7296 matches found
CVE-2025-62615 AutoGPT has SSRF vulnerability in ReadRSSFeedBlock
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in RSSFeedBlock, the third-party library urllib.request.urlopen is used directly to access the URL, but the inpu...
CVE-2025-62615 AutoGPT has SSRF vulnerability in ReadRSSFeedBlock
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in RSSFeedBlock, the third-party library urllib.request.urlopen is used directly to access the URL, but the inpu...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in keras-3.11.3-py3-none-any.whl
Summary IBM Watson Discovery Cartridge affected by vulnerability in keras-3.11.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-12058 DESCRIPTION: The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local...
CVE-2026-1884
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made...
CVE-2026-1884 ZenTao Webhook model.php fetchHook server-side request forgery
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made...
CVE-2026-1884 ZenTao Webhook model.php fetchHook server-side request forgery
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made...
CVE-2026-25511
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigger a full SSRF via the WOPI service discovery URL, including access to internal hosts/ports. The...
CVE-2026-25511 Group-Office is vulnerable to SSRF and File Read in WOPI service discovery
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigger a full SSRF via the WOPI service discovery URL, including access to internal hosts/ports. The...
CVE-2026-25511 Group-Office is vulnerable to SSRF and File Read in WOPI service discovery
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigger a full SSRF via the WOPI service discovery URL, including access to internal hosts/ports. The...
CVE-2026-24961
Server-Side Request Forgery SSRF vulnerability in ThemeGoods Grand Blog grandblog allows Server Side Request Forgery.This issue affects Grand Blog: from n/a through 3.1.5...
CVE-2026-22247
GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5...
UBUNTU-CVE-2026-22247
GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5...
EUVD-2026-5385
GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5...
Adobe Experience Manager ≤ 6.5.23.0 – SSRF
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass id: CVE-2025-54249 info: name: Adobe Experience Manager ≤ 6.5.23.0 – SSRF author: DhiyaneshDk,assetnote severity: medium...
Memos 0.13.2 - Server-Side Request Forgery
An SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. id: CVE-2024-29030 info: name: Memos 0.13.2 - Server-Side Request Forgery author: ritikchaddha severity: medium description: | An SSRF vulnerability exists at the /api/resource tha...
CVE-2025-46651
Tiny File Manager through 2.6 contains a server-side request forgery SSRF vulnerability in the URL upload feature. Due to insufficient validation of user-supplied URLs, an attacker can send crafted requests to localhost by using http://www.127.0.0.1.example.com/ or a similarly constructed domain...
PT-2026-6071
Name of the Vulnerable Software and Affected Versions ZenTao versions through 21.7.6-85642 Description A server-side request forgery condition exists in ZenTao. The issue is located in the fetchHook function within the module/webhook/model.php file of the Webhook Module component. This manipulati...
PT-2026-6105
Name of the Vulnerable Software and Affected Versions GLPI versions 11.0.0 through 11.0.4 Description A GLPI administrator can perform Server-Side Request Forgery SSRF requests through the Webhook feature. This allows an attacker to potentially make requests on behalf of the server, accessing...
PT-2026-6303
Name of the Vulnerable Software and Affected Versions Group-Office versions prior to 6.8.150 Group-Office versions prior to 25.0.82 Group-Office versions prior to 26.0.5 Description An authenticated user with System Administrator privileges can trigger a server-side request forgery SSRF through t...
GLPI 代码问题漏洞
GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases to manage various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...