CVE-2026-24964 WordPress Contest Gallery plugin <= 28.1.2.1 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Server Side Request Forgery.This issue affects Contest Gallery: from n/a through = 28.1.2.1...

SUSE CVE-2026-24005

Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since...

CVE-2026-33314

CVE-2026-33314 affects pyLoad/pyload-ng where a Host Header Spoofing flaw in the @local_check decorator lets unauthenticated external actors bypass local-only checks and access the Click'N'Load API endpoints. This enables remote queuing of downloads, causing SSRF and potential DoS. The issue is m...

CVE-2026-33407 Wallos: SSRF via HTTP Proxy Environment Variable

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTPPROXY and HTTPSPROXY environment variables without validation, enabling SSRF via proxy hijacking. The server performs DNS resolution on user-supplied search...

CVE-2026-33675 Vikunja has SSRF via Todoist/Trello Migration File Attachment URLs that Allows Reading Internal Network Resources

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the migration helper functions DownloadFile and DownloadFileWithHeaders in pkg/modules/migration/helpers.go make arbitrary HTTP GET requests without any SSRF protection. When a user triggers a Todoist or Trell...

Wallos 安全漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.7.0 contained security vulnerabilities. These vulnerabilities stemmed from the endpoints/logos/search.php file accepting unvalidated HTTPPROXY and HTTPSPROXY environment variables,...

WordPress MimeTypes Link Icons plugin <= 3.2.20 - Authenticated (Contributor+) Server-Side Request Forgery via Crafted Links in Post Content vulnerability

Authenticated Contributor+ Server-Side Request Forgery via Crafted Links in Post Content vulnerability discovered by Kai Aizen in WordPress Plugin MimeTypes Link Icons versions = 3.2.20...

CVE-2026-33039 AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy

WWBN AVideo is an open source video platform. In versions 25.0 and below, the plugin/LiveLinks/proxy.php endpoint validates user-supplied URLs against internal/private networks using isSSRFSafeURL, but only checks the initial URL. When the initial URL responds with an HTTP redirect Location heade...

CVE-2026-32828 Kargo: SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration

Kargo manages and automates the promotion of software artifacts. In versions 1.4.0 through 1.6.3, 1.7.0-rc.1 through 1.7.8, 1.8.0-rc.1 through 1.8.11, and 1.9.0-rc.1 through 1.9.4, the http and http-download promotion steps allow Server-Side Request Forgery SSRF against link-local addresses, most...

Admidio 安全漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio 5.0.6 and earlier have security vulnerabilities. These vulnerabilities st...

CVE-2026-29097 SuiteCRM Server-Side Request Forgery and Denial of Service via RSS Feed Dashlet

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions prior to 7.15.1 and 8.9.3 contain a Server-Side Request Forgery SSRF vulnerability combined with a Denial of Service DoS condition in the RSS Feed Dashlet component. Versions 7.15.1 an...

CVE-2026-32037

OpenClaw versions prior to 2026.2.22 fail to consistently validate redirect chains against configured mediaAllowHosts allowlists during MSTeams media downloads. Attackers can supply or influence attachment URLs to force redirects to non-allowlisted targets, bypassing SSRF boundary controls...

EUVD-2026-13164

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An Out-of-Band Server-Side...

EUVD-2025-208873

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the searchWeb API component that allows authenticated attackers to cause the server to initiate arbitrary outbound requests. Attackers can exploit improper URL validation to...

CVE-2026-3511

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF Server Side Request Forgery attacks and obtain unauthorized access to local files on filesystems running the vulnerable...

CVE-2026-3511

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF Server Side Request Forgery attacks and obtain unauthorized access to local files on filesystems running the vulnerable...

CVE-2026-3511

The CVE-2026-3511 entry concerns Slovensko.Digital Autogram, specifically the XMLUtils.java vulnerability where improper restriction of XML External Entity (XXE) references can be exploited to perform SSRF from the vulnerable local HTTP server. Exploitation requires a victim to visit a crafted we...

GHSA-44C9-4RG5-QJGQ Duplicate Advisory: web_search citation redirect SSRF via private-network-allowing policy

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g99v-8hwm-g76g. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in websearch citation redirec...

PT-2026-26316

Summary The Scheduler plugin's run function in plugin/Scheduler/Scheduler.php calls url get contents with an admin-configurable callbackURL that is validated only by isValidURL URL format check. Unlike other AVideo endpoints that were recently patched for SSRF GHSA-9x67-f2v7-63rw,...

CVE-2026-4366 Keycloak-services: blind server-side request forgery (ssrf) via http redirect handling in keycloak

A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an attacker to trick the server into making unintended requests to internal or restricted resources...