EUVD-2021-34813

CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. Attackers can upload SVG files containing external entity references through the browse.php endpoint to access internal service...

CVE-2021-47958 CouchCMS 2.2.1 Server-Side Request Forgery via SVG upload

CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. Attackers can upload SVG files containing external entity references through the browse.php endpoint to access internal service...

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isSSRFSafeURL process. An attacker can access internal network resources or sensitive information by exploiting DNS rebindi...

GHSA-RPJ4-7X2V-WJRF Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation

Vulnerability Details CWE-918: Server-Side Request Forgery SSRF The processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetchfileUrl directly without the IP blacklist validation that is consistently applied to all other automation steps. This allows an authenticate...

Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation

Vulnerability Details CWE-918: Server-Side Request Forgery SSRF The processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetchfileUrl directly without the IP blacklist validation that is consistently applied to all other automation steps. This allows an authenticate...

CVE-2026-42281

A flaw was found in MagicMirror². An unauthenticated remote attacker can exploit a Server-Side Request Forgery SSRF vulnerability, which allows a server to be tricked into making requests to an unintended location, in the /cors endpoint. This enables the attacker to force the MagicMirror² server ...

EUVD-2026-30548

Oinone Pamirs 7.0.0 contains an XML External Entity XXE issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML... or ViewXmlUtils.fromXML..., unsafe XML processing can lead to file disclosure or SSRF...

Open WebUI 代码问题漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 had code vulnerabilities. These vulnerabilities stemmed from the processpictureurl function, which extracted arbitrary URLs from OAuth image claims without...

Adobe Substance 3D Designer <= 15.1.0 Multiple Vulnerabilities (APSB26-52)

The version of Adobe Substance 3D Designer installed on the remote host is prior or equal to 15.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-52 advisory. - Substance3D - Designer versions 15.1.0 and earlier are affected by a Server-Side Request Forgery...

CouchCMS 代码问题漏洞

CouchCMS is an open-source content management system CMS designed for designers. Version 2.2.1 of CouchCMS has a code vulnerability caused by server-side request forgeing issues. This vulnerability could allow authenticated attackers to initiate arbitrary HTTP requests by uploading malicious SVG...

CVE-2026-39053

Oinone Pamirs 7.0.0 contains an XML External Entity XXE issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML... or ViewXmlUtils.fromXML..., unsafe XML processing can lead to file disclosure or SSRF...

Server-side Request Forgery (SSRF)

Overview @utcp/http is a HTTP utilities for UTCP Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the OpenApiConverter process. An attacker can access internal network resources and sensitive metadata endpoints by supplying a malicious OpenAPI specification...

DeepSeek TUI has SSRF‌ IPV6 bypass

Summary Although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as http://::1, the SSRF defenses do not work. Details...

Server-side Request Forgery (SSRF)

Overview deepseek-tui is an Install and run deepseek and deepseek-tui binaries from GitHub release artifacts. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchurl process. An attacker can gain unauthorized access to internal resources by supplying ...

GHSA-88GH-2526-GFRR DeepSeek TUI has SSRF‌ IPV6 bypass

Summary Although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as http://::1, the SSRF defenses do not work. Details...

GHSA-RH5X-H6PP-CJJ6 Open WebUI has a SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints (not addressed by CVE-2025-65958)

Server-Side Request Forgery SSRF Bypass via HTTP Redirect Following in Web-Fetch, Image-Load, and Chat-Completion Endpoints Summary The validateurl function in backend/openwebui/retrieval/web/utils.py only validates the initial URL submitted by the caller. The HTTP clients used downstream sync...

GHSA-8W7Q-Q5JP-JVGX Open WebUI has a Server-Side Request Forgery (SSRF) bypass in `validate_url`

Summary In the open-webui project, a parsing difference between the urlparse and requests libraries led to an SSRF bypass vulnerability. Details In the current project, URL validation is performed using the function validateurl. The current checking logic uses urlparse to parse the hostname part ...

Server-side Request Forgery (SSRF)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the pdf generate process. An attacker can cause the server to initiate arbitrary outbound HTTP requests by injecting crafted HTML, such as an tag, into user-controllable...

GHSA-F776-FP4W-266C Open WebUI vulnerable to blind server side request forgery (SSRF) via the PDF generate function

Summary Blind server side request forgery SSRF via the PDF generate function. The finding resulted from a penetration test for a customer. It is suspected that the root cause of the issue lies within the core of Open WebUI, which is why it is being reported as a security issue here. Tested on Ope...

Open WebUI Vulnerable to SSRF via OAuth Profile Picture URL in _process_picture_url (oauth.py)

Summary A Server-Side Request Forgery SSRF vulnerability exists in processpictureurl in backend/openwebui/utils/oauth.py line 1338. The function fetches arbitrary URLs from OAuth picture claims without applying validateurl, allowing an attacker to force the server to make HTTP requests to interna...