CVE-2024-50337

Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28...

CVE-2026-1273 PostX <= 5.0.8 - Authenticated (Administrator+) Server-Side Request Forgery via REST API Endpoints

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.8 via the /ultp/v3/starterdummypost/ and /ultp/v3/starterimportcontent/ REST API endpoints. This makes it possible...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the notifier functionality. An attacker can enumerate internal services by supplying arbitrary URLs, causing the application to send HTTP POST requests and observing UI behavior differences based on...

PT-2026-23032

Name of the Vulnerable Software and Affected Versions @opennextjs/cloudflare affected versions not specified Description A Server-Side Request Forgery SSRF issue exists in the @opennextjs/cloudflare package. This is due to a path normalization bypass in the /cdn-cgi/image/ handler. Specifically,...

PT-2026-23113

Name of the Vulnerable Software and Affected Versions Drupal OpenID Connect / OAuth client versions prior to 1.5.0 Description A Server-Side Request Forgery SSRF issue exists in the OpenID Connect / OAuth client module of Drupal. This flaw stems from insufficient validation of data received from...

OpenID Connect / OAuth client - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-025

This module enables you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a new Drupal user will be created. The module doesn't sufficiently validate certain fields coming fro...

Server-side Request Forgery (SSRF)

Overview @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via inconsistent enforcement of host and DNS policies in the media fetch process. An attacker can access internal network resources or...

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the writeUrlToFile function. An attacker can access internal network resources or perform unauthorized network requests by supplying crafted URLs in t...

OpenClaw's MSTeams attachment redirect handling could bypass configured media host allowlists

Summary In OpenClaw MSTeams media download flows, redirect handling could bypass configured mediaAllowHosts checks in specific attachment paths. Redirect chains were not consistently constrained to allowlisted targets before accepting fetched content. Affected Packages / Versions - Package:...

Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

Sau Hack The Box – Sau Writeup Overview Sau is an...

CVE-2025-58405

The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frame‑busting protections were detected. As a result, an attacker can embed the application inside a maliciously crafted IFRAME and trick users into...

BIT-ELK-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)

Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...

CVE-2026-2269

CVE-2026-2269 The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Server-Side Request Forgery (SSRF) in all versions up to and including 7.0.0.3, via the download_url() function. This allows an authenticated attacker with Adminis...

Red Hat Quay 安全漏洞

Red Hat Quay is a distributed container image repository provided by the American company Red Hat. It is primarily used for building, distributing, and deploying containers. Red Hat Quay has a security vulnerability, which stems from a web interface vulnerability involving server request forgery...

OpenText Filr 安全漏洞

OpenText Filr is a file sharing and synchronization solution provided by OpenText Corporation in Canada. Versions of OpenText Filr prior to 25.1.2 have a security vulnerability caused by lack of authorization. This vulnerability allows unauthenticated users to obtain XSRF tokens and make RPC call...

Trend Micro Apex Central Manual Update Server-Side Request Forgery Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of URLs in the Manual Update feature. By providing a crafted...

Trend Micro Apex Central Scheduled Update Server-Side Request Forgery Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of URLs in the Scheduled Update feature. By providing a crafte...

Trend Micro Apex Central Hub Server Server-Side Request Forgery Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of hub server URLs. By providing a crafted URL, an attacker ca...

GHSA-G99V-8HWM-G76G OpenClaw has web_search citation redirect SSRF via private-network-allowing policy

Summary Gemini websearch citation redirect resolution used a private-network-allowing SSRF policy. A citation URL redirect could target loopback/private/internal destinations and be fetched by the gateway. Impact An attacker who can influence citation redirect targets could trigger internal-netwo...

GHSA-VPJ2-69HF-RPPW OpenClaw: Browser control startup could continue unauthenticated after auth bootstrap failure

Summary When browser control started without explicit auth credentials, OpenClaw attempted to bootstrap auth automatically. In affected versions, if that bootstrap step threw an error, startup could continue and expose browser-control routes without authentication. Impact On affected deployments,...