7175 matches found
CVE-2026-30404
The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery SSRF vulnerability. This issue can be exploited to make the server send requests to probe the internal network, remotely download malicious files, and perform other dangerous operations...
USN-8111-1: OpenStack Glance vulnerability
It was discovered that OpenStack Glance was incorrectly validating the IP addresses and the redirect destination URL when downloading or importing images from a remote source. An attacker could possibly use this issue to perform server-side request forgery and obtain sensitive information...
USN-8111-1 glance vulnerability
It was discovered that OpenStack Glance was incorrectly validating the IP addresses and the redirect destination URL when downloading or importing images from a remote source. An attacker could possibly use this issue to perform server-side request forgery and obtain sensitive information...
CVE-2025-71259
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of...
CVE-2025-71258
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the searchWeb API component that allows authenticated attackers to cause the server to initiate arbitrary outbound requests. Attackers can exploit improper URL validation to...
Azure Cloud Shell Elevation of Privilege Vulnerability
Server-side request forgery ssrf in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network...
Microsoft Bing Tampering Vulnerability
Server-side request forgery ssrf in Microsoft Bing allows an unauthorized attacker to perform tampering over a network...
CVE-2025-71259
BMC FootPrints ITSM versions 20.20.02–20.24.01.001 expose a Server-Side Request Forgery (SSRF) in the /footprints/servicedesk/externalfeed/RSS endpoint via the feedUrl parameter. The flaw allows unauthenticated attackers to induce the server to make outbound requests to arbitrary URLs, potentiall...
CVE-2025-71259 BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Blind SSRF in externalfeed/RSS
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of...
CVE-2025-71259
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of...
CVE-2025-71258
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the searchWeb API component that allows authenticated attackers to cause the server to initiate arbitrary outbound requests. Attackers can exploit improper URL validation to...
Server-side Request Forgery (SSRF)
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the run function of the Scheduler plugin when the callbackURL parameter is not properly validated against internal or private...
EUVD-2026-13095
Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF Server Side Request Forgery attacks and obtain unauthorized access to local files on filesystems running the vulnerable...
CVE-2026-3511
Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF Server Side Request Forgery attacks and obtain unauthorized access to local files on filesystems running the vulnerable...
EUVD-2026-13017
OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in websearch citation redirect resolution that uses a private-network-allowing SSRF policy. An attacker who can influence citation redirect targets can trigger internal-network requests from the OpenClaw host ...
CVE-2026-31989
OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in websearch citation redirect resolution that uses a private-network-allowing SSRF policy. An attacker who can influence citation redirect targets can trigger internal-network requests from the OpenClaw host ...
CVE-2026-31989 OpenClaw < 2026.3.1 - Server-Side Request Forgery via web_search Citation Redirect
OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in websearch citation redirect resolution that uses a private-network-allowing SSRF policy. An attacker who can influence citation redirect targets can trigger internal-network requests from the OpenClaw host ...
CVE-2026-31989 OpenClaw < 2026.3.1 - Server-Side Request Forgery via web_search Citation Redirect
OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in websearch citation redirect resolution that uses a private-network-allowing SSRF policy. An attacker who can influence citation redirect targets can trigger internal-network requests from the OpenClaw host ...
CVE-2026-30404
The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery SSRF vulnerability. This issue can be exploited to make the server send requests to probe the internal network, remotely download malicious files, and perform other dangerous operations...
CVE-2026-30404
The CVE describes an SSRF vulnerability in the wgcloud v3.6.3 backend database management connection test feature. The issue allows the server to make requests to internal networks and perform dangerous operations such as remote file downloads, as stated in the NVD/NVD-derived records. Affected s...