Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the notifier functionality. An attacker can enumerate internal services by supplying arbitrary URLs, causing the application to send HTTP POST requests and observing UI behavior differences based on...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the notifier functionality. An attacker can enumerate internal services by supplying arbitrary URLs, causing the application to send HTTP POST requests and observing UI behavior differences based on...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the notifier functionality. An attacker can enumerate internal services by supplying arbitrary URLs, causing the application to send HTTP POST requests and observing UI behavior differences based on...

OpenNext for Cloudflare 安全漏洞

OpenNext for Cloudflare is an OpenNext open-source adapter that allows deploying Next.js applications on Cloudflare. There is a security vulnerability in OpenNext for Cloudflare, which stems from path normalization bypasses. This vulnerability may lead to server-side request forgeing and private...

PT-2026-22856

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.8 via the /ultp/v3/starter dummy post/ and /ultp/v3/starter import content/ REST API endpoints. This makes it...

WordPress plugin PostX 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress PostX plugin <= 5.0.8 - Authenticated (Administrator+) Server-Side Request Forgery via REST API Endpoints vulnerability

Authenticated Administrator+ Server-Side Request Forgery via REST API Endpoints vulnerability discovered by WordFence in WordPress Plugin PostX versions = 5.0.8...

GHSA-7QF6-H84J-8FQ4 OpenClaw: Microsoft Teams media fetch paths bypass shared SSRF guard model

Impact Microsoft Teams media handling used mixed fetch paths for Graph metadata/content and attachment auth-retry flows. Some paths bypassed the shared SSRF guard model and created inconsistent host/DNS enforcement across redirect/fetch hops. Affected Packages / Versions - Package: openclaw npm -...

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the SSRF IP classification. An attacker can access unintended network resources by supplying IPv6 multicast addresses that bypass address classificati...

OpenClaw has a IPv6 multicast SSRF classifier bypass

Summary OpenClaw's SSRF IP classifier did not treat IPv6 multicast literals ff00::/8 as blocked/private-internal. This allowed literal multicast hosts to pass SSRF preflight checks. Impact A bypass in address classification existed for IPv6 multicast literals. OpenClaw's network fetch/navigation...

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the webfetch process when environment proxy variables are configured. An attacker can access internal or private network resources by supplying...

[SECURITY] [DSA 6155-1] spip security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6155-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 03, 2026 https://www.debian.org/security/faq -...

CVE-2026-2269

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.0.0.3 via the downloadurl function. This makes it possible for authenticated attackers, with...

CVE-2026-2269 Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 7.0.0.3 - Authenticated (Administrator+) Server-Side Request Forgery to Arbitrary File Upload

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.0.0.3 via the downloadurl function. This makes it possible for authenticated attackers, with...

CVE-2026-2269 Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 7.0.0.3 - Authenticated (Administrator+) Server-Side Request Forgery to Arbitrary File Upload

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.0.0.3 via the downloadurl function. This makes it possible for authenticated attackers, with...

EUVD-2026-9272

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.0.0.3 via the downloadurl function. This makes it possible for authenticated attackers, with...

CVE-2026-2269

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.0.0.3 via the downloadurl function. This makes it possible for authenticated attackers, with...

PT-2026-22846

Trend Micro Apex Central Scheduled Update Server-Side Request Forgery Vulnerability...

PT-2026-22847

Trend Micro Apex Central Manual Update Server-Side Request Forgery Vulnerability...

PT-2026-22845

Trend Micro Apex Central Hub Server Server-Side Request Forgery Vulnerability...