PT-2026-20581

Name of the Vulnerable Software and Affected Versions Printful Integration for WooCommerce versions up to and including 2.2.11 Description The Printful Integration for WooCommerce plugin for WordPress is susceptible to Server-Side Request Forgery via the advanced size chart REST API endpoint...

SillyTavern 代码问题漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.16.0 had code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing in the asset download endpoint, which could allow authenticated users to make...

WordPress plugin TS Poll 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Hyland Alfresco Transformation Service 安全漏洞

The Hyland Alfresco Transformation Service is a document conversion service component provided by the American company Hyland. The Hyland Alfresco Transformation Service has a security vulnerability, which stems from absolute path traversal. This vulnerability could allow unauthenticated attacker...

Hyland Alfresco Transformation Service 安全漏洞

The Hyland Alfresco Transformation Service is a document conversion service component provided by the American company Hyland. The Hyland Alfresco Transformation Service has a security vulnerability, which stems from a server-side request forgeing vulnerability present in its document processing...

PT-2026-20877

Name of the Vulnerable Software and Affected Versions Hyland Alfresco Transformation Service affected versions not specified Description An unauthenticated attacker can perform server-side request forgery SSRF via the document processing functionality. SSRF occurs when an application makes reques...

OpenClaw 代码问题漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a server-side request forgery vulnerability. The vulnerability stems from the fact that SSRF protection can be bypassed using a full form IPv4 mapping IPv6 literal, which can be exploited by an attacke...

PT-2026-20667

Server-Side Request Forgery SSRF vulnerability in Burhan Nasir Smart Auto Upload Images smart-auto-upload-images allows Server Side Request Forgery.This issue affects Smart Auto Upload Images: from n/a through = 1.2.2...

PT-2026-20719

Server-Side Request Forgery SSRF vulnerability in KaizenCoders URL Shortify url-shortify allows Server Side Request Forgery.This issue affects URL Shortify: from n/a through = 1.12.3...

PT-2026-20851

Name of the Vulnerable Software and Affected Versions AppSheet versions prior to 2025-11-23 Description A Server-Side Request Forgery SSRF and Arbitrary File Read issue exists in AppSheet Core. An authenticated remote attacker can potentially read sensitive local files and access internal network...

WordPress plugin Extend Link 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Linux Distros Unpatched Vulnerability : CVE-2026-27472

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 4.4.9 allows Blind Server-Side Request Forgery SSRF via syndicated sites in the private area. When editing a syndicated site, the application does n...

CVE-2026-1999

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to access internal services bound to loopback or unspecified addresses, potentially disrupting background job processing, accessing administrative endpoints, metrics, and...

GHSA-X22M-J5QQ-J49M OpenClaw has two SSRF via sendMediaFeishu and markdown image fetching in Feishu extension

Summary The Feishu extension could fetch attacker-controlled remote URLs in two paths without SSRF protections: - sendMediaFeishumediaUrl - Feishu DocX markdown image URLs write/append - image processing Affected versions - = 2026.2.14 Impact If an attacker can influence tool calls directly or vi...

Hugging Face Smolagents has a Server-Side Request Forgery issue

A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the component LocalPythonExecutor. Executing a manipulation can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made...

GHSA-JXGV-6J54-WWC7 Hugging Face Smolagents has a Server-Side Request Forgery issue

A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the component LocalPythonExecutor. Executing a manipulation can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made...

CVE-2026-2654

A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the component LocalPythonExecutor. Executing a manipulation can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made...

CVE-2026-2654 huggingface smolagents LocalPythonExecutor requests.post server-side request forgery

A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the component LocalPythonExecutor. Executing a manipulation can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made...

CVE-2026-2654 huggingface smolagents LocalPythonExecutor requests.post server-side request forgery

A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the component LocalPythonExecutor. Executing a manipulation can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made...

CVE-2026-1857

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the endpoint parameter in the getitems function of the GetResponse REST API handler. The endpoint's...