CVE-2026-22742 Server-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL Fetching

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery SSRF vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests...

CVE-2026-22742

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery SSRF vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests...

CVE-2026-33182

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request endpoint. If the endpoint was a valid absolute URL, the code used that URL as-is and ignored the base...

CVE-2026-4907

A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. The impacted element is the function sitemap.fetch of the file /sitemap of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack is...

CVE-2026-4907 Page-Replica Page Replica Endpoint sitemap sitemap.fetch server-side request forgery

A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. The impacted element is the function sitemap.fetch of the file /sitemap of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack is...

CVE-2026-4907 Page-Replica Page Replica Endpoint sitemap sitemap.fetch server-side request forgery

A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. The impacted element is the function sitemap.fetch of the file /sitemap of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack is...

CVE-2026-33693 Lemmy's Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the...

CVE-2026-33693

Lemmy’s Activitypub-Federation vulnerable component: Rust-based v4_is_invalid() in activitypub_federation-rust fails to check IPv4Addr::UNSPECIFIED (0.0.0.0). An unauthenticated attacker controlling a remote domain could direct 0.0.0.0 and bypass SSRF protections, reaching localhost services on t...

Calibre 代码问题漏洞

Calibre is an open-source, free tool developed by Kovid Goyal, a personal developer in India. It serves as a comprehensive e-book reading management and format conversion tool. Prior to Calibre 9.6.0, there were code-related vulnerabilities. These vulnerabilities stemmed from a server-side reques...

PT-2026-28670

Name of the Vulnerable Software and Affected Versions Page-Replica Page Replica versions prior to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0 Description A server-side request forgery SSRF issue exists in the sitemap.fetch function within the /sitemap file of the Endpoint component. Manipulation of...

PT-2026-28679

A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible...

PT-2026-28429

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.3 Description LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, the isPrivateIP function in packages/api/src/auth/domain.ts does not correctly identify IPv4-mapped IPv6 addresses in...

VMware Spring AI 安全漏洞

VMware Spring AI is a development framework by the American company VMware, which integrates artificial intelligence and large language model capabilities within the Spring ecosystem. Versions prior to 1.0.5 and 1.1.4 of VMware Spring AI contained security vulnerabilities. These vulnerabilities...

PT-2026-28473

Name of the Vulnerable Software and Affected Versions calibre versions prior to 9.6.0 Description A Server-Side Request Forgery SSRF issue in the 'background-image' endpoint of the web view allows an attacker to perform blind GET requests to arbitrary URLs. This can lead to the exfiltration of...

PT-2026-28586

Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev97 Description pyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery SSRF attacks. An authenticated attacker can exploit this to access internal network...

Page Replica 代码问题漏洞

Page Replica is an open-source tool for web content extraction and structured processing developed by Page Replica. Versions of Page Replica e4a7f52e75093ee318b4d5a9a9db6751050d2ad0 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of the parameter url in th...

LibreChat 代码问题漏洞

LibreChat is an open-source, free, and highly customizable unified AI dialogue platform. It allows for the aggregation and running of large models from any vendor within a single interface. Versions of LibreChat from 0.8.2-rc2 to 0.8.2 contain code vulnerabilities. These vulnerabilities stem from...

Letta-ai letta 安全漏洞

Letta-ai letta is an open-source stateful proxy framework developed by Letta-ai, featuring memory management, reasoning capabilities, and context handling. Version 0.16.4 of Letta-ai letta contains a security vulnerability caused by incorrect handling of the parameter ImageContent in the file...

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from the urlgetcontents function not revalidating the target when following HTTP redirection, which could...

OTCMS 安全漏洞

OTCMS is a content management system CMS for article-based websites developed by OTCMS Inc. Versions of OTCMS prior to V7.66 contained security vulnerabilities. These vulnerabilities stemmed from server-side request forgeing in the AnnounContent module of the admin/read.php file. This vulnerabili...