648 matches found
PT-2026-5938
Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.34 Description AutoGPT is a platform for creating, deploying, and managing continuous artificial intelligence agents to automate complex workflows. A Server-Side Request Forgery SSRF issue exists in the...
AutoGPT 代码问题漏洞
AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. Previous versions of AutoGPT, including autogpt-platform-beta-v0.6.34, had code vulnerabilities. These vulnerabilities stemmed from the use of the third-party library urllib.request.urlopen...
VulnCheck KEV: CVE-2024-20404
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affect...
AutoGPT 代码问题漏洞
AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. Previous versions of AutoGPT, including autogpt-platform-beta-v0.6.34, had code vulnerabilities. These vulnerabilities stemmed from the use of the third-party library...
GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability
GitLab Community and Enterprise Editions contain a server-side request forgery vulnerability which could allow unauthorized external users to perform Server Side Requests via the CI Lint API...
CVE-2026-24779 vLLM vulnerable to Server-Side Request Forgery (SSRF) in `MediaConnector`
vLLM is an inference and serving engine for large language models LLMs. Prior to version 0.14.1, a Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods obtain and process...
WordPress Plugin AI Engine code vulnerability
WordPress Plugin AI Engine is a plugin developed by the WordPress Foundation. It can be used to build intelligent chatbots, create AI forms, and automate tasks. Versions of WordPress Plugin AI Engine prior to 3.3.2 have code vulnerabilities due to a server-side request forgeing issue in the...
CVE-2025-64252
Server-Side Request Forgery SSRF vulnerability in Marco Milesi ANAC XML Viewer anac-xml-viewer allows Server Side Request Forgery.This issue affects ANAC XML Viewer: from n/a through = 1.8.2...
CVE-2021-47899
CVE-2021-47899 affects YetiShare File Hosting Script version 5.1.0. The vulnerability is a server‑side request forgery (SSRF) in the remote file upload feature, exploitable via the url parameter in the /url_upload_handler endpoint to read local files using the file:/// protocol (e.g., /etc/passwd...
CVE-2026-24548
Summary: CVE-2026-24548 is a Server-Side Request Forgery (SSRF) vulnerability in the WordPress plugin “Radio Player” (radio-player) affecting versions up to and including 2.0.91. The issue is publicly documented by multiple sources (Wordfence vulnerability report and CVE/NVD entries). Impact is l...
CVE-2025-56589
A Local File Inclusion LFI and a Server-Side Request Forgery SSRF vulnerability was found in the InsertFromHtmlString function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or...
CVE-2026-24360 WordPress Seriously Simple Podcasting plugin <= 3.14.1 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Server Side Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through = 3.14.1...
CVE-2025-56589
A Local File Inclusion LFI and a Server-Side Request Forgery SSRF vulnerability was found in the InsertFromHtmlString function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or...
Apryse HTML2PDF SDK has security vulnerabilities
The Apryse HTML2PDF SDK is a file format conversion component developed by the American company Apryse. Versions of the Apryse HTML2PDF SDK 11.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the InsertFromHtmlString function, which had issues with local file...
Keycloak’s OpenID Connect Dynamic Client Registration feature affected by Server-Side Request Forgery (SSRF)
A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using privatekeyjwt. The issue allows a client to specify an arbitrary jwksuri, which Keycloak then retrieves without validating the destination. This enables attackers to coerce the...
PT-2026-3644
🔴 WeasyPrint, SSRF Protection Bypass, CVE-2024-27490 Critical https://t.co/6nK4AIaKzH...
CVE-2026-1062 xiweicheng TMS HtmlUtil.java summary server-side request forgery
A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...
PT-2026-3369
Name of the Vulnerable Software and Affected Versions xiweicheng TMS versions up to 2.28.0 Description A flaw exists in xiweicheng TMS that allows for server-side request forgery. The issue is related to the Summary function within the src/main/java/com/lhjz/portal/util/HtmlUtil.java file...
GHSA-FCCG-7W3P-W66F Nu Html Checker (vnu) contains a Server-Side Request Forgery (SSRF) vulnerability
Nu Html Checker validator.nu contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. While the validator implements hostname-based protections to block direct access to localhost and...
SAP NetWeaver Command Injection (January 2026)
The version of SAP NetWeaver Application Server for Java detected on the remote host is affected by an SAP NetWeaver is affected by a server-side request forgery SSRF vulnerabilityas disclosed in the SAP Security Patch Day January 2026: - Due to an OS Command Injection vulnerability in SAP...