EUVD-2026-35677

Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to perform spoofing over a network...

EUVD-2026-35678

Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to disclose information over a network...

CVE-2026-45502

Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to disclose information over a network...

CVE-2026-45504

Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network...

CVE-2026-45503

CVE-2026-45503 is an SSRF vulnerability in Microsoft Exchange Server that could allow an authorized attacker to disclose information over a network. The provided documents cite CVSSv3.1 base metrics: 8.1 (High), with NETWORK attack vector, LOW attack complexity, Privileges Required: LOW, no user ...

Microsoft Exchange Server Information Disclosure Vulnerability

Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to disclose information over a network...

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization

A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NOPROXY rules. An attacker can exploit this by crafting requests to loopback addresses e.g., localhost. or ::1 which bypass the NOPROXY...

CVE-2026-41854

Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery SSRF attack. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18...

UBUNTU-CVE-2026-41854

Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery SSRF attack. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18...

CVE-2026-41854 Spring Framework Server-Side Request Forgery via UriComponentsBuilder

Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery SSRF attack. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18...

CVE-2026-11469

A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java of the component platformConfig Add Endpoint. Executing a manipulation of the argument platformValue can lead to...

PT-2026-47976

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server affected versions not specified Description A server-side request forgery SSRF issue allows an authorized attacker to elevate privileges over a network. SSRF is a flaw where an attacker can induce the server-side...

Adobe Campaign Classic 代码问题漏洞

Adobe Campaign Classic is a enterprise-level marketing automation and campaign management platform developed by Adobe Inc. Versions of Adobe Campaign Classic 7.4.3 build 9394 and earlier have code vulnerabilities that stem from server-side request forgery, which may lead to privilege escalation...

CVE-2026-11437

A flaw has been found in perfree go-fastdfs-web up to 1.3.7. Affected is the function checkServer of the file /install/checkServer of the component Installation Endpoint. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been...

GHSA-HW9R-6M78-W6H3 GeoNode contains a server-side request forgery vulnerability in the service registration endpoint

GeoNode versions 4.4.5 and 5.0.2 and prior within their respective releases contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL durin...

Server-side Request Forgery (SSRF)

Overview geonode is an application for serving and sharing geospatial data Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the service registration endpoint. An attacker can access internal network resources and sensitive endpoints by submitting crafted...

GeoNode contains a server-side request forgery vulnerability in the service registration endpoint

GeoNode versions 4.4.5 and 5.0.2 and prior within their respective releases contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL durin...

CVE-2026-11469

A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java of the component platformConfig Add Endpoint. Executing a manipulation of the argument platformValue can lead to...

Server-side Request Forgery (SSRF)

Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via...