PT-2026-21371

Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...

CVE-2026-27170 OpenSift: SSRF risk in URL ingestion endpoint

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Potential access/probing of private/local...

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch function in the cron webhook delivery process. An attacker can access internal or private network resources by specifying malicious webhook...

CVE-2026-25738

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to server-side request forgery. Indico makes outgoing requests to user-provides URLs in various places. This is mostly intentional and part of...

CVE-2026-27472

SPIP before 4.4.9 allows Blind Server-Side Request Forgery SSRF via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is a valid remote URL, allowing an authenticated attacker to make the server issue requests to arbitra...

CVE-2026-26337

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal...

CVE-2025-69299 WordPress Oxygen theme <= 6.0.8 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Laborator Oxygen oxygen allows Server Side Request Forgery.This issue affects Oxygen: from n/a through = 6.0.8...

CVE-2025-69299 WordPress Oxygen theme <= 6.0.8 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Laborator Oxygen oxygen allows Server Side Request Forgery.This issue affects Oxygen: from n/a through = 6.0.8...

CVE-2025-69299

CVE-2025-69299 (WordPress Oxygen theme

CVE-2026-2711

A vulnerability has been found in zhutoutoutousan worldquant-miner up to 1.0.9. The impacted element is an unknown function of the file worldquant-miner-master/agent-dify-api/core/helper/ssrfproxy.py of the component URL Handler. The manipulation of the argument makerequest leads to server-side...

CVE-2025-55853

SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery SSRF. The PDF converter function does not check if internal or external resources are requested in the uploaded files and allows for protocols such as http:// and file:///. This allows an attacker to upload an XML or HTM...

WordPress plugin Oxygen 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-26957

...

CVE-2026-26324

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, OpenClaw's SSRF protection could be bypassed using full-form IPv4-mapped IPv6 literals such as 0:0:0:0:0:ffff:7f00:1 which is 127.0.0.1. This could allow requests that should be blocked loopback / private network / link-local metada...

CVE-2025-8055

Server-Side Request Forgery SSRF vulnerability in OpenText™ XM Fax allows Server Side Request Forgery. The vulnerability could allow an attacker to perform blind SSRF to other systems accessible from the XM Fax server. This issue affects XM Fax: 24.2...

CVE-2025-8055 SSRF vulnerability have been discovered in OpenText™ XM Fax

Server-Side Request Forgery SSRF vulnerability in OpenText™ XM Fax allows Server Side Request Forgery. The vulnerability could allow an attacker to perform blind SSRF to other systems accessible from the XM Fax server. This issue affects XM Fax: 24.2...

CVE-2025-8055

OpenText XM Fax is affected by a Server-Side Request Forgery (SSRF) in version 24.2. The vulnerability permits blind SSRF to other systems reachable from the XM Fax server. The linked documents confirm the issue and affected product/version but do not provide exploitation details or a remediation...

CVE-2026-26286

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior to 1.16.0, a Server-Side Request Forgery SSRF vulnerability in the asset download endpoint allow...

CVE-2026-26286 SillyTavern has Server-Side Request Forgery (SSRF) via Asset Download Endpoint that Allows Reading Internal Services

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior to 1.16.0, a Server-Side Request Forgery SSRF vulnerability in the asset download endpoint allow...

UBUNTU-CVE-2026-27472

SPIP before 4.4.9 allows Blind Server-Side Request Forgery SSRF via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is a valid remote URL, allowing an authenticated attacker to make the server issue requests to arbitra...