Server-side Request Forgery (SSRF)

Overview github.com/gotenberg/gotenberg/v7/pkg/modules/chromium is a Docker-powered stateless API for PDF files. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the FilterOutboundURL process. An attacker can access internal network resources and retrie...

GHSA-RM4C-XJ6X-49MW Gotenberg has a Server-Side Request Forgery (SSRF) Issue

Summary The SSRF hardening shipped in v8.31.0 only covers outbound URLs that Gotenberg's Go code handles — Chromium asset fetches, webhook delivery, and download-from. The LibreOffice conversion endpoint /forms/libreoffice/convert passes uploaded documents directly to LibreOffice without inspecti...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the libreoffice process when uploaded files containing external references are passed directly for conversion without content inspection. An attacker can cause the server to make arbitrary outbound HT...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the libreoffice process when uploaded files containing external references are passed directly for conversion without content inspection. An attacker can cause the server to make arbitrary outbound HT...

Wallos 代码问题漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos 4.8.4 and earlier contained code vulnerabilities due to incomplete SSRF protections. The vulnerability arises from the use of gethostbyname to verify the Webhook URL without utilizing the...

PT-2026-38382

Name of the Vulnerable Software and Affected Versions Gotenberg versions 8.31.0 and earlier Description A Server-Side Request Forgery SSRF issue exists in the LibreOffice conversion endpoint "/forms/libreoffice/convert". While some SSRF hardening is present in the Go code, the application passes...

PT-2026-38584

Name of the Vulnerable Software and Affected Versions Azure Notification Service affected versions not specified Description Server-side request forgery SSRF, a flaw where an attacker can induce the server to make requests to an unintended location, in the Azure Notification Service allows an...

OpenClaw Server-Side Request Forgery Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a server-side request forgery vulnerability that stems from a server-side request forgery vulnerability in QQBot direct media uploads that skips URL authentication. An attacker can exploit this...

Microsoft Azure Notification Service 代码问题漏洞

Microsoft Azure Notification Service is a notification delivery service provided by Microsoft Corporation in the United States. There is a code vulnerability in Microsoft Azure Notification Service, which stems from server-side request forgery. This vulnerability could allow authorized attackers ...

CLI Proxy API 代码问题漏洞

CLI Proxy API is an open-source CLI proxy server developed by Router-For.ME, which supports multi-model APIs. Version 6.9.29 of the CLI Proxy API has a code vulnerability that stems from the handling of the url parameter in the file internal/api/handlers/management/apitools.go. This vulnerability...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.21 of GitHub Enterprise Server, there was a security...

monetr 安全漏洞

Monetr is an open-source personal budget management application developed by Monetr. Versions of Monetr prior to 1.12.5 contained a security vulnerability. This vulnerability stemmed from server-side request forgeing in the Lunch Flow integration, which could allow authenticated users to send HTT...

PT-2026-38412

Name of the Vulnerable Software and Affected Versions Docling-Graph versions prior to 1.5.1 Description The URLInputHandler class in docling graph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating if the target resolves to a private, loopback, or link-local IP...

Wallos 代码问题漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.8.1 contained code vulnerabilities. These vulnerabilities stemmed from the SSRF protection mechanism not preventing the CGNAT address range, which could allow authenticated users to...

Playwright Capture permits access to local files and internal network resources during page capture

Playwright Capture did not sufficiently restrict navigations and resource requests initiated by rendered pages. An attacker-controlled page could abuse browser-side redirection mechanisms, such as window.location.href, to make the capture process open file:// URLs or request resources hosted on...

GHSA-Q9PW-VMHH-384G PraisonAI has an SSRF bypass

Summary The URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. Details The current PraisonAI project uses validateurl to validate the input URL. The main logic is to perform security checks on the host portion of the URL extracted by...

EUVD-2026-28164

OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket endpoint that allows attackers to pivot to untrusted second-hop targets. The webSocketDebuggerUrl response field is not properly validated, enabling attackers to redirect connections t...

EUVD-2026-28199

OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia and uploadGroupMedia endpoints to relay unintended requests...

Duplicate Advisory: OpenClaw validates Zalo outbound photo URLs through the SSRF guard

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2hh7-c75g-qj2r. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto functio...

Duplicate Advisory: OpenClaw: Browser press/type interaction routes missed complete navigation guard coverage

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-536q-mj95-h29h. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger...