an attacker to perform SSRF attacks against internal services via IPv4-mapped IPv6 literals e.g., ::ffff:127.0.0.1.. Mattermost...

CVE-2026-33766

WWBN AVideo is an open source video platform. In versions up to and including 26.0, isSSRFSafeURL validates URLs against private/reserved IP ranges before fetching, but urlgetcontents follows HTTP redirects without re-validating the redirect target. An attacker can bypass SSRF protection by...

CVE-2026-22742

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery SSRF vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests...

Server-Side Request Forgery (SSRF)

saloonphp/saloon is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of request endpoints allowing absolute URLs to override the base URL, which allows an attacker to redirect requests to malicious hosts and potentially exfiltrate sensitive data such...

CVE-2026-30637

Server-Side Request Forgery SSRF vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to internal services or any remote server...

CVE-2025-12886 Oxygen <= 6.0.8 - Unauthenticated Server-Side Request Forgery via route_path

The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laboratorcalcroute AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web applicati...

SUSE CVE-2026-33206

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a path traversal vulnerability exists in Calibre' handling of images in Markdown and other similar text-based files allowing an attacker to include arbitrary files from the...

SUSE CVE-2026-33619

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to POST /tasks with a user-controlled callbackUrl, the v0.8.3...

SUSE CVE-2026-33675

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the migration helper functions DownloadFile and DownloadFileWithHeaders in pkg/modules/migration/helpers.go make arbitrary HTTP GET requests without any SSRF protection. When a user triggers a Todoist or Trell...

websec-payloads

Web Security Payloads & Exploitation Reference Comprehensiv...

CVE-2026-33537

Lychee is a free, open-source photo-management tool. The patch introduced for GHSA-cpgw-wgf3-xc6v SSRF via Photo::fromUrl contains an incomplete IP validation check that fails to block loopback addresses and link-local addresses. Prior to version 7.5.1, an authenticated user can still reach...

CVE-2026-33619

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to POST /tasks with a user-controlled callbackUrl, the v0.8.3...

CVE-2026-33682

Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...

CVE-2026-33992 pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery SSRF attacks. An authenticated attacker can exploit this to access internal network service...