CVE-2026-22048

StorageGRID (formerly StorageGRID Webscale) is affected in versions prior to 11.9.0.12 and 12.0.0.4 when Single Sign-On is enabled and configured to use Microsoft Entra ID as the IdP. An authenticated attacker with low privileges could exploit a Server-Side Request Forgery (SSRF) vulnerability to...

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the SSRF guard. An attacker can access internal network resources by submitting specially crafted IPv4-mapped IPv6 addresses that bypass IP...

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the gatewayUrl tool in the Gateway WebSocket client. An attacker can cause the host to initiate outbound WebSocket connections to arbitrary...

CVE-2025-36243

IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2025-36243

IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2026-26357

Dell Unisphere for PowerMax, version(s) 9.2.4.x , contains an Improper Neutralization of Input During Web Page Generation (XSS) vulnerability. A low-privilege, remote attacker could exploit this to execute malicious HTML/JavaScript in a victim's browser within the context of the vulnerable web ap...

OpenClaw affected by SSRF in Image Tool Remote Fetch

Summary A server-side request forgery SSRF vulnerability in the Image tool allowed attackers to force OpenClaw to make HTTP requests to arbitrary internal or restricted network targets. Affected Versions - npm: openclaw = 2026.2.1 Patched Versions - npm: openclaw 2026.2.2 and later Fix Commits -...

GHSA-56F2-HVWG-5743 OpenClaw affected by SSRF in Image Tool Remote Fetch

Summary A server-side request forgery SSRF vulnerability in the Image tool allowed attackers to force OpenClaw to make HTTP requests to arbitrary internal or restricted network targets. Affected Versions - npm: openclaw = 2026.2.1 Patched Versions - npm: openclaw 2026.2.2 and later Fix Commits -...

securiclaw

🦞 Securiclaw AI-Powered Code Security Scanner Securiclaw...

CVE-2026-23861

Dell Unisphere for PowerMax vApp, versions 9.2.4.x, contains an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML o...

CVE-2026-2556

A security vulnerability has been detected in cskefu up to 8.0.1. This issue affects some unknown processing of the file com/cskefu/cc/controller/resource/MediaController.java of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack may be...

PT-2026-20313

Name of the Vulnerable Software and Affected Versions Dell Unisphere for PowerMax vApp versions 9.2.4.x Description The software contains an Improper Neutralization of Input During Web Page Generation issue, also known as Cross-site Scripting. A low privileged attacker with remote access could...

PT-2026-23542

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.2 Description The software contains a server-side request forgery issue in attachment and media URL handling. This allows remote attackers to retrieve data from arbitrary HTTPS URLs. An attacker who can contro...

WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 4.1.7 - Authenticated (Author+) Server-Side Request Forgery vulnerability

Authenticated Author+ Server-Side Request Forgery vulnerability discovered by Nex Team in WordPress Plugin Auto Featured Image Auto Post Thumbnail versions = 4.1.7...

EUVD-2026-6089

A security vulnerability has been detected in cskefu up to 8.0.1. This issue affects some unknown processing of the file com/cskefu/cc/controller/resource/MediaController.java of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack may be...

WordPress Converter for Media - Optimize images | Convert WebP & AVIF plugin <= 6.5.1 - Unauthenticated Server-Side Request Forgery via src vulnerability

WordPress Converter for Media - Optimize images | Convert WebP & AVIF plugin = 6.5.1 - Unauthenticated Server-Side Request Forgery via src vulnerability discovered by Lucas Montes NiRoX in WordPress Plugin Converter for Media versions = 6.5.1...

GHSA-6XW9-2P64-7622 MindsDB affected by a SSRF vulnerability

A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clearfilename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The...

Server-side Request Forgery (SSRF)

Overview MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the spliturl function in the mindsdb/utilities/security.py component. An attacker can bypass blocklist-based...

CVE-2026-2531 MindsDB File Upload security.py clear_filename server-side request forgery

A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clearfilename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The...

PT-2026-8308

A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embedding config.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to...