CVE-2026-27808 Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API

Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...

GO-2026-4545 esm.sh is vulnerable to full-response SSRF in github.com/esm-dev/esm.sh

esm.sh is vulnerable to full-response SSRF in github.com/esm-dev/esm.sh...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /https route handler. An attacker can access internal network resources and retrieve sensitive information by supplying a crafted domain that resolves to a loopback or private IP address, thereby...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /https route handler. An attacker can access internal network resources and retrieve sensitive information by supplying a crafted domain that resolves to a loopback or private IP address, thereby...

GHSA-P2V6-84H2-5X4R esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route

Summary An SSRF vulnerability CWE-918 exists in esm.sh’s /https fetch route. The service tries to block localhost/internal targets, but the validation is based on hostname string checks and can be bypassed using DNS alias domains for example, 127.0.0.1.nip.io resolving to 127.0.0.1. This allows a...

Server-side Request Forgery (SSRF)

Overview @schematics/angular is a Schematics specific to Angular Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request handling pipeline due to improper validation of user-controlled HTTP headers such as Host and X-Forwarded-. An attacker can redirec...

Server-side Request Forgery (SSRF)

Overview @angular/build is an Official build system for Angular Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request handling pipeline due to improper validation of user-controlled HTTP headers such as Host and X-Forwarded-. An attacker can redirect...

EUVD-2026-8695

Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline...

changedetection.io is Vulnerable to SSRF via Watch URLs

Summary Changedetection.io is vulnerable to Server-Side Request Forgery SSRF because the URL validation function issafevalidurl does not validate the resolved IP address of watch URLs against private, loopback, or link-local address ranges. An authenticated user or any user when no password is...

EUVD-2026-8527

AVideo has Authenticated Server-Side Request Forgery via downloadURL in aVideoEncoder.json.php...

AVideo has Authenticated Server-Side Request Forgery via downloadURL in aVideoEncoder.json.php

Vulnerability Type Authenticated Server-Side Request Forgery SSRF Affected Product/Versions AVideo versions prior to 22 tested on AVideo 21.x. Root Cause Summary The aVideoEncoder.json.php API endpoint accepts a downloadURL parameter and fetches the referenced resource server-side without proper...

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadURL parameter in the aVideoEncoder.json.php process. An attacker can access internal resources and retrieve...

CVE-2026-24005 OpenKruise PodProbeMarker is Vulnerable to SSRF via Unrestricted Host Field

Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since...

EUVD-2026-8690

A weakness has been identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This vulnerability affects unknown code of the file /api/admin/common/files/download. Executing a manipulation of the argument url can lead to server-side request forgery. The attack can be executed remotely. Attacks ...

EUVD-2026-8710

OpenKruise PodProbeMarker is Vulnerable to SSRF via Unrestricted Host Field...

CVE-2026-27795

LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery SSRF bypass exists in RecursiveUrlLoader in @langchain/community. The loader validates the initial URL but allows the underlying fetch to follow redirects...

CVE-2026-27706

Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery SSRF vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the...

CVE-2026-27730

esm.sh is a no-build content delivery network CDN for web development. Versions up to and including 137 have an SSRF vulnerability CWE-918 in esm.sh’s /https fetch route. The service tries to block localhost/internal targets, but the validation is based on hostname string checks and can be bypass...

CVE-2025-50180

esm.sh is a no-build content delivery network CDN for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Version 137 fixes the vulnerability...

CVE-2026-27732

WWBN AVideo is an open source video platform. Prior to version 22.0, the aVideoEncoder.json.php API endpoint accepts a downloadURL parameter and fetches the referenced resource server-side without proper validation or an allow-list. This allows authenticated users to trigger server-side requests ...