CVE-2026-33407

Wallos

EUVD-2026-14928

LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems. A critical Server-Side Request Forgery SSRF vulnerability has been identified in all known existing versions of lollms-webui. The @router.post"/api/proxy" endpoint allows unauthenticated attackers to...

CVE-2026-33340

LoLLMs WEBUI (lollms-webui) contains a critical SSRF in the /api/proxy endpoint (POST) that allows unauthenticated attackers to force the server to perform arbitrary GET requests. Root cause: server-side request execution via an unauthenticated endpoint; impact includes access to internal service...

CVE-2026-33340 LoLLMs WEBUI has unauthenticated Server-Side Request Forgery (SSRF) in /api/proxy endpoint

LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems. A critical Server-Side Request Forgery SSRF vulnerability has been identified in all known existing versions of lollms-webui. The @router.post"/api/proxy" endpoint allows unauthenticated attackers to...

CVE-2026-33340 LoLLMs WEBUI has unauthenticated Server-Side Request Forgery (SSRF) in /api/proxy endpoint

LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems. A critical Server-Side Request Forgery SSRF vulnerability has been identified in all known existing versions of lollms-webui. The @router.post"/api/proxy" endpoint allows unauthenticated attackers to...

CVE-2026-33679 Vikunja has SSRF via OpenID Connect Avatar Download that Bypasses Webhook SSRF Protections

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the DownloadImage function in pkg/utils/avatar.go uses a bare http.Client with no SSRF protection when downloading user avatar images from the OpenID Connect picture claim URL. An attacker who controls their...

CVE-2026-4623

A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument url leads to...

EUVD-2026-14696

A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument url leads to...

CVE-2026-4623 DefaultFuction Jeson-Customer-Relationship-Management-System API Module System.php server-side request forgery

A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument url leads to...

CVE-2026-4623 DefaultFuction Jeson-Customer-Relationship-Management-System API Module System.php server-side request forgery

A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument url leads to...

CVE-2026-4623

A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument url leads to...

EUVD-2026-14582

OpenClaw before 2026.3.1 contains a server-side request forgery vulnerability in websearch citation redirect resolution that allows attackers to target private-network destinations. Attackers who influence citation redirect targets can trigger internal-network requests from the OpenClaw gateway...

CVE-2026-22739

Spring Cloud Config Server with native-file-system backend is vulnerable to an issue in profile substitution that can cause access to files outside configured search directories, leading to potential SSRF/unauthorized file reads. Affected lines: Spring Cloud 3.1.x before 3.1.13; 4.1.x before 4.1....

PT-2026-27304

Name of the Vulnerable Software and Affected Versions DefaultFuction Jeson-Customer-Relationship-Management-System affected versions not specified Description A security issue has been identified in the API Module component of DefaultFuction Jeson-Customer-Relationship-Management-System...

PT-2026-27496

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery SSRF. This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating...

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.2.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of SSRF protection in the migration helper functions, which could lead to server-side request forgeing...

📄 activitypub-federation-rust 0.7.1 Server-Side Request Forgery

activitypub-federation-rust versions 0.7.1 and below suffer from a server-side request forgery vulnerability. CVE-2026-33693: SSRF via 0.0.0.0 Bypass in activitypub-federation-rust v4isinvalid CVSS 6.5 Moderate Keywords: SSRF, 0.0.0.0, IP validation bypass, activitypub-federation, Lemmy, Rust,...

PT-2026-27452

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.2.1 Description Vikunja is a self-hosted task management platform. A flaw exists in the DownloadImage function within pkg/utils/avatar.go where insufficient Server-Side Request Forgery SSRF protection is applied whe...

pyLoad 访问控制错误漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev97 contained a security vulnerability related to access control. This vulnerability stemmed from the @localcheck decorator, which allowed for header spoofing by hosts, potentially allowing...

Jeson Customer Relationship Management System 代码问题漏洞

Jeson Customer Relationship Management System is a lightweight customer relationship management system developed by DefaultFunction’s individual developer. The Jeson Customer Relationship Management System has code vulnerabilities; these vulnerabilities stem from incorrect handling of parameters ...