GHSA-J62C-4X62-9R35 SvelteKit is vulnerable to denial of service and possible SSRF when using prerendering

Summary Versions of SvelteKit are vulnerable to a server side request forgery SSRF and denial of service DoS under certain conditions. Details Affected versions from 2.44.0 onwards are vulnerable to DoS if: - your app has at least one prerendered route export const prerender = true Affected...

CVE-2026-0600

CVE-2026-0600 is a Server-Side Request Forgery (SSRF) vulnerability affecting Sonatype Nexus Repository 3.x (3.0.0 and later). The issue allows authenticated administrators who configure proxy repositories to set URLs that can reach unintended network destinations, including cloud metadata servic...

BIT-GHOST-2026-22597 Ghost has SSRF via External Media Inliner

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

Fulcio 代码问题漏洞

Fulcio is a certificate authority open-sourced by sigstore. A code issue vulnerability exists in Fulcio versions prior to 1.8.5 that stems from the use of unanchored regular expressions for MetaIssuer URL validation, which could lead to bypassing validation and triggering a blind SSRF attack...

CVE-2021-22175

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled...

CVE-2026-21885

Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs...

CVE-2025-69222 LibreChat is vulnerable to Server-Side Request Forgery due to missing restrictions

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery SSRF vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actio...

CVE-2025-58441 Knowage is vulnerable to blind server-side request forgery (SSRF)

Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact o...

WordPress Grand Blog theme < 3.1.5 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Grand Blog versions 3.1.5...

CVE-2025-15414

A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function FetchTheme of the file service/theme/gitfetcher.go of the component Theme Fetching API. Executing a manipulation of the argument uri can lead to server-side request forgery. The attack may be launched...

CVE-2025-15414

The CVE-2025-15414 issue affects go-sonic up to version 1.1.4, specifically the FetchTheme function in service/theme/git_fetcher.go of the Theme Fetching API. The root cause is manipulation of the uri argument that enables server-side request forgery (SSRF), with the attack potentially executable...

CVE-2026-21428 cpp-httplib has CRLF injection in http headers

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.0, the writeheaders function does not check for CR & LF characters in user supplied headers, allowing untrusted header value to escape header lines. This vulnerability allows attackers to add...

WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin <= 7.35 - Authenticated (Contributor+) Server-Side Request Forgery via Bitly Shortlink Bypass vulnerability

WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin = 7.35 - Authenticated Contributor+ Server-Side Request Forgery via Bitly Shortlink Bypass vulnerability discovered by WordFence in WordPress Plugin WP Ultimate CSV Importer versions = 7.35...

CVE-2025-15373

A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function saveRemote of the file application/function.php. Such manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be use...

PT-2026-1013

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.30.0 Description The write headers function in cpp-httplib does not properly validate user-supplied headers, specifically failing to check for carriage return CR and line feed LF characters. This allows attacker...

PT-2026-1010

Name of the Vulnerable Software and Affected Versions WP Import – Ultimate CSV XML Importer for WordPress versions prior to 7.36 Description The plugin is susceptible to Server-Side Request Forgery SSRF. This occurs because the plugin does not properly validate URLs after following Bitly shortlin...

cpp-httplib 注入漏洞

cpp-httplib is an HTTP/HTTPS server and client library written in C++ by the individual developer yhirose. An injection vulnerability exists in versions prior to cpp-httplib 0.30.0, which stems from a failure to check for CR and LF characters in user-supplied headers, which could lead to the...

EUVD-2025-205282

Server-Side Request Forgery SSRF vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Server Side Request Forgery.This issue affects 6Storage Rentals: from n/a through = 2.19.9...

📄 MagnusBilling 6 Server-Side Request Forgery / Path Traversal

Proof of concept exploit for MagnusBilling 6 vulnerabilities including server-side request forgery, path traversal, and cryptographic weaknesses. ============================================================================================================================================= | Title :...

CVE-2025-68696

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd...