plunk 代码问题漏洞

Plunk is an open-source email sending and management platform developed by Plunk. Versions of Plunk prior to 0.7.0 contained code vulnerabilities. These vulnerabilities stemmed from issues with the SNS webhook handler, which had problems with server-side request forgeing attacks. This could allow...

Manga/Image Translator 代码问题漏洞

Manga/Image Translator is a text-to-image translation tool developed by zyddnys’ individual developer. Beta-0.3 and earlier versions of Manga/Image Translator had code vulnerabilities. These vulnerabilities stemmed from incorrect operations on the topilimage function in the...

CVE-2025-70027

An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information...

PT-2026-24890

A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected element is the function to pil image of the file manga-image-translator-main/server/request extraction.py of the component Translate Endpoints. This manipulation causes server-side request forgery. It is...

CVE-2025-70027

CVE-2025-70027 is linked to a Server-Side Request Forgery in the Sunbird-Ed SunbirdEd-portal v1.13.4. The connected sources identify the affected software and the attack type (SSRF) and note that attackers can obtain sensitive information. The exact root cause details, affected components beyond ...

CVE-2025-70027

An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information...

CVE-2026-31829

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including...

CVE-2026-31829 Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including...

Server-side Request Forgery (SSRF)

Overview org.webjars.npm:pdfmake is a Client/server side PDF printing in pure JavaScript Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URLResolver component. An attacker can obtain sensitive information by making crafted requests to internal or...

Server-side Request Forgery (SSRF)

Overview pdfmake is a Client/server side PDF printing in pure JavaScript Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URLResolver component. An attacker can obtain sensitive information by making crafted requests to internal or external resources...

pdfmake is vulnerable to server-side request forgery (SSRF)

Server-Side Request Forgery SSRF vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy method allowing server operato...

CVE-2026-30953 LinkAce affected by SSRF via link creation: NoPrivateIpRule not applied to LinkStoreRequest

LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL LinkRepository::create calls HtmlMeta::getFromUrl. The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-si...

Server-side Request Forgery (SSRF)

Overview mcp-atlassian is a The Model Context Protocol MCP Atlassian integration is an open-source implementation that bridges Atlassian products Jira and Confluence with AI language models following Anthropic's MCP specification. This project enables secure, contextual AI interactions with...

EUVD-2026-10689

Server-side request forgery ssrf in Azure MCP Server allows an authorized attacker to elevate privileges over a network...

Server-side Request Forgery (SSRF)

Overview Azure.Mcp is an All Azure MCP tools in a single server. The Azure MCP Server implements the MCP specification to create a seamless connection between AI agents and Azure services. Azure MCP Server can be used alone or with the GitHub Copilot for Azure extension in VS Code. Affected...

GO-2026-4631 PinchTab has SSRF with Full Response Exfiltration via Download Handler in github.com/pinchtab/pinchtab

PinchTab has SSRF with Full Response Exfiltration via Download Handler in github.com/pinchtab/pinchtab...

GO-2026-4574 ZITADEL has potential SSRF via Actions in github.com/zitadel/zitadel

ZITADEL has potential SSRF via Actions in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest...

CVE-2026-26118

Server-side request forgery ssrf in Azure MCP Server allows an authorized attacker to elevate privileges over a network...

CVE-2026-24316

SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery SSRF. Successful exploitation could lead to interaction with...

Azure MCP Server Tools Elevation of Privilege Vulnerability

Server-side request forgery ssrf in Azure MCP Server allows an authorized attacker to elevate privileges over a network...