10754 matches found
Server-side Request Forgery (SSRF)
Overview google-search-mcp is a Google Search MCP Server for Claude Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the extractContent function. An attacker can access internal resources or perform unauthorized requests by supplying crafted URLs to the...
GHSA-VXG2-HHGR-37FX Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages
An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts...
CVE-2026-35540
An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts...
PT-2026-30015
Name of the Vulnerable Software and Affected Versions Ech0 versions prior to 4.2.8 Description The GET /api/website/title endpoint is susceptible to Server-Side Request Forgery SSRF. The endpoint accepts an arbitrary URL via the website url query parameter and makes a server-side HTTP request to ...
PT-2026-30271
Name of the Vulnerable Software and Affected Versions curl cffi affected versions not specified Description curl cffi does not restrict requests to internal IP ranges and automatically follows redirects via libcurl. This allows an attacker-controlled URL to redirect requests to internal services,...
Linux Distros Unpatched Vulnerability : CVE-2026-33990
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF...
CVE-2026-34746
Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery SSRF vulnerability exists in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the serve...
Security Bulletin: IBM WebSphere Application Server Liberty is affected by server-side request forgery (CVE-2026-1561)
Summary IBM WebSphere Application Server Liberty is affected by server-side request forgery with the samlWeb-2.0 feature enabled. Vulnerability Details CVEID:CVE-2026-1561 DESCRIPTION: IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery SSRF. This may allow remot...
CVE-2026-34590 Postiz: SSRF via Webhook Creation Endpoint Missing URL Safety Validation
Postiz is an AI social media scheduling tool. Prior to version 2.21.4, the POST /webhooks/ endpoint for creating webhooks uses WebhooksDto which validates the url field with only @IsUrl format check, missing the @IsSafeWebhookUrl validator that blocks internal/private network addresses. The updat...
CVE-2026-34526 SillyTavern: Incomplete IP validation in /api/search/visit allows SSRF via localhost and IPv6
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, in src/endpoints/search.js, the hostname is checked against /^\d+.\d+.\d+.\d+$/. This...
CVE-2026-32871
FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend service. A vulnerabilit...
a11y-mcp: Server-Side Request Forgery (SSRF) vulnerability in A11yServer function
A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the file src/index.js. The manipulation results in server-side request forgery. The attack must be initiated from a local position. The exploit has been made public and could be use...
Docker Desktop < 4.67.0 SSRF (CVE-2026-33990)
The version of Docker Desktop installed on the remote host is prior to 4.67.0. It is, therefore, affected by a server-side request forgery SSRF vulnerability: - Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows t...
CVE-2026-34740
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the EPG Electronic Program Guide link feature in AVideo allows authenticated users with upload permissions to store arbitrary URLs that the server fetches on every EPG page visit. The URL is validated only with PHP's...
GHSA-6R7F-Q7F5-WPX8 Payload has Authenticated SSRF via Upload Functionality
Impact An authenticated Server-Side Request Forgery SSRF vulnerability existed in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the server to make outbound HTTP requests to arbitrary URLs. Consumers are affected if ALL of...
CVE-2026-34746 Payload has Authenticated SSRF via Upload Functionality
Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery SSRF vulnerability exists in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the serve...
CVE-2026-34746 Payload has Authenticated SSRF via Upload Functionality
Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery SSRF vulnerability exists in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the serve...
CVE-2026-33990
Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...
CVE-2026-20041
A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attack...
UBUNTU-CVE-2026-33990
Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...