GHSA-WGM6-9RVV-3438 Withdrawn Advisory: Libredesk has a SSRF Vulnerability in Webhooks

Reconsidered - Working as designed. Update 2026-05-28 Libredesk is a single-tenant, self-hosted application. Configuring outbound webhook URLs requires an admin-only permission that is not granted by default - the operator must explicitly assign it. Anyone holding this permission already has full...

Withdrawn Advisory: Libredesk has a SSRF Vulnerability in Webhooks

Reconsidered - Working as designed. Update 2026-05-28 Libredesk is a single-tenant, self-hosted application. Configuring outbound webhook URLs requires an admin-only permission that is not granted by default - the operator must explicitly assign it. Anyone holding this permission already has full...

OpenClaw affected by SSRF in optional Tlon (Urbit) extension authentication

Summary The optional Tlon Urbit extension previously accepted a user-provided base URL for authentication and used it to construct an outbound HTTP request, enabling server-side request forgery SSRF in affected deployments. Impact This only affects deployments that have installed and configured t...

CVE-2026-22048

StorageGRID formerly StorageGRID Webscale versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID formerly Azure AD as an IdP are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an authenticated...

PT-2026-20288

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the endpoint parameter in the get items function of the GetResponse REST API handler. The endpoint's...

WordPress plugin Gutenberg Blocks with AI by Kadence WP 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

PT-2026-23551

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description The optional Tlon Urbit extension does not properly validate user-provided base URLs for authentication, leading to a server-side request forgery SSRF. This allows attackers who can influence th...

GitLab Server-Side Request Forgery (SSRF) Vulnerability

GitLab contains a server-side request forgery SSRF vulnerability when requests to the internal network for webhooks are enabled...

PT-2026-20373

Name of the Vulnerable Software and Affected Versions Libredesk versions prior to 1.0.2-0.20260215211005-727213631ce6 Description Libredesk, a self-hosted customer support desk application, is susceptible to a Server-Side Request Forgery SSRF issue in its Webhooks module. An authenticated...

CVE-2026-22048

StorageGRID formerly StorageGRID Webscale versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID formerly Azure AD as an IdP are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an authenticated...

OpenClaw has a SSRF guard bypass via full-form IPv4-mapped IPv6 (loopback / metadata reachable)

Summary OpenClaw's SSRF protection could be bypassed using full-form IPv4-mapped IPv6 literals such as 0:0:0:0:0:ffff:7f00:1 which is 127.0.0.1. This could allow requests that should be blocked loopback / private network / link-local metadata to pass the SSRF guard. - Vulnerable component: SSRF...

GHSA-WFP2-V9C7-FH79 OpenClaw affected by SSRF via attachment/media URL hydration

Summary Versions of the openclaw npm package prior to 2026.2.2 could be coerced into fetching arbitrary https URLs during attachment/media hydration. An attacker who can influence the media URL for example via model-controlled sendAttachment or auto-reply media URLs could trigger SSRF to internal...

CVE-2025-36243 Multiple Vulnerabilities in IBM Concert Software.

IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2025-36243 Multiple Vulnerabilities in IBM Concert Software.

IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

Server-side Request Forgery (SSRF)

Overview cisco-ai-skill-scanner is a Security scanner for Agent Skills packages - Detects prompt injection, data exfiltration, and malicious code Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to its APIs binding to 0.0.0.0. If the API server is enabled, ...

Server-side Request Forgery (SSRF)

Overview indico is a conference lifecycle management and meeting/lecture scheduling tool. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in isprivateurl in util/network.py. A user can access internal network resources or sensitive endpoints by supplying...

GHSA-F47C-3C5W-V7P4 Indico has Server-Side Request Forgery (SSRF) in multiple places

Impact Indico makes outgoing requests to user-provides URLs in various places. This is mostly intentional and part of Indico's functionality, but of course it is never intended to let you access "special" targets such as localhost or cloud metadata endpoints. Patches You should to update to Indic...

Indico has Server-Side Request Forgery (SSRF) in multiple places

Impact Indico makes outgoing requests to user-provides URLs in various places. This is mostly intentional and part of Indico's functionality, but of course it is never intended to let you access "special" targets such as localhost or cloud metadata endpoints. Patches You should to update to Indic...

CVE-2026-2531

A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clearfilename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The...

CVE-2026-2532

A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embeddingconfig.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initia...