CVE-2026-1015

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2025-14912

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

GHSA-G66V-54V9-52PR Vikunja has SSRF via Todoist/Trello Migration File Attachment URLs that Allows Reading Internal Network Resources

Summary The migration helper functions DownloadFile and DownloadFileWithHeaders in pkg/modules/migration/helpers.go make arbitrary HTTP GET requests without any SSRF protection. When a user triggers a Todoist or Trello migration, file attachment URLs from the third-party API response are passed...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the DownloadFile and DownloadFileWithHeaders functions. An attacker can cause the server to make arbitrary HTTP requests to internal network resources by supplying crafted URLs during the migration...

CVE-2026-1015 IBM InfoSphere Information Server is vulnerable to server-side request forgery

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2026-1015

Summary: CVE-2026-1015 affects IBM InfoSphere Information Server, with a server-side request forgery (SSRF) vulnerability. Affected versions: 11.7.0.0 to 11.7.1.6. Impact: potential for an authenticated attacker to send unauthorized requests from the system, enabling network enumeration or relate...

CVE-2026-1015 IBM InfoSphere Information Server is vulnerable to server-side request forgery

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2026-1015

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2025-14912 IBM InfoSphere Information Server is vulnerable to server-side request forgery

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2026-1561

CVE-2026-1561 affects IBM WebSphere Application Server Liberty (versions 17.0.0.3 through 26.0.0.3). The flaw is a server-side request forgery (SSRF) in the samlWeb-2.0 feature that could allow a remote attacker to cause unauthorized requests from the vulnerable system (potential network enumerat...

CVE-2026-1561 IBM WebSphere Application Server Liberty Server-Side Request Forgery

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery SSRF. This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating...

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the statsURL parameter in the plugin/Live/test.php endpoint. An administrator can access sensitive internal resources and clou...

EUVD-2026-15476

Server-Side Request Forgery SSRF vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1...

CVE-2026-3216

Server-Side Request Forgery SSRF vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1...

CVE-2026-24964

CVE-2026-24964 describes a Server-Side Request Forgery (SSRF) in the WordPress plugin Contest Gallery (contest-gallery). Affected versions are up to and including 28.1.2.1 . The root cause involves improper handling/validation of outgoing requests initiated by the plugin, enabling an attacker to ...

CVE-2026-3216 Drupal Canvas - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-017

Server-Side Request Forgery SSRF vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1...

CVE-2026-3216

CVE-2026-3216 affects Drupal Canvas module prior to 1.1.1. The privilege-requiring SSRF arises when the hidden Drupal Canvas AI submodule is enabled (often via Drupal Recipes or deployment scripts) and improper sanitization of user-supplied data in messages JSON payloads is exploited. An attacker...

SUSE CVE-2026-27808

Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...

SUSE CVE-2026-27945

ZITADEL is an open source identity management platform. Zitadel Action V2 introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0 is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. Zitadel's Action target URLs...

SUSE CVE-2026-30247

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery SSRF through HTTP redirects. While the backend implements comprehensive UR...