Rebuild <= 3.5.5 - Server-Side Request Forgery

There is a security vulnerability in Rebuild 3.5.5, which is due to a server-side request forgery vulnerability in the URL parameter of the readRawText function of the HTTP Request Handler component. id: CVE-2024-1021 info: name: Rebuild = 3.5.5 - Server-Side Request Forgery author: BMCel severit...

WordPress Canto 1.3.0 - Blind Server-Side Request Forgery

WordPress Canto plugin 1.3.0 is susceptible to blind server-side request forgery. An attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized administrative...

SAP Solution Manager 7.2 - Remote Command Execution

SAP Solution Manager SolMan running version 7.2 has a remote command execution vulnerability within the SAP EEM servlet tcsmdagentapplicationeem. The vulnerability occurs due to missing authentication checks when submitting SOAP requests to the /EemAdminService/EemAdmin page to get information...

Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery

The Atlassian Jira IconUriServlet of the OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 contains a cross-site scripting vulnerability which allows remote attackers to access the content of internal network resources and/or perform an attack via...

Oracle Business Intelligence/XML Publisher - XML External Entity Injection

Oracle Business Intelligence and XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 are vulnerable to an XML external entity injection attack. id: CVE-2019-2616 info: name: Oracle Business Intelligence/XML Publisher - XML External Entity Injection author: pdteam severity: high description: Oracle...

WordPress Social Warfare <3.5.3 - Cross-Site Scripting

WordPress Social Warfare plugin before 3.5.3 contains a cross-site scripting vulnerability via the wp-admin/admin-post.php?swpdebug=loadoptions swpurl parameter, affecting Social Warfare and Social Warfare Pro. id: CVE-2019-9978 info: name: WordPress Social Warfare 3.5.3 - Cross-Site Scripting...

ChatGPT-Next-Web - SSRF/XSS

Full-Read SSRF/XSS in NextChat, aka ChatGPT-Next-Web id: CVE-2023-49785 info: name: ChatGPT-Next-Web - SSRF/XSS author: high severity: critical description: | Full-Read SSRF/XSS in NextChat, aka ChatGPT-Next-Web impact: | Unauthenticated attackers can exploit SSRF vulnerabilities through the...

Security Bulletin:IBM Spectrum Control is vulnerable to weaknesses related to axios (CVE-2025-62718, CVE-2026-40175)

Summary Axios is vulnerable to infrastructure tampering and Critical SSRF and exposure of private internal/loopback endpoints attacks. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser an...

CVE-2026-28385 SSRF via image import from URL allows internal network probing by authenticated users

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

CVE-2026-56663

AutoGPT (SendWebRequestBlock) prior to version 0.6.52 is vulnerable to a SSRF-to-RCE chain due to improper normalization of IPv4-mapped IPv6 addresses in _is_ip_blocked(), which fails to block IPv4-mapped addresses and special-use ranges (e.g., 100.64.0.0/10). An authenticated user can bypass pri...

CVE-2026-12975

CVE-2026-12975 affects Apicurio Registry. The flaw is in ContentTypeUtil.isParsableXml(), which creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission (or unauthenticated when the registry runs wit...

CVE-2026-55412 ToolJet Cloud - SSRF to Azure Cloud Infrastructure Compromise

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only...

CVE-2026-54033

LibreChat exposes an SSRF risk in its baseURL handling: prior to version 0.8.4-rc1, an authenticated user could set a custom OpenAI-compatible API endpoint baseURL and have requests constructed without SSRF validation (no private IP check, no scheme restriction, no DNS pinning). This allowed dire...

CVE-2026-57234

Nokogiri (Ruby) prior to 1.19.4 has a vulnerability in the JRuby implementation of the NONET option for Nokogiri::XML::Schema, where default options could trigger network fetches for external resources, enabling SSRF or XXE. The issue is tied to the NONET behavior set by default for schema parsin...

Adminer <4.7.9 - Server-Side Request Forgery

Adminer before 4.7.9 is susceptible to server-side request forgery due to exposure of sensitive information in error messages. Users of Adminer versions bundling all drivers, e.g. adminer.php, are affected. An attacker can possibly obtain this information, modify data, and/or execute unauthorized...

PT-2026-52216

⚠️⚠️ CVE-2026-20896 CVSS 9.8: Gitea Docker images default REVERSE PROXY TRUSTED PROXIES= — with reverse-proxy auth on, any IP can impersonate any user via X-WEBAUTH-USER. 🔗FOFA Link: https://t.co/w2rhVF9HFa 🎯244.5K+ Results are found on https://t.co/HSOBZfCA2r in the past year. FOFA Query:...

PT-2026-52217

Discover critical Gitea security flaws exposing servers to account takeovers and SSRF attacks. Read about CVE-2026-20896 and CVE-2026-22874 patches today. Gitea Cybersecurity CVE202620896 CVE202622874 Vulnerability https://t.co/nCAKq1ZLGW https://t.co/FB9mdQykMY...

CVE-2026-55454

Appsmith (prior to 2.1) exposes the bundled Caddy admin API without authentication inside the container, bound to 0.0.0.0:2019. Although not exposed to the host via docker-compose, it is reachable from the Appsmith server process and can be targeted via SSRF to issue admin-API calls (e.g., POST /...

CVE-2026-47267 Gogs: SSRF in webhook deliveries

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the fix for CVE-2022-1285 prevents adding webooks or running webhooks with URLs with a hostname that resolves in localCIDRs. However, webhooks still follow redirects allowing to access hostname inside localCIDRs. This vulnerability ...

CVE-2026-47389 Mastodon: SSRF protection bypass on older Ruby versions

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, when using Ruby versions older than 3.4, PrivateAddressCheck.privateaddress? returns false for IPv4-mapped IPv6 addresses ::ffff:a.b.c.d corresponding to some private IPv4 addresses,...