CVE-2026-42449

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the SDK embedder path N8NDocumentationMCPServer constructor, getN8nApiClient, and validateInstanceContext, the synchronous URL validator in...

GHSA-C2RM-G55X-8HR5 nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect)

Summary The isBlockedUrl denylist introduced in [email protected] to remediate GHSA-pqhr-mp3f-hrpp Dmitry Prokhorov / Positive Technologies, March 2026 is incomplete. The patch advisory states "Decimal/hexadecimal IP encoding bypasses are also handled" — that part is true Node's WHATWG URL pars...

CVE-2026-41905 FreeScout vulnerable to SSRF via Helper::sanitizeRemoteUrl: redirect destination not re-validated, allowing internal HTTP / cloud-metadata access

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl but then re-validates the original URL instead of the final redirect destination. An...

CVE-2026-8081 router-for-me CLIProxyAPI api_tools.go server-side request forgery

A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/apitools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote...

CVE-2026-8081 router-for-me CLIProxyAPI api_tools.go server-side request forgery

A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/apitools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote...

CVE-2026-8081

A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/apitools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote...

CVE-2026-8081

CVE-2026-8081 affects router-for-me CLIProxyAPI 6.9.29. The vulnerability is a server-side request forgery in the API Tools handler (internal/api/handlers/management/api_tools.go) caused by manipulating the url argument. This enables remote exploitation as disclosed publicly. Remediation details ...

CVE-2026-41688 Incomplete fix for CVE-2026-33399: SSRF in Wallos

Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname but passes the original hostname to cURL without CURLOPTRESOLVE pinning on 10 of 11 outbound HTTP endpoints, leaving a DNS...

CVE-2026-41687 Wallos: SSRF CGNAT Bypass in subscription/payments Logo URL — is_cgnat_ip() Not Used in Inline Checks

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTERFLAGNOPRIVRANGE | FILTERFLAGNORESRANGE that does not block...

CVE-2026-41687 Wallos: SSRF CGNAT Bypass in subscription/payments Logo URL — is_cgnat_ip() Not Used in Inline Checks

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTERFLAGNOPRIVRANGE | FILTERFLAGNORESRANGE that does not block...

CVE-2026-41654 Weblate is Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url

Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission default on hosted Weblate SaaS and for any user holding an active billing/trial plan can import a crafted project backup ZIP whose components/.json contains an attacker-chosen repo...

Security Bulletin: Multiple security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2026-1561, CVE-2025-14923, CVE-2025-14917, CVE-2026-29063, CVE-2025-14915).

Summary Multiple security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2026-1561, CVE-2025-14923, CVE-2025-14917, CVE-2026-29063, CVE-2025-14915. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address these vulnerabilities...

CVE-2026-41644

CVE-2026-41644 – SSRF in monetr Lunch Flow : The vulnerability occurs in the Lunch Flow link creation/refresh endpoint (POST /api/lunch_flow/link) of self-hosted monetr installations where LunchFlow.Enabled is true and sign-ups are allowed. An authenticated user can cause the server to fetch arbi...

CVE-2026-41644

monetr is a budgeting application for recurring expenses. Prior to version 1.12.5, a server-side request forgery SSRF vulnerability in monetr's Lunch Flow integration allowed any authenticated user on a self-hosted instance to cause the monetr server to issue HTTP GET requests to arbitrary URLs...

CVE-2026-41644 monetr is vulnerable to server-side request forgery in Lunch Flow link creation and refresh

monetr is a budgeting application for recurring expenses. Prior to version 1.12.5, a server-side request forgery SSRF vulnerability in monetr's Lunch Flow integration allowed any authenticated user on a self-hosted instance to cause the monetr server to issue HTTP GET requests to arbitrary URLs...

CVE-2026-41644 monetr is vulnerable to server-side request forgery in Lunch Flow link creation and refresh

monetr is a budgeting application for recurring expenses. Prior to version 1.12.5, a server-side request forgery SSRF vulnerability in monetr's Lunch Flow integration allowed any authenticated user on a self-hosted instance to cause the monetr server to issue HTTP GET requests to arbitrary URLs...

Server-Side Request Forgery (SSRF)

Apache Neethi is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to lack of validation of URIs in the PolicyReference API, allowing applications to fetch policies from arbitrary protocols or internal addresses, enabling attackers to trigger outbound requests to internal o...

Server-side Request Forgery (SSRF)

Overview docling-graph is an A tool to convert documents into knowledge graphs using Docling. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URLInputHandler process. An attacker can access internal network resources or sensitive cloud metadata by...

docling-graph has SSRF via Missing Internal IP Validation in URLInputHandler

Impact The URLInputHandler class in doclinggraph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating whether the target resolves to a private, loopback, or link-local IP address. The URLValidator only checks for a valid scheme and non-empty netloc, performing no...

EUVD-2026-28296

Admidio is an open-source user management solution. Prior to version 5.0.9, the incomplete SSRF fix in Admidio's fetchmetadata.php validates the resolved IP address but passes the original hostname-based URL to curlinit, leaving a DNS rebinding TOCTOU window that allows redirecting requests to...