PT-2025-45382

Name of the Vulnerable Software and Affected Versions Parse Server versions 4.2.0 through 7.5.3 Parse Server versions 8.0.0 through 8.3.1-alpha.1 Description Parse Server is an open source backend deployable on Node.js infrastructures. A Server-Side Request Forgery SSRF exists in the file upload...

CVE-2020-36862

Nagios XI versions prior to 5.6.11 contain unauthenticated vulnerabilities in the Highcharts local exporting tool. Crafted export requests could 1 inject script into exported/returned content due to insufficient output encoding XSS, and 2 cause the server to fetch attacker-specified URLs SSRF,...

EUVD-2020-30808

Nagios XI versions prior to 5.6.11 contain unauthenticated vulnerabilities in the Highcharts local exporting tool. Crafted export requests could 1 inject script into exported/returned content due to insufficient output encoding XSS, and 2 cause the server to fetch attacker-specified URLs SSRF,...

UBUNTU-CVE-2025-12058

The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...

Exploit for Server-Side Request Forgery in Apache Solr

CVE-2021-27905 | Sr No | Title...

CVE-2025-62505 SSRF in lobehub/lobe-chat with native web fetch module

LobeChat is an open source chat application platform. The web-crawler package in LobeChat version 1.136.1 allows server-side request forgery SSRF in the tools.search.crawlPages tRPC endpoint. A client can supply an arbitrary urls array together with impls containing the value naive. The service...

GHSA-FGX4-P8XF-QHP9 Lobe Chat vulnerable to Server-Side Request Forgery with native web fetch module

Vulnerability Description --- Vulnerability Overview - When the client sends an arbitrary URL array and impl: "naive" to the tRPC endpoint tools.search.crawlPages, the server issues outbound HTTP requests directly to those URLs. There is no defensive logic that restricts or validates requests to...

CVE-2025-60279

A server-side request forgery SSRF vulnerability in Illia Cloud illia-Builder before v4.8.5 allows authenticated users to send arbitrary requests to internal services via the API. An attacker can leverage this to enumerate open ports based on response discrepancies and interact with internal...

CVE-2025-58474 BIG-IP Advanced WAF and ASM and NGINX App Protect DNS lookup vulnerability

When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery SSRF protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed requests can disrupt new client requests. Note: Software versions which have reached End of Technical Support...

Rocket.Chat: SSRF via Improper Redirect Validation in Rocket.Chat oEmbed Function

A vulnerability was discovered in Rocket.Chat version 7.10.1 where the oEmbed feature did not properly validate redirected URLs. This allowed an attacker to bypass SSRF protections and access internal network resources that would otherwise be unreachable...

CVE-2025-55971

TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 Android TV, Kernel 5.4.242+, is vulnerable to a blind, unauthenticated Server-Side Request Forgery SSRF vulnerability via the UPnP MediaRenderer service AVTransport:1. The device accepts unauthenticated SetAVTransportURI SOAP...

EUVD-2020-30801

Malware in sbrugna...

EUVD-2020-21361

Malware in sbrugna...

EUVD-2017-15095

Malware in sbrugna...

EUVD-2017-12329

Malware in sbrugna...

LLaMA-Factory 安全漏洞

LLaMA-Factory is a fine-tuned large-scale language model by a Chinese hoshi-hiyouga individual developer. A security vulnerability exists in LLaMA-Factory versions prior to 0.9.4, which stems from the processrequest function not validating or cleaning up URLs, which could lead to server-side...

EUVD-2025-27460

Malicious code in bioql PyPI...

EUVD-2023-0632

Malicious code in bioql PyPI...

WordPress Block For Mailchimp plugin <= 1.1.12 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by D01EXPLOIT OFFICIAL in WordPress Plugin MailChimp Block versions = 1.1.12...

CVE-2025-34228

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a server-side request forgery SSRF vulnerability. The /var/www/app/consolerelease/lexmark/update.php script is reachable from the internet...