PT-2026-22062

Name of the Vulnerable Software and Affected Versions Astro versions 9.0.0 through 9.5.3 Description Astro’s image pipeline contains a flaw that allows bypassing image.domains / image.remotePatterns restrictions, enabling the server to fetch content from unauthorized remote hosts. The inferSize...

PT-2026-21942

Name of the Vulnerable Software and Affected Versions Plane versions prior to 1.2.2 Description A Server-Side Request Forgery SSRF flaw exists in the "Add Link" feature of Plane, allowing an authenticated attacker with general user privileges to send arbitrary GET requests to the internal network...

Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-012

This module allows site builders to create so-called "themerule" config entities. These theme rules can render pages with different themes than the default when certain conditions match. The module uses simple GET request to disable or enable theme rules, which allows attackers to disable or enab...

PT-2026-21944

Name of the Vulnerable Software and Affected Versions feiyuchuixue sz-boot-parent versions through 1.3.2-beta Description A weakness exists in feiyuchuixue sz-boot-parent up to version 1.3.2-beta. This issue affects unknown code within the /api/admin/common/files/download file. Manipulation of th...

mail/mailpit -- Server-Side Request Forgery (SSRF) via Link Check API

Mailpit author reports: The Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering private/internal IP addresses. The response returns status...

PT-2026-21979

Name of the Vulnerable Software and Affected Versions Kruise versions prior to 1.8.3 Kruise versions prior to 1.7.5 Description Kruise allows automated management of applications on Kubernetes. A flaw exists in the PodProbeMarker functionality where the webhook validation does not restrict the...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the adminLoad.handleLoad process. An attacker can modify the running configuration and alter server behavior by sending cross-origin requests to the local admin API when origin enforcement is not...

Server-side Request Forgery (SSRF)

Overview payload is a Node, React and MongoDB Headless CMS and Application Framework Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the external file upload endpoint due to insufficient validation of HTTP redirects. An attacker can access internal network...

GHSA-HHFX-5X8J-F5F6 Payload: Server-Side Request Forgery (SSRF) in External File URL Uploads

Impact A Server-Side Request Forgery SSRF vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an authenticated attacker to access internal network resources. Users are affected ...

CVE-2026-27477

Mastodon CVE-2026-27477 describes an SSRF risk in the FASP feature: unauthenticated registration of a FASP with a base_url that can resolve to an internal address, when the server has EXPERIMENTAL_FEATURES including fasp enabled. Affected: Mastodon versions 4.4.0–4.4.13 and 4.5.0–4.5.6. Impact: s...

CVE-2026-27732 AVideo has Authenticated Server-Side Request Forgery via downloadURL in aVideoEncoder.json.php

WWBN AVideo is an open source video platform. Prior to version 22.0, the aVideoEncoder.json.php API endpoint accepts a downloadURL parameter and fetches the referenced resource server-side without proper validation or an allow-list. This allows authenticated users to trigger server-side requests ...

CVE-2026-27567 Payload has Server-Side Request Forgery (SSRF) in External File URL Uploads

Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery SSRF vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an...

CVE-2026-27567 Payload has Server-Side Request Forgery (SSRF) in External File URL Uploads

Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery SSRF vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an...

CVE-2026-27129

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation uses gethostbyname, which only resolves IPv4 addresses. When a hostname has only AAAA IPv6 records, the function returns the...

CVE-2026-27129

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation uses gethostbyname, which only resolves IPv4 addresses. When a hostname has only AAAA IPv6 records, the function returns the...

CVE-2026-27129

CVE-2026-27129 affects Craft CMS, where the SSRF protection in the GraphQL Asset mutation (versions 4.5.0-RC1–4.16.18 and 5.0.0-RC1–5.8.22) is bypassed due to using gethostbyname(), which only resolves IPv4. If a host has only IPv6 (AAAA) records, the function returns the hostname, causing blockl...

CVE-2026-25545

Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect...

EUVD-2026-7455

Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect...

📄 SPIP Blind Server-Side Request Forgery

SPIP versions prior to 4.4.9 suffers from a blind server-side request forgery vulnerability within the private administration interface. ============================================================================================================================================= | Title : SPIP 4.4...

Astro 代码问题漏洞

Astro is a content-driven website framework developed by Astro OpenSource. Versions of Astro prior to 9.5.4 had code vulnerabilities. These vulnerabilities stemmed from server-side rendering of pages, where errors were handled through server-side request forgeing, potentially allowing attackers t...