CVE-2026-53754

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach...

CVE-2026-54018

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the SafePlaywrightURLLoader implements a validateurl function to prevent SSRF attacks by checking the IP address of the user-provided URL. However, this validation is performed only ...

EUVD-2026-38567

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through...

CVE-2026-54018

Open WebUI (self-hosted offline AI) contains SSRF protection bypass in the Playwright Web Loader prior to version 0.9.6. The validator checks only the initial URL; Playwright follows redirects (301/302) by default, allowing an attacker-supplied URL that redirects to internal addresses (e.g., loca...

Spring Cloud Netflix - Server-Side Request Forgery

Spring Cloud Netflix 2.2.x prior to 2.2.4, 2.1.x prior to 2.1.6, and older unsupported versions are susceptible to server-side request forgery. Applications can use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. An attacke...

Stirling-PDF SSRF via Markdown

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security...

XStream <1.4.18 - Server-Side Request Forgery

XStream before 1.4.18 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream with a Java runtime version 14 to 8. This makes it possible to obtain sensitive information, modify...

Geoserver - Server-Side Request Forgery

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows server-side request forgery via the option for setting a proxy host. id: CVE-2021-40822 info: name: Geoserver - Server-Side Request Forgery author: For3stCo1d,aringo-bf severity: high description: GeoServer through 2.18.5 and 2.19.x throug...

Alibaba Sentinel - Server-side request forgery (SSRF)

There is a Pre-Auth SSRF vulnerability in Alibaba Sentinel version 1.8.2, which allows remote unauthenticated attackers to perform SSRF attacks via the /registry/machine endpoint through the ip parameter. id: CVE-2021-44139 info: name: Alibaba Sentinel - Server-side request forgery SSRF author:...

W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read / Directory Traversal

WordPress plugin W3 Total Cache before version 0.9.4 allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data via pub/sns.php. id: CVE-2019-6715 info: name: W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read / Directory Traversal autho...

GitLab Enterprise Edition - Server-Side Request Forgery

An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue. id: CVE-2019-6793 info: name: GitLab Enterprise Edition - Server-Side Request Forgery author:...

Gradio - Server Side Request Forgery

An SSRF Server-Side Request Forgery vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the...

DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery

DotNetNuke aka DNN before 9.2.0 suffers from a server-side request forgery vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources. id: CVE-2017-0929 info: name: DotNetNuke DNN ImageHandler 9.2.0 - Server-Side Request Forgery author...

Arcane <= 1.17.2 - Server-Side Request Forgery

Arcane = 1.17.3 contains an unauthenticated server-side request forgery caused by lack of URL scheme and host validation in /api/templates/fetch endpoint, letting remote attackers perform SSRF, exploit requires no authentication. id: CVE-2026-40242 info: name: Arcane = 1.17.2 - Server-Side Reques...

Next.js - Server Side Request Forgery (SSRF)

Next.Js, inferior to version 14.1.1, have its image optimization built-in component prone to SSRF. id: CVE-2024-34351 info: name: Next.js - Server Side Request Forgery SSRF author: righettod severity: high description: | Next.Js, inferior to version 14.1.1, have its image optimization built-in...

Sophos Mobile managed on-premises - XML External Entity Injection

An XML External Entity XXE vulnerability allows server-side request forgery SSRF and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. id: CVE-2022-3980 info: name: Sophos Mobile managed on-premises - XML External Entity Injection author: dabla...

HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11 are susceptible to server-side request forgery. When redirects are returned by HTTP health check endpoints, Consul follows these HTTP redirects by default. An attacker can possibly obtain sensitive information, modify data,...

Drawio <18.1.2 - Server-Side Request Forgery

Drawio before 18.1.2 is susceptible to server-side request forgery via the /service endpoint in jgraph/drawio. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-1815 info: nam...

Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery

The Shibboleth Identity Provider OIDC OP plugin before 3.0.4 is vulnerable to server-side request forgery SSRF due to insufficient restriction of the requesturi parameter, which allows attackers to interact with arbitrary third-party HTTP services. id: CVE-2022-24129 info: name: Shibboleth OIDC O...

Formcraft3 <3.8.28 - Server-Side Request Forgery

Formcraft3 before version 3.8.2 does not validate the URL parameter in the formcraft3get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users. id: CVE-2022-0591 info: name: Formcraft3 3.8.28 - Server-Side Request Forgery author: Akincibor,j4vaovo severit...