Arbitrary File Upload

httparty is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper request validation which allows an attacker to manipulate requests and access internal services or expose sensitive data such as API keys...

Server-Side Request Forgery (SSRF)

Cowrie is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the wget and curl emulation making real outbound HTTP requests without rate limiting, which allows an attacker to repeatedly trigger requests and abuse the honeypot to generate denial-of-service traffic toward...

Tiandy Video Surveillance System 代码问题漏洞

Tiandy Video Surveillance System is a video monitoring system developed by Tiandy Company in China. Version 7.17.0 of Tiandy Video Surveillance System has a code vulnerability. This vulnerability stems from improper handling of the parameter urlPath in the...

PT-2026-21514

A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a manipulation of the argument urlPath results in server-side request forgery. The attack is possible...

OpenClaw < 2026.2.14 Multiple Vulnerabilities

The version of the OpenClaw AI assistant installed on the remote host is prior to 2026.2.14. It is, therefore, affected by multiple vulnerabilities, including: - A command injection in the maintainer clawtributors updater script allowed arbitrary command execution via crafted git commit author...

JeeWMS 代码问题漏洞

JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. Version 3.7 of JeeWMS contains code vulnerabilities. These vulnerabilities stem from improper handling of the upfile parameter in the component UEditor’s file/plug-in/ueditor/jsp/getRemoteImage.jsp, which...

CVE-2026-2945

A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. The attack may be launched remotely. The exploit has bee...

CVE-2026-2945

CVE-2026-2945 concerns JeecgBoot 3.9.0, where an unknown functionality in the file path /sys/common/uploadImgByHttp is susceptible. Manipulating the argument fileUrl can trigger a server-side request forgery (SSRF), with remote exploitation reported. Public exploit availability is indicated, and ...

CVE-2026-2945

A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. The attack may be launched remotely. The exploit has bee...

CVE-2026-2945 JeecgBoot uploadImgByHttp server-side request forgery

A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. The attack may be launched remotely. The exploit has bee...

PT-2026-21430

Name of the Vulnerable Software and Affected Versions JeecgBoot version 3.9.0 Description A server-side request forgery condition exists in JeecgBoot 3.9.0. This issue is related to the file /sys/common/uploadImgByHttp. Manipulation of the fileUrl argument can lead to server-side request forgery...

JeecgBoot 代码问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Version 3.9.0 of JeecgBoot contains a code vulnerability that stems from incorrect handling of the parameter fileUrl in the file /sys/common/uploadImgByHttp. This vulnerability could le...

CVE-2026-27488

OpenClaw contains a SSRF-related issue in Cron webhook delivery. In versions up to 2026.2.17, the fetch() call in src/gateway/server-cron.ts allowed webhook targets to reach private/metadata/internal endpoints without SSRF policy checks. The issue was fixed in version 2026.2.19; upgrading to 2026...

CVE-2026-27488 OpenClaw hardened cron webhook delivery against SSRF

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, Cron webhook delivery in src/gateway/server-cron.ts uses fetch directly, so webhook targets can reach private/metadata/internal endpoints without SSRF policy checks. This issue was fixed in version 2026.2.19...

CVE-2026-27479

Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...

CVE-2026-27479 Wallos: SSRF via Redirect Bypass in Logo/Icon URL Fetch

Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...

CVE-2026-27479

Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...

CVE-2026-27479 Wallos: SSRF via Redirect Bypass in Logo/Icon URL Fetch

Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...

Server-Side Request Forgery

Indico is vulnerable to Server-Side Request Forgery. The vulnerability is due to Indico making outgoing requests to user-provided URLs in various places, where users can access special targets such as localhost or cloud metadata endpoints, and attackers can exploit this to access sensitive data...

CVE-2025-8055

Server-Side Request Forgery SSRF vulnerability in OpenText™ XM Fax allows Server Side Request Forgery. The vulnerability could allow an attacker to perform blind SSRF to other systems accessible from the XM Fax server. This issue affects XM Fax: 24.2...