7420 matches found
EUVD-2026-26738
A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This manipulation of the argument files causes server-side request forgery. It is possible to initiate the...
JeecgBoot 代码问题漏洞
JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Versions of JeecgBoot 3.9.1 and earlier contain code vulnerabilities. These vulnerabilities stem from improper handling of the...
PT-2026-36579
The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the ona activate child theme. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations...
PT-2026-36571
Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.9.2 Description An issue in the OpenApi Service component allows remote attackers to perform server-side request forgery SSRF, a flaw where the server is coerced into making unintended requests. This occurs throug...
WordPress plugin PixelYourSite Pro 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-36570
A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This manipulation of the argument files causes server-side request forgery. It is possible to initiate the...
JeecgBoot 代码问题漏洞
JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of parameters in the OpenApiController.add/OpenApiController.call...
PT-2026-36590
Name of the Vulnerable Software and Affected Versions Royal Elementor Addons versions prior to 1.7.1058 Description The Royal Elementor Addons plugin for WordPress contains a Server-Side Request Forgery SSRF issue. This occurs because the render csv data function does not sufficiently validate...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the PolicyReference API when fetching remote policy references. An attacker can access internal resources or arbitrary protocols by supplying a crafted URI. Remediation Upgrade org.apache.neethi:neet...
WordPress Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin <= 1.7.1057 - Authenticated (Contributor+) Server-Side Request Forgery vulnerability
Authenticated Contributor+ Server-Side Request Forgery vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Royal Elementor Addons versions = 1.7.1057...
CVE-2026-3340
IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
CVE-2026-3340 Server-Side Request Forgery (SSRF) in Langflow URL Component
IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
CVE-2026-3340
IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
EUVD-2026-26419
IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
Server-side Request Forgery (SSRF)
Overview n8n-mcp is an Integration between n8n workflow automation and Model Context Protocol MCP Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the SSRFProtection.validateUrlSync function in the src/utils/ssrf-protection.ts component. An attacker can rea...
Weblate Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url
Impact An authenticated user with project.add permission default on hosted Weblate SaaS and for any user holding an active billing/trial plan can import a crafted project backup ZIP whose components/.json contains an attacker-chosen repo URL pointing at a private address e.g. http://127.0.0.1:999...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the FilterDeadline function. An attacker can force the application to make arbitrary outbound HTTP POST requests to internal or external destinations by supplying a crafted URL in the...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the FilterDeadline function. An attacker can force the application to make arbitrary outbound HTTP POST requests to internal or external destinations by supplying a crafted URL in the...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the FilterDeadline function. An attacker can force the application to make arbitrary outbound HTTP POST requests to internal or external destinations by supplying a crafted URL in the...
GHSA-5VH4-RGV7-P9G4 Gotenberg Vulnerable to Unauthenticated SSRF via Unfiltered Webhook URL
CVE Report — Unauthenticated SSRF via Unfiltered Webhook URL in Gotenberg Severity | Field | Value | |-----------|----------------------------------------| | CVSS v3.1 | 8.6 High | | Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N | | CWE | CWE-918 — Server-Side Request Forgery | | Auth | None |...