CVE-2026-34954 PraisonAI: SSRF in FileTools.download_file() via Unvalidated URL

PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.downloadfile in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream with followredirects=True. An attacker who controls the URL can reach any...

CVE-2026-34526

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, in src/endpoints/search.js, the hostname is checked against /^\d+.\d+.\d+.\d+$/. This...

Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability

Server-side request forgery ssrf in Azure Custom Locations Resource Provider RP allows an authorized attacker to elevate privileges over a network...

EUVD-2026-17660

AVideo: Stored SSRF via Video EPG Link Missing isSSRFSafeURL Validation...

CVE-2026-5126

CVE-2026-5126 affects SourceCodester RSS Feed Parser 1.0. The flaw is in the function file_get_contents , enabling a server-side request forgery (SSRF). The attack is possible to be carried out remotely, and the exploit has been published and may be used. This has been reflected across multiple s...

EUVD-2025-209108

The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laboratorcalcroute AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web applicati...

SUSE CVE-2026-32301

Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vulnerable to Server-Side Request Forgery SSRF when configured with a dynamic JWKS endpoint URL using template variables e.g. tenant. An unauthenticated attacker can craft a JWT with a malicious iss or...

CVE-2026-33486 Roadiz has Server-Side Request Forgery (SSRF) in roadiz/documents

Roadiz is a polymorphic content management system based on a node system that can handle many types of services. A vulnerability in roadiz/documents prior to versions 2.7.9, 2.6.28, 2.5.44, and 2.3.42 allows an authenticated attacker to read any file on the server's local file system that the web...

Server-side Request Forgery (SSRF)

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the clientsessionhost parameter during refresh token requests when the...

Server-side Request Forgery (SSRF)

Overview streamlit is a The fastest way to build data apps in Python Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to improper validation of filesystem paths in the ComponentRequestHandler process. An attacker can trigger outbound SMB authentication...

CVE-2026-1561

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery SSRF. This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating...

CVE-2026-1015

Summary: CVE-2026-1015 affects IBM InfoSphere Information Server, with a server-side request forgery (SSRF) vulnerability. Affected versions: 11.7.0.0 to 11.7.1.6. Impact: potential for an authenticated attacker to send unauthorized requests from the system, enabling network enumeration or relate...

EUVD-2026-15476

Server-Side Request Forgery SSRF vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1...

CVE-2026-22739

Spring Cloud Config Server with native-file-system backend is vulnerable to an issue in profile substitution that can cause access to files outside configured search directories, leading to potential SSRF/unauthorized file reads. Affected lines: Spring Cloud 3.1.x before 3.1.13; 4.1.x before 4.1....

pyLoad 访问控制错误漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev97 contained a security vulnerability related to access control. This vulnerability stemmed from the @localcheck decorator, which allowed for header spoofing by hosts, potentially allowing...

PT-2026-27496

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery SSRF. This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating...

CVE-2026-4589

A vulnerability was identified in kalcaddle kodbox 1.64. The affected element is the function PathDriverUrl of the file /workspace/source-code/app/controller/explorer/editor.class.php of the component fileGet Endpoint. Such manipulation of the argument path leads to server-side request forgery. T...

OpenSource-WorkShop Connect-CMS 代码问题漏洞

OpenSource-WorkShop Connect-CMS is a content management system developed by the OpenSource-WorkShop company, designed for easy website creation. Versions of OpenSource-WorkShop Connect-CMS prior to 1.41.0 and 2.41.0 contain code vulnerabilities. These vulnerabilities stem from the Page Management...

CVE-2026-3478

The Content Syndication Toolkit plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3 via the reduxp AJAX action in the bundled ReduxFramework library. The plugin registers a proxy endpoint wpajaxnoprivreduxp that is accessible to...

CVE-2026-33321

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An Out-of-Band Server-Side...