MiracleLinux 8 : idm:DL1 (AXSA:2025-11169:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11169:01 advisory. python-kdcproxy: Unauthenticated SSRF via Realm?Controlled DNS SRV CVE-2025-59088 python-kdcproxy: Remote DoS via unbounded TCP upstream buffering...

MiracleLinux 9 : python-kdcproxy-1.0.0-9.el9_7 (AXSA:2025-11449:02)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-11449:02 advisory. python-kdcproxy: Unauthenticated SSRF via Realm?Controlled DNS SRV CVE-2025-59088 python-kdcproxy: Remote DoS via unbounded TCP upstream buffering...

PT-2026-2757

CVE-2026-20958 Server-side request forgery ssrf in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network. https://t.co/27qwZPmRNM...

CVE-2026-22772

Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.5, Fulcio's metaRegex function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF on...

CVE-2026-22772 Fulcio vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass

Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.5, Fulcio's metaRegex function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF on...

GO-2026-4287 Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources in miniflux.app

Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources in miniflux.app...

GO-2026-4284 Mailpit Proxy Endpoint has Server-Side Request Forgery (SSRF) vulnerability in github.com/axllent/mailpit

Mailpit Proxy Endpoint has Server-Side Request Forgery SSRF vulnerability in github.com/axllent/mailpit...

CVE-2025-13393

CVE-2025-13393 (FIFU SSRF) : The WordPress Featured Image from URL (FIFU) plugin (versions ≤ 5.3.1) is vulnerable to Server-Side Request Forgery via the FIFU input URL parameter in the FIFU Elementor widget. Exploitation requires authenticated access at Contributor level or higher and Elementor p...

CVE-2025-13393 Featured Image from URL (FIFU) <= 5.3.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'fifu_input_url'

The Featured Image from URL FIFU plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This is due to insufficient validation of user-supplied URLs before passing them to the getimagesize function in the Elementor widget integration. This...

EUVD-2026-1844

The Featured Image from URL FIFU plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This is due to insufficient validation of user-supplied URLs before passing them to the getimagesize function in the Elementor widget integration. This...

CVE-2026-21885

Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs...

CVE-2026-22597

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

CVE-2026-22597 Ghost has SSRF via External Media Inliner

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

EUVD-2026-1427

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

Ghost 代码问题漏洞

Ghost is a hosting service of Ghost Open Source. A code issue vulnerability exists in Ghost versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, which stems from a flaw in Ghost's media inlining mechanism that could lead to data exfiltration from internal systems via a server-side request...

PT-2026-1702

Name of the Vulnerable Software and Affected Versions Featured Image from URL FIFU plugin for WordPress versions up to and including 5.3.1 Description The software contains a Server-Side Request Forgery issue due to inadequate validation of user-supplied URLs before they are passed to the...

CVE-2023-25195

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3...

CVE-2021-41586

In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password...

CVE-2021-41403

flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery vulnerabilities...

CVE-2022-38292

SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php...