PT-2026-29684

A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the file src/index.js. The manipulation results in server-side request forgery. The attack must be initiated from a local position. The exploit has been made public and could be use...

PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback

Summary passthrough and apassthrough in praisonai accept a caller-controlled apibase parameter that is concatenated with endpoint and passed directly to httpx.Client.request when the litellm primary path raises AttributeError. No URL scheme validation, private IP filtering, or domain allowlist is...

EUVD-2026-17929

Improper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated user to perform server-side request forgery SSRF, potentially leading to information disclosure, via a crafted API request. This issue affects Server: from 2026.1.1 through...

CVE-2026-20041 Cisco Nexus Dashboard Server Side Request Forgery Vulnerability

A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attack...

CVE-2026-3881 Performance Monitor <= 1.0.6 - Unauthenticated Blind SSRF

The Performance Monitor WordPress plugin through 1.0.6 does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attacks...

EUVD-2026-17166

A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function filegetcontents. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used...

CVE-2026-5126 SourceCodester RSS Feed Parser file_get_contents server-side request forgery

A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function filegetcontents. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used...

PT-2026-29095

Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery SSRF in CheckDatabaseRequest.php...

Tautulli 代码问题漏洞

Tautulli is an open-source application developed by Tautulli for monitoring Plex Media Server. Versions of Tautulli prior to 2.17.0 had code vulnerabilities. These vulnerabilities stemmed from insufficient validation and restrictions on the img parameter in the /pmsimageproxy endpoint, which coul...

CrewAI 安全漏洞

CrewAI is an open-source code execution and analysis tool component developed by CrewAI. CrewAI has a security vulnerability, which stems from the RAG search tool failing to properly validate URLs, potentially leading to server-side request forgeing attacks...

CrewAI contains multiple vulnerabilities including SSRF, RCE and local file read

Overview Four vulnerabilities have been identified in CrewAI, including remote code execution RCE, arbitrary local file read, and server-side request forgery SSRF. CVE-2026-2275 is directly caused by the Code Interpreter Tool. The other three vulnerabilities result from improper default...

PT-2026-28730

Name of the Vulnerable Software and Affected Versions elecV2 elecV2P versions through 3.8.3 Description A server-side request forgery condition exists due to manipulation of the req argument within the eAxios function located in the /mock file of the URL Handler component. This allows for remote...

CVE-2026-33992

Summary of findings (CVE-2026-33992): The pyLoad project (and pyload-ng as referenced by multiple advisories) contains a server-side request forgery vulnerability in its download/addPackage path. The root cause is that the download engine accepts arbitrary URLs without proper validation, enabling...

CVE-2026-31943

LibreChat prior to 0.8.3 contains an SSRF protection bypass in isPrivateIP() (packages/api/src/auth/domain.ts) that fails to detect IPv4‑mapped IPv6 addresses in hex-normalized form. This allows any authenticated user to cause the server to issue HTTP requests to internal resources (e.g., AWS 169...

CVE-2026-33206 calibre has a path traversal vulnerability

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a path traversal vulnerability exists in Calibre' handling of images in Markdown and other similar text-based files allowing an attacker to include arbitrary files from the...

CVE-2026-33693 Lemmy's Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the...

PT-2026-28325

Name of the Vulnerable Software and Affected Versions Spring AI versions 1.0.0 through 1.0.4 Spring AI versions 1.1.0 through 1.1.3 Description Spring AI’s spring-ai-bedrock-converse component has a Server-Side Request Forgery SSRF issue within the BedrockProxyChatModel. This occurs when handling...

MingSoft MCMS 安全漏洞

MingSoft MCMS is a modular content management framework developed by MingSoft Corporation in China. Versions of MingSoft MCMS 5.5.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper handling of the parameter “catchimage” in the file...

CVE-2026-3530

Server-Side Request Forgery SSRF vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...

CVE-2025-14912

IBM InfoSphere Information Server (versions 11.7.0.0–11.7.1.6) is affected by CVE-2025-14912, a server-side request forgery (SSRF) vulnerability. An authenticated attacker could cause the server to send unauthorized outbound requests, enabling network enumeration or related attacks. Remediation i...