PT-2026-20682

Server-Side Request Forgery SSRF vulnerability in Alobaidi Extend Link extend-link allows Server Side Request Forgery.This issue affects Extend Link: from n/a through = 2.0.0...

CVE-2025-55853

SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery SSRF. The PDF converter function does not check if internal or external resources are requested in the uploaded files and allows for protocols such as http:// and file:///. This allows an attacker to upload an XML or HTM...

PT-2026-20946

Server-Side Request Forgery SSRF vulnerability in OpenText™ XM Fax allows Server Side Request Forgery. The vulnerability could allow an attacker to perform blind SSRF to other systems accessible from the XM Fax server. This issue affects XM Fax: 24.2...

WordPress Remove Post Type Slug plugin <= 1.0.2 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Remove Post Type Slug versions = 1.0.2...

WordPress Page Title, Description & Open Graph Updater plugin <= 1.02 - Cross-Site Request Forgery to Arbitrary Page Title Modification vulnerability

Cross-Site Request Forgery to Arbitrary Page Title Modification vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Page Title, Description & Open Graph Updater versions = 1.02...

CVE-2026-1999

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to access internal services bound to loopback or unspecified addresses, potentially disrupting background job processing, accessing administrative endpoints, metrics, and...

CVE-2025-70062

PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery CSRF vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create arbitrary Doctor accounts privileged users ...

OpenClaw has two SSRF via sendMediaFeishu and markdown image fetching in Feishu extension

Summary The Feishu extension could fetch attacker-controlled remote URLs in two paths without SSRF protections: - sendMediaFeishumediaUrl - Feishu DocX markdown image URLs write/append - image processing Affected versions - = 2026.2.14 Impact If an attacker can influence tool calls directly or vi...

Server-side Request Forgery (SSRF)

Overview smolagents is a 🤗 smolagents: a barebones library for agents. Agents write python code to call tools or orchestrate other agents. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via requests.post in LocalPythonExecutor, which doesn't filter outgoing...

CVE-2026-2654

A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the component LocalPythonExecutor. Executing a manipulation can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made...

CVE-2026-2112

The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce verification on the pending comment deletion action in the cleanup page. This makes it possible for unauthenticated attackers to delete all pendi...

CVE-2026-1857 Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the endpoint parameter in the getitems function of the GetResponse REST API handler. The endpoint's...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webhooks process. An attacker can access internal network resources and extract sensitive information by submitting crafted webhook URLs that resolve to internal IP addresses, causing the server ...

GHSA-PG2V-8XWH-QHCC OpenClaw affected by SSRF in optional Tlon (Urbit) extension authentication

Summary The optional Tlon Urbit extension previously accepted a user-provided base URL for authentication and used it to construct an outbound HTTP request, enabling server-side request forgery SSRF in affected deployments. Impact This only affects deployments that have installed and configured t...

GHSA-3FQR-4CG8-H96Q OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints

Summary Browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins. Impact A malicious website can trigger unauthorized...

WordPress plugin WP Plugin Info Card 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

NetApp StorageGRID 安全漏洞

NetApp StorageGRID is a object storage solution developed by the American network device company NetApp. Versions of NetApp StorageGRID prior to 11.9.0.12 and 12.0.0.4 contained security vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability when...

PT-2026-23529

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description The Feishu extension in OpenClaw is susceptible to server-side request forgery SSRF. This allows attackers to retrieve content from attacker-controlled remote URLs without proper SSRF protection...

WordPress Keybase.io Verification plugin <= 1.4.5 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Keybase.io Verification versions = 1.4.5...

CVE-2026-22048

StorageGRID formerly StorageGRID Webscale versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID formerly Azure AD as an IdP are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an authenticated...