Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs

Security vulnerabilities were uncovered in the popular open-source artificial intelligence AI framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization. Zafran Security said the high-severity flaws, collectively...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the createDocWithMd function, where unsanitized input in the markdown parameter is passed to downstream processing functions. An attacker can access arbitrary files on the server or interact with...

GHSA-CV54-7WV7-QXCW SiYuan vulnerable to Arbitrary file Read / SSRF

Summary Markdown feature allows unrestricted server side html-rendering which allows arbitary file read LFD and fully SSRF access We in @0xL4ugh @abdoghazy2015, @xtromera, @A-z4ki, @ZeyadZonkorany and @KarimTantawey During playing Null CTF 2025 that helps us solved a challenge with unintended way...

Mailpit has a Server-Side Request Forgery (SSRF) via HTML Check API

Server-Side Request Forgery SSRF via HTML Check CSS Download The HTML Check feature /api/v1/message/ID/html-check is designed to analyze HTML emails for compatibility. During this process, the inlineRemoteCSS function automatically downloads CSS files from external tags to inline them for testing...

📄 Backdrop CMS 1.29.2 CSRF / XSS / Privilege Escalation

Proof of concept exploit that demonstrates how Backdrop CMS version 1.29.2 suffers from cross site request forgery, persistent cross site scripting, and privilege escalation vulnerabilities...

Konica Bizhub Multifunction Printers Server-Side Request Forgery (CVE-2024-51981)

An unauthenticated attacker may perform a blind server side request forgery SSRF, due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control al...

CVE-2026-1169

A security vulnerability has been detected in birkir prime up to 0.4.0.beta.0. This vulnerability affects unknown code. Such manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of...

WordPress Frontis Blocks plugin <= 1.1.5 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Frontis Blocks versions = 1.1.5...

CVE-2026-1051

The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hooknewsletteraction function. This makes it possible for unauthenticated...

CVE-2026-22219

Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy...

CVE-2026-22219

Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy...

MiracleLinux 7 : xstream-1.3.1-16.el7 (AXSA:2021-2499:04)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2499:04 advisory. xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl CVE-2021-39139 xstream: Arbitrary code execution via...

MiracleLinux 8 : varnish:6 (AXSA:2022-4527:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4527:01 advisory. varnish: Request Forgery Vulnerability CVE-2022-45060 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 9 : varnish-6.6.2-2.el9.1 (AXSA:2023-4930:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4930:01 advisory. varnish: Request Forgery Vulnerability CVE-2022-45060 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

CVE-2026-22219

Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the inlineRemoteCSS function during the HTML email analysis process. An attacker can cause the server to make arbitrary HTTP requests to external resources by supplying crafted HTML emails containing...

CVE-2026-23845

Mailpit (github.com/axllent/mailpit) is affected by SSRF via the HTML Check API. The HTMLCheck flow processes HTML emails by inlining external CSS files through inlineRemoteCSS(), which fetches URLs found in tags. Root cause: insufficient URL validation and unrestricted external fetching in isUR...

Server-side Request Forgery (SSRF)

Overview weasyprint is a The Awesome Document Factory Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the defaulturlfetcher function. An attacker can access internal network resources by exploiting automatic HTTP redirects that are not re-validated against...

CVE-2025-68616

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery SSRF protection bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata...

CVE-2025-68616 WeasyPrint Vulnerable to Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery SSRF protection bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata...