CVE-2026-33182 Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request endpoint. If the endpoint was a valid absolute URL, the code used that URL as-is and ignored the base...

Firecrawl 代码问题漏洞

Firecrawl is an open-source AI web crawler tool developed by Mendable.ai. Versions of Firecrawl 2.8.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from a flaw in the Playwright crawling service, where server-side request forgery protection was bypassed, potentially...

Lychee 代码问题漏洞

Lychee is a beautiful and easy-to-use photo management system developed by The Lychee Organisation. It is used for managing and sharing photos. Versions of Lychee prior to 7.5.1 had code vulnerabilities; these vulnerabilities stemmed from incomplete IP verification checks, which failed to prevent...

PT-2026-28504

Name of the Vulnerable Software and Affected Versions Lychee versions prior to 7.5.2 Description Lychee is a free, open-source photo-management tool. Prior to version 7.5.2, the Server-Side Request Forgery SSRF protection in PhotoUrlRule.php could be bypassed using DNS rebinding. The IP validatio...

OpenClaw has an unspecified vulnerability (CNVD-2026-16389)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by attackers to bypass SSRF protection...

Streamlit 代码问题漏洞

Streamlit is an open-source data-oriented Python application development framework created by Streamlit. Versions of Streamlit prior to 1.54.0 contained code vulnerabilities. These vulnerabilities stemmed from improper validation of file system paths provided by attackers, which could lead to...

Drupal OpenID Connect / OAuth client 安全漏洞

The Drupal OpenID Connect/OAuth client is an openID connection and OAuth client provided by the Drupal company. Versions of the Drupal OpenID Connect/OAuth client prior to version 1.5.0 contained security vulnerabilities; these vulnerabilities were due to server-side request forgery, which could...

Lychee 代码问题漏洞

Lychee is a beautiful and easy-to-use photo management system developed by The Lychee Organisation. It is used for managing and sharing photos. Versions of Lychee prior to 7.5.2 had code vulnerabilities that could be exploited through DNS redirection bypasses, allowing for server-side request...

Keycloak 代码问题漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has code-related vulnerabilities; these vulnerabilities stem from incorrect handling of the clientsessionhost parameter, which may lead to server-side request forgeing attacks, thereby exposi...

pinchtab 代码问题漏洞

Pinchtab is an open-source AI proxy browser control tool developed by Pinchtab. Version 0.8.3 of Pinchtab has a code vulnerability; this vulnerability stems from insufficient validation of the delivery path provided by the scheduler’s webhook, which may lead to server-side request forgeing...

Saloon 代码问题漏洞

Saloon is a PHP open-source API integration and SDK library developed by Saloon PHP. Versions of Saloon prior to 4.0.0 had code vulnerabilities. These vulnerabilities stemmed from the fact that when constructing the request URL, if the endpoint was a valid absolute URL, the code would ignore the...

GHSA-C83F-3XP6-HFCP Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL

Impact Users providing user generated input into the resolveEndpoint method on requests. Patches Upgrade to Saloon v4+ Upgrade guide: https://docs.saloon.dev/upgrade/upgrading-from-v3-to-v4 Description When building the request URL, Saloon combined the connector's base URL with the request...

EUVD-2025-209019

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

EUVD-2026-15982

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery SSRF. This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating...

Server-side Request Forgery (SSRF)

Overview streamlit is a The fastest way to build data apps in Python Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to improper validation of filesystem paths in the ComponentRequestHandler process. An attacker can trigger outbound SMB authentication...

GHSA-7P48-42J8-8846 Unauthenticated SSRF Vulnerability in Streamlit on Windows (NTLM Credential Exposure)

Streamlit Open Source Security Advisory 1. Impacted Products Streamlit Open Source versions prior to 1.54.0 running on Windows hosts. 2. Introduction Snowflake Streamlit Open Source addressed a security vulnerability affecting Windows deployments related to improper handling and validation of...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the DownloadImage function when processing user avatar URLs from OpenID Connect authentication. An attacker can cause the server to make arbitrary HTTP requests to internal or cloud metadata endpoint...

GHSA-G9XJ-752Q-XH63 Vikjuna Bypasses Webhook SSRF Protections During OpenID Connect Avatar Download

Summary The DownloadImage function in pkg/utils/avatar.go uses a bare http.Client with no SSRF protection when downloading user avatar images from the OpenID Connect picture claim URL. An attacker who controls their OIDC profile picture URL can force the Vikunja server to make HTTP GET requests t...

EUVD-2026-14923

Vikjuna Bypasses Webhook SSRF Protections During OpenID Connect Avatar Download...

CVE-2026-1561

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery SSRF. This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating...