Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

CVE-2023-27163---Maltrail-0.53---RCE...

Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

CVE-2023-27163---SSRF-Baskets-Reques...

CVE-2025-46651

Tiny File Manager through 2.6 contains a server-side request forgery SSRF vulnerability in the URL upload feature. Due to insufficient validation of user-supplied URLs, an attacker can send crafted requests to localhost by using http://www.127.0.0.1.example.com/ or a similarly constructed domain...

CVE-2026-24961

CVE-2026-24961 is a Server-Side Request Forgery (SSRF) affecting ThemeGoods WordPress Grand Blog theme (Grand Blog) versions prior to 3.1.5, where the grandblog component is vulnerable. The root cause is SSRF in Grand Blog prior to 3.1.5, enabling an attacker to trigger requests from the server. ...

CVE-2026-24961 WordPress Grand Blog theme < 3.1.5 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in ThemeGoods Grand Blog grandblog allows Server Side Request Forgery.This issue affects Grand Blog: from n/a through 3.1.5...

EUVD-2026-5223

Server-Side Request Forgery SSRF vulnerability in ThemeGoods Grand Blog grandblog allows Server Side Request Forgery.This issue affects Grand Blog: from n/a through 3.1.5...

CVE-2025-46651

Tiny File Manager through 2.6 contains a server-side request forgery SSRF vulnerability in the URL upload feature. Due to insufficient validation of user-supplied URLs, an attacker can send crafted requests to localhost by using http://www.127.0.0.1.example.com/ or a similarly constructed domain...

PT-2026-6514

Mailpit has a Server-Side Request Forgery SSRF via HTML Check API in github.com/axllent/mailpit...

PT-2026-6226

Name of the Vulnerable Software and Affected Versions Grand Blog versions prior to 3.1.5 Description A Server-Side Request Forgery SSRF issue exists in ThemeGoods Grand Blog. This allows for Server Side Request Forgery. Recommendations Update Grand Blog to version 3.1.5 or later...

CVE-2025-46651

Tiny File Manager through 2.6 contains a server-side request forgery SSRF vulnerability in the URL upload feature. Due to insufficient validation of user-supplied URLs, an attacker can send crafted requests to localhost by using http://www.127.0.0.1.example.com/ or a similarly constructed domain...

PT-2026-6516

SiYuan vulnerable to Arbitrary file Read / SSRF in github.com/siyuan-note/siyuan/kernel...

Tiny File Manager 安全漏洞

Tiny File Manager is a web-based open-source file manager developed by Prasath Mani. Versions of Tiny File Manager 2.6 and earlier had security vulnerabilities. These vulnerabilities stemmed from insufficient URL validation in the URL upload function, which could lead to server-side request...

CVE-2025-46651

CVE-2025-46651 affects Tiny File Manager up to version 2.6, where a server-side request forgery (SSRF) exists in the URL upload feature due to insufficient validation of user-supplied URLs. An attacker can craft requests to localhost (e.g., via domains like http://www.127.0.0.1.example.com/), pot...

Server-side Request Forgery (SSRF)

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via insufficient validation of the backchannelclientnotificationendpoint,...

CVE-2026-1518

A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services. Mitigation To mitigate this issue, restrict administrative access to Keycloak instances. Ensure that only...

CVE-2026-1518 Keycloak: blind server-side request forgery (ssrf) via ciba backchannel notification endpoint in keycloak

A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services...

Sonatype Nexus Repository vulnerable to server-side request forgery

Overview Nexus Repository provided by Sonatype contains the following vulnerability. Server-side request forgery CWE-918 - CVE-2026-0600 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...

WordPress Featured Image from URL (FIFU) plugin <= 5.3.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'fifu_input_url' vulnerability

Authenticated Contributor+ Server-Side Request Forgery via 'fifuinputurl' vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Featured Image from URL versions = 5.3.1...

CVE-2026-24902

TrustTunnel is an open-source VPN protocol with a server-side request forgery and and private network restriction bypass in versions prior to 0.9.114. In tcpforwarder.rs, SSRF protection for allowprivatenetworkconnections = false was only applied in the TcpDestination::HostNamepeer path. The...

CVE-2026-24902

TrustTunnel is an open-source VPN protocol with a server-side request forgery and and private network restriction bypass in versions prior to 0.9.114. In tcpforwarder.rs, SSRF protection for allowprivatenetworkconnections = false was only applied in the TcpDestination::HostNamepeer path. The...