EUVD-2026-25288

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery SSRF vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests t...

CVE-2026-41271

Flowise (FlowiseAI) SSRF in API Chain POST/GET components prior to version 3.1.0 allows unauthenticated attackers to cause the server to make arbitrary HTTP requests to internal/external systems by injecting malicious prompt templates, bypassing API documentation constraints and potentially leadi...

CVE-2026-41271 Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery SSRF vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests t...

CVE-2026-41271

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery SSRF vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests t...

CVE-2026-41271 Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery SSRF vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests t...

CVE-2026-41272 Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers secureAxiosRequest and secureFetch intended to prevent Server-Side Request Forgery SSRF contain multiple logic flaws. These flaws allow attackers to bypass the...

CVE-2026-41272

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers secureAxiosRequest and secureFetch intended to prevent Server-Side Request Forgery SSRF contain multiple logic flaws. These flaws allow attackers to bypass the...

CVE-2026-41270 Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery SSRF protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTPDENYLIST for axios and...

Microsoft Entra ID Entitlement Management Spoofing Vulnerability

Server-side request forgery ssrf in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network...

Microsoft Dynamics 365 (online) Spoofing Vulnerability

Server-side request forgery ssrf in Microsoft Dynamics 365 Online allows an unauthorized attacker to perform spoofing over a network...

EUVD-2026-25118

WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the url schema field accepts any string without protocol restriction or destination validation. Attackers who can create or modify integrations can set webhook URLs to internal network...

PT-2026-34759

Name of the Vulnerable Software and Affected Versions Microsoft Dynamics 365 Online affected versions not specified Description A server-side request forgery SSRF allows an unauthorized attacker to perform spoofing over a network. SSRF is a flaw where an attacker can force a server-side applicati...

PT-2026-34792

OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : OpenStack Glance vulnerabilities (USN-8199-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8199-1 advisory. Martin Kaesberger discovered that OpenStack Glance's image processing could return the contents of arbitrary files. An attacker...

Microsoft Dynamics 365 Online 代码问题漏洞

Microsoft Dynamics 365 Online is a management software developed by Microsoft Corporation, designed for monitoring employee behavior and analyzing work efficiency. There are code vulnerabilities in Microsoft Dynamics 365 Online, which stem from server-side request forgery. These vulnerabilities m...

PT-2026-34736

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery SSRF vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests t...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities were due to a SSRF protection bypass exploit, which failed to block four IPv6 special-purpose ranges. Attackers coul...

PT-2026-34823

Summary The fetch call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transform.ts line 28 uses the default redirect: 'follow' behavior. This allows the Cloudflare Worker to follow HTTP redirects to arbitrary URLs, bypassing the isRemoteAllowed domain allowlist chec...

PT-2026-34757

CVE-2026-26150 Server-side request forgery ssrf in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network. https://t.co/iDqEazYdOv...

Microsoft Purview 代码问题漏洞

Microsoft Purview is a data security and management software developed by the American company Microsoft. There is a code vulnerability in Microsoft Purview, which stems from server-side request forgery. This vulnerability allows unauthorized attackers to escalate their privileges through the...