CVE-2026-24316

SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery SSRF. Successful exploitation could lead to interaction with...

Azure MCP Server Tools Elevation of Privilege Vulnerability

Server-side request forgery ssrf in Azure MCP Server allows an authorized attacker to elevate privileges over a network...

Azure IOT Explorer Spoofing Vulnerability

Server-side request forgery ssrf in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network...

WordPress Contest Gallery plugin <= 28.1.2.1 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by lilmingwa13 in WordPress Plugin Contest Gallery versions = 28.1.2.1...

CVE-2026-25960

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. A remote attacker can exploit this Server-Side Request Forgery SSRF bypass vulnerability in the loadfromurlasync method. The flaw occurs because the URL validation and the actual HTTP request handling use...

CVE-2025-70042

An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master...

CVE-2026-3789

A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java of the component SpringAIGiteeRestController. Performing a manipulation of the argument apiUrl...

CVE-2026-3788

A security vulnerability has been detected in Bytedesk up to 1.3.9. This impacts the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpenrouterRestService.java of the component SpringAIOpenrouterRestController. Such manipulation of th...

CVE-2026-24316

SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery SSRF. Successful exploitation could lead to interaction with...

CVE-2026-24316 Server-Side Request Forgery (SSRF) in SAP NetWeaver Application Server for ABAP

SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery SSRF. Successful exploitation could lead to interaction with...

Azure MCP Server has Server-Side Request Forgery issue that allows authorized attacker to elevate privileges over a network

Server-Side Request Forgery SSRF in Azure MCP Server allows an authorized attacker to elevate privileges over a network...

Flowise 代码问题漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.0.13 contained code vulnerabilities. These vulnerabilities stemmed from HTTP nodes lacking restrictions on user-controlled URLs, which could lead to server-side...

PT-2026-24364

Name of the Vulnerable Software and Affected Versions pdfmake versions 0.3.0-beta.2 through 0.3.5 Description A Server-Side Request Forgery SSRF issue exists in the src/URLResolver.js component of pdfmake. This allows a remote attacker to potentially obtain sensitive information. The issue was...

LinkAce 代码问题漏洞

LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. LinkAce has code vulnerabilities; these vulnerabilities arise from the lack of the NoPrivateIpRule validation rule during link creation, which may lead to server-side request...

CVE-2026-26801

Server-Side Request Forgery SSRF vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy method allowing server operato...

PT-2026-24158

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server for ABAP affected versions not specified Description The software includes an ABAP Report designed for testing that enables sending HTTP requests to any internal or external endpoint. This functionality is...

SAP NetWeaver Application Server for ABAP 代码问题漏洞

SAP NetWeaver Application Server for ABAP is a core application server platform developed by the German company SAP. There is a code vulnerability in SAP NetWeaver Application Server for ABAP. This vulnerability stems from the ABAP reports used for testing, which allow sending HTTP requests to...

PT-2026-24620

Summary An unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL by supplying two custom HTTP headers without an Authorization header. No authentication is required. The...

Server-side Request Forgery (SSRF)

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via inconsistent URL parsing between the validation layer and the HTTP client in the loadfromurl and loadfromurlasy...

CVE-2026-25960

vLLM is an inference and serving engine for large language models LLMs. The SSRF protection fix for CVE-2026-24779 add in 0.15.1 can be bypassed in the loadfromurlasync method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. The SSRF fix uses...