EUVD-2025-204848

httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage...

EUVD-2025-204778

Local Deep Research is Vulnerable to Server-Side Request Forgery SSRF in Download Service...

CVE-2025-67743 Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service

Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service downloadservice.py makes HTTP requests using raw requests.get without utilizing the application's SSRF protection saferequests.py. This can allow...

PT-2026-1915

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.0.0 through 6.1.0 Description The issue is a missing XML validation check in Apache Struts, allowing for XML External Entity XXE attacks. This flaw resides in the XWork component and can be exploited by attackers to re...

CVE-2025-34452 Streama Subtitle Download Path Traversal and SSRF Leading to Arbitrary File Write

Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery SSRF vulnerabilities in that allow an authenticated attacker to write arbitrary files to the server filesystem. The issue exists in the subtitle download...

Parse Server is vulnerable to Server-Side Request Forgery (SSRF) via Instagram OAuth Adapter

Impact The Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and possibly authentication bypass if malicious endpoints return fake responses to validate unauthorized users. Patches Fixed by hardcoding the...

EUVD-2025-203629

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

CVE-2025-14443

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

PYSEC-2025-231

Weblate is a web based localization tool. The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, prior to version 5.15, the repository URL field is...

Security Bulletin: Rational Service Tester contains vulnerabilities which could affect Eclipse Jetty

Summary Due to the use of Eclipse Jetty, Rational Service Tester contains vulnerabilities that could lead to a potential denial of service attack or bypass security restrictions. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: There exists a security vulnerability in Jetty's...

WordPress Prime Slider – Addons For Elementor plugin <= 4.0.10 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by NumeX in WordPress Plugin Prime Slider – Addons For Elementor versions = 4.0.10...

WordPress plugin RSS Aggregator by Feedzy 代码问题漏洞

WordPress RSS Aggregator by Feedzy is a lightweight plugin designed for WordPress that focuses on automatically grabbing content from external RSS feeds and syndicating it to your website. WordPress RSS Aggregator by Feedzy has a code issue vulnerability that stems from the existence of a blind...

EUVD-2025-201833

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

Fetch MCP Server 安全漏洞

Fetch MCP Server is a context protocol server by Zach Caceres Individual Developer. A security vulnerability exists in Fetch MCP Server version 1.0.2 and prior versions, which stems from server-side request forgery and could lead to access to internal network resources...

PT-2025-49596

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

Apache HTTP Server 安全漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A cross-site request forgery vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause NTLM hash...

EUVD-2025-201264

Open WebUI vulnerable to Server-Side Request Forgery SSRF via Arbitrary URL Processing in /api/v1/retrieval/process/web...

CVE-2025-65958 Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Server-Side Request Forgery SSRF vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This can be exploited to...

CVE-2025-14004 dayrui XunRuiCMS Email Setting admind45f74adbd95.php server-side request forgery

A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of the attack is...

PT-2025-49030

Name of the Vulnerable Software and Affected Versions dayrui XunRuiCMS versions up to 4.7.1 Description A server-side request forgery condition exists in dayrui XunRuiCMS. The issue is located in the file admin79f2ec220c7e.php?c=api&m=test site domain within the Project Domain Change Test...