CVE-2026-29097 SuiteCRM Server-Side Request Forgery and Denial of Service via RSS Feed Dashlet

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions prior to 7.15.1 and 8.9.3 contain a Server-Side Request Forgery SSRF vulnerability combined with a Denial of Service DoS condition in the RSS Feed Dashlet component. Versions 7.15.1 an...

CVE-2026-29097 SuiteCRM Server-Side Request Forgery and Denial of Service via RSS Feed Dashlet

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions prior to 7.15.1 and 8.9.3 contain a Server-Side Request Forgery SSRF vulnerability combined with a Denial of Service DoS condition in the RSS Feed Dashlet component. Versions 7.15.1 an...

EUVD-2026-13322

OpenClaw versions prior to 2026.2.22 fail to consistently validate redirect chains against configured mediaAllowHosts allowlists during MSTeams media downloads. Attackers can supply or influence attachment URLs to force redirects to non-allowlisted targets, bypassing SSRF boundary controls...

CVE-2026-32019

OpenClaw (npm) is affected by CVE-2026-32019 in versions prior to 2026.2.22 due to incomplete IPv4 special-use range validation in isPrivateIpv4(), which can let SSRF bypass protections for RFC-reserved/non-global ranges via web_fetch. Exploitation requires network reachability to those special-u...

EUVD-2026-13204

Server-side request forgery ssrf in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network...

EUVD-2026-13186

Server-side request forgery ssrf in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network...

EUVD-2026-13185

Server-side request forgery ssrf in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-33321

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An Out-of-Band Server-Side...

CVE-2026-32169

Server-side request forgery ssrf in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-26139

Server-side request forgery ssrf in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-26120

Server-side request forgery ssrf in Microsoft Bing allows an unauthorized attacker to perform tampering over a network...

CVE-2026-26137

Server-side request forgery ssrf in Microsoft Exchange allows an authorized attacker to elevate privileges over a network...

CVE-2026-26139

Server-side request forgery ssrf in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-33321

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An Out-of-Band Server-Side...

CVE-2026-33321

OpenEMR is affected by CVE-2026-33321 due to an Out-of-Band Server-Side Request Forgery (OOB SSRF) in the PDF creation function. Before 8.0.0.2, users with the “Notes - my encounters” role could fill Eye Exam forms; the form answers are parsed as unescaped HTML when generating PDFs, enabling the ...

CVE-2026-33321 OpenEMR has Out-of-Band Server-Side Request Forgery (OOB SSRF)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An Out-of-Band Server-Side...

AVideo has Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to Verification Bypass

Summary A Server-Side Request Forgery SSRF vulnerability exists in plugin/Live/standAloneFiles/saveDVR.json.php. When the AVideo Live plugin is deployed in standalone mode the intended configuration for this file, the $REQUEST'webSiteRootURL' parameter is used directly to construct a URL that is...

Server-side Request Forgery (SSRF)

Overview league/commonmark is a PHP-based Markdown parser which supports the full CommonMark spec. It is based on the CommonMark JS reference implementation. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the DomainFilteringAdapter process. An attacker ca...

EUVD-2026-13120

The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery SSRF vulnerability. This issue can be exploited to make the server send requests to probe the internal network, remotely download malicious files, and perform other dangerous operations...

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the save.json.php file when user-supplied thumbnail URLs are fetched without proper validation. An attacker can access internal...