CVE-2026-48858

Server-Side Request Forgery SSRF vulnerability in Erlang/OTP ftp ftpinternal module allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftpinternal:handlectrlresult/2 PASV handler mode=passive, ipfamily=inet, ftpextension=false extracts the IP address from the...

Server-side Request Forgery (SSRF)

Overview org.springframework.ws:spring-ws-core is a product of the Spring community focused on creating document-driven Web services. Spring Web Services aims to facilitate contract-first SOAP service development, allowing for the creation of flexible web services using one of the many ways to...

CVE-2026-45503

Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to disclose information over a network...

CVE-2026-45504

CVE-2026-45504 is an SSRF-based elevation of privilege in Microsoft Exchange Server . The entry notes an attacker who is authorized can elevate privileges over the network. CVSS v3.1 base score is 8.8 (HIGH) with NETWORK attack vector, LOW attack complexity, and LOW privileges required, with NONE...

CVE-2026-41854 Spring Framework Server-Side Request Forgery via UriComponentsBuilder

Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery SSRF attack. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18...

PT-2026-47973

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting XSS, a condition where malicious scripts are injected into trusted websites...

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Server-side Request Forgery CVE-2026-1180

Summary keycloak is used by the IBM Datapower Operations Dashboard as part of their IAM and SSO implementation Vulnerability Details CVEID:CVE-2026-1180 DESCRIPTION: A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using privatekeyjw...

CVE-2026-11424

A server-side request forgery SSRF vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit a request whose input is treated as a URL by the server and used to issue an outbound HTTP GET request without URL validation ...

CVE-2026-7150

A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b. This issue affects the function generatefaviconfromurl of the file src/autofavicon/server.py of the component MCP Tool. The manipulation of the argument imageurl results in server-side request forgery...

CVE-2026-49328

Server-Side Request Forgery SSRF in the UrlImageConverter component of Apache Fesod Incubating fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal or otherwise restricted resources via a user-supplied image URL. Users are recommended to upgrade to...

CVE-2025-59809

A server-side request forgery ssrf vulnerability CWE-918 vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise 7.6.0...

CVE-2026-9813

FlowIntel up to version 3.3.0 contains a server-side request forgery SSRF vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specifi...

CVE-2026-44598

With valid login credentials, URL Redirection to Untrusted Site 'Open Redirect', Server-Side Request Forgery SSRF vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended t...

CVE-2026-34207

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, SSRF protection for Webhook / HTTP Request blocks validates only the URL string, blocked hostname literals, and literal IP formats. It does not resolve DNS before allowing the request. As a result, a hostname such as ssrf-repro.examp...

CVE-2026-41055

WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in AVideo's LiveLinks proxy adds isSSRFSafeURL validation but leaves DNS TOCTOU vulnerabilities where DNS rebinding between validation and the actual HTTP request redirects traffic to internal...

CVE-2026-49372

In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible...

CVE-2026-33715

Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is accessible without authentication on fully installed instances because, unlike other AJAX endpoints, it does not include the global.inc.php file that performs...

CVE-2026-42595

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint /forms/chromium/convert/url has no default protection against HTTP/HTTPS-based SSRF. The default deny-list regex only blocks file:// URIs. An unauthenticated attacker can point...

CVE-2026-2393

A Server-Side Request Forgery SSRF vulnerability exists in MLflow versions prior to 3.9.0. The createwebhook function in mlflow/server/handlers.py accepts a user-controlled url parameter without validation, and the sendwebhookrequest function in mlflow/webhooks/delivery.py sends HTTP POST request...

CVE-2026-2264

A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery SSRF and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure configuration of the API...