CVE-2026-33321 OpenEMR has Out-of-Band Server-Side Request Forgery (OOB SSRF)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An Out-of-Band Server-Side...

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webSiteRootURL parameter in the saveDVR.json.php endpoint. An attacker can cause the server to make arbitrary HTTP request...

GHSA-Q485-CG9Q-XQ2R Improper Authentication and Origin Validation Error in pyload-ng

Summary A Host Header Spoofing vulnerability in the @localcheck decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints, enabling attackers to remotely queue arbitrary downloads, leading to Server-Side Request...

AVideo Affected by SSRF in BulkEmbed Thumbnail Fetch Allows Reading Internal Network Resources

Summary The BulkEmbed plugin's save endpoint plugin/BulkEmbed/save.json.php fetches user-supplied thumbnail URLs via urlgetcontents without SSRF protection. Unlike all six other URL-fetching endpoints in AVideo that were hardened with isSSRFSafeURL, this code path was missed. An authenticated...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the HTTP request handling process. An attacker can execute unauthorized actions by sending crafted cross-site POST requests with a CORS-safelisted Content-Type, bypassing origin and content-type...

EUVD-2025-208875

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of...

Microsoft Exchange Elevation of Privilege Vulnerability

Server-side request forgery ssrf in Microsoft Exchange allows an authorized attacker to elevate privileges over a network...

CVE-2025-71258

BMC FootPrints ITSM versions 20.20.02–20.24.01.001 contain a Server-Side Request Forgery (SSRF) in the /footprints/servicedesk/import/searchWeb endpoint. The url parameter enables unauthenticated attackers to force the server to access arbitrary URLs, potentially reaching internal services and im...

CVE-2026-3511

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF Server Side Request Forgery attacks and obtain unauthorized access to local files on filesystems running the vulnerable...

CVE-2026-4068 Add Custom Fields to Media <= 2.0.3 - Cross-Site Request Forgery to Custom Field Deletion via 'delete' Parameter

The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.3. This is due to missing nonce validation on the field deletion functionality in the admin display template. The plugin properly validates a nonce for the 'ad...

CVE-2026-4068 Add Custom Fields to Media <= 2.0.3 - Cross-Site Request Forgery to Custom Field Deletion via 'delete' Parameter

The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.3. This is due to missing nonce validation on the field deletion functionality in the admin display template. The plugin properly validates a nonce for the 'ad...

WordPress Nelio Content plugin <= 4.3.1 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Steven Julian in WordPress Plugin Nelio Content versions = 4.3.1...

Duplicate Advisory: web_search citation redirect SSRF via private-network-allowing policy

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g99v-8hwm-g76g. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in websearch citation redirec...

CVE-2026-31989

OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in websearch citation redirect resolution that uses a private-network-allowing SSRF policy. An attacker who can influence citation redirect targets can trigger internal-network requests from the OpenClaw host ...

CVE-2026-31989

OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in websearch citation redirect resolution that uses a private-network-allowing SSRF policy. An attacker who can influence citation redirect targets can trigger internal-network requests from the OpenClaw host ...

CVE-2026-31989

CVE-2026-31989 affects OpenClaw versions prior to 2026.3.1, which contain a server-side request forgery (SSRF) vulnerability in the web_search citation redirect resolution. The issue relies on a private-network-allowing policy, enabling an attacker who can influence citation redirect targets to i...

CVE-2026-30404

The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery SSRF vulnerability. This issue can be exploited to make the server send requests to probe the internal network, remotely download malicious files, and perform other dangerous operations...

PT-2026-26363

Name of the Vulnerable Software and Affected Versions Azure Cloud Shell affected versions not specified Description A server-side request forgery SSRF issue exists in Azure Cloud Shell. This allows an unauthorized attacker to elevate privileges over a network. Server-side request forgery is a web...

PT-2026-26355

Microsoft 365 Copilot BizChat Elevation of Privilege Vulnerability CVE: CVE-2026-26137 PT-Identifier: PT-2026-26355 Vendor: Microsoft Product: Microsoft 365 Copilot's Business Chat CVSS: 8.9 Credits: n/a Description: Server-side request forgery ssrf in Microsoft 365 Copilot's Business Chat allows...

PT-2026-26478

Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev97 Description A Host Header Spoofing issue in the @local check decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints,...