7294 matches found
📄 ZITADEL 4.7.0 Server-Side Request Forgery
This is a ZITADEL version 4.7.0 server-side request forgery proof of concept exploit written in PHP. ============================================================================================================================================= | Title : ZITADEL 4.7.0 SSRF Exploit - PHP Version | |...
PT-2026-4515
Name of the Vulnerable Software and Affected Versions YetiShare File Hosting Script version 5.1.0 Description The software contains a server-side request forgery condition that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url...
FOG code issues and vulnerabilities
FOG is an open-source computer cloning and management system developed by the FOG Project. Versions of FOG 1.5.10.1754 and earlier contained code vulnerabilities. These vulnerabilities stemmed from unvalidated server-side request forgery in the getversion.php script, which could lead to the...
Linux Distros Unpatched Vulnerability : CVE-2026-24117
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rekor is a software supply chain transparency log. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /api/v1/index/retrieve endpoint. An attacker can scan internal network resources by sending GET requests to retrieve a public key. Since only GET requests are allowed for this endpoint, it is not...
AZL-76608 CVE-2026-24117 affecting package skopeo 1.14.4-8
Rekor is a software supply chain transparency log. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because /api/v1/index/retrieve supports retrieving a public key via user-provided URL. Since the SSRF only can trigger GET requests, the request cannot mutate...
UBUNTU-CVE-2026-24117
Rekor is a software supply chain transparency log. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because /api/v1/index/retrieve supports retrieving a public key via user-provided URL. Since the SSRF only can trigger GET requests, the request cannot mutate...
CVE-2026-24117 Rekor affected by Server-Side Request Forgery (SSRF) via provided public key URL
Rekor is a software supply chain transparency log. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because /api/v1/index/retrieve supports retrieving a public key via user-provided URL. Since the SSRF only can trigger GET requests, the request cannot mutate...
GHSA-4C4X-JM2X-PF9J Rekor affected by Server-Side Request Forgery (SSRF) via provided public key URL
Summary /api/v1/index/retrieve supports retrieving a public key via a user-provided URL, allowing attackers to trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the calle...
Rekor affected by Server-Side Request Forgery (SSRF) via provided public key URL
Summary /api/v1/index/retrieve supports retrieving a public key via a user-provided URL, allowing attackers to trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the calle...
CVE-2025-64252
Server-Side Request Forgery SSRF vulnerability in Marco Milesi ANAC XML Viewer anac-xml-viewer allows Server Side Request Forgery.This issue affects ANAC XML Viewer: from n/a through = 1.8.2...
CVE-2025-56589
A Local File Inclusion LFI and a Server-Side Request Forgery SSRF vulnerability was found in the InsertFromHtmlString function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or...
CVE-2026-24381 WordPress PhotoMe theme < 5.7.2 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through 5.7.2...
CVE-2026-24381
Server-Side Request Forgery SSRF vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through 5.7.2...
CVE-2026-24381 WordPress PhotoMe theme < 5.7.2 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through 5.7.2...
CVE-2026-24360 WordPress Seriously Simple Podcasting plugin <= 3.14.1 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Server Side Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through = 3.14.1...
CVE-2026-24360
CVE-2026-24360 is an SSRF vulnerability in the WordPress plugin Seriously Simple Podcasting (formerly named Seriously Simple Podcasting by Craig Hewitt). Public data confirms this affects Seriously Simple Podcasting versions from n/a up to and including 3.14.1. The CVSS v3.1 score is 4.6 (Medium)...
CVE-2026-22482
Server-Side Request Forgery SSRF vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.This issue affects IMGspider: from n/a through = 2.3.12...
CVE-2026-22358 WordPress Electrician - Electrical Service WordPress theme <= 5.6 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through = 5.6...
CVE-2026-22358
CVE-2026-22358 is a Server-Side Request Forgery (SSRF) vulnerability affecting the WordPress theme “Electrician - Electrical Service WordPress Theme” (Electrician plugin/theme). Multiple trusted sources (Red Hat RH:CVE-2026-22358, NVD/NVD clone, EUVD) describe an SSRF condition that could enable ...