Security Bulletin: IBM Controller is affected by vulnerabilities

Summary There are vulnerabilities in Open-Source Software OSS components used by IBM Controller. Additionally, IBM Controller is vulnerable to cross site scripting XSS and server-side request forgery SSRF vulnerabilities. Please refer to the table in the Related Information section for...

Server-side Request Forgery (SSRF)

Overview @haxtheweb/haxcms-nodejs is a HAXcms nodejs backend Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the createSite function. An attacker can access internal network resources and read arbitrary files by supplying crafted URLs or file paths to the...

CVE-2026-29226 Apache OFBiz: Low-Privilege SSRF in Content Component

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

terrascan 安全漏洞

Trenescan is an open-source infrastructure code static security analysis tool developed by Tenable. Versions of Trenescan 1.18.3 and earlier contain security vulnerabilities. These vulnerabilities stem from server-side request forgeing vulnerabilities in the external URL parsing of uploaded IaC...

PT-2026-41952

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the webhook url parameter in the file scan endpoint POST /v1/iac/iacVersion/cloud/local/file/scan when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhook url...

CVE-2026-30118

scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery SSRF in the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers to force the backend server to send HTTP requests to attacker-controlled URLs, leading to...

PT-2026-41846

Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

EUVD-2026-30948

scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery SSRF in the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers to force the backend server to send HTTP requests to attacker-controlled URLs, leading to...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via unvalidated URL processing in the OAuth2 dynamic client registration process. An attacker can access internal network resources or sensitive information by supplying malicious URLs to be fetched by t...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via unvalidated URL processing in the OAuth2 dynamic client registration process. An attacker can access internal network resources or sensitive information by supplying malicious URLs to be fetched by t...

Spring AI MCP Security: Unvalidated URL Fetching (SSRF)

Summary The mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol MCP security specifications. Specifically, it processes untrusted URLs for OAuth-related discovery and metadata without verifying if the targets are malicious or internal to...

CVE-2026-8725

A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected element is an unknown function of the file src/caal/webhooks.py of the component test-hass Endpoint. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has be...

Exploit for Server-Side Request Forgery in Vercel Next.Js

CVE-2026-44578 — Next.js WebSocket Upgrade SSRF Pre-authentic...

Server-Side Request Forgery

esm.sh is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation in the /https fetch route, where localhost and internal network protections rely on hostname string checks that can be bypassed using DNS alias domains, allowing attackers to induce...

Server-Side Request Forgery (SSRF)

github.com/centrifugal/centrifug is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of dynamic JWKS endpoint template variables, which allows an unauthenticated attacker to craft a malicious JWT with manipulated iss or aud claims to force Centrifugo t...

Server-Side Request Forgery (SSRF)

n8n-mcp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of webhook trigger tools, the n8n API client N8NAPIURL, and per-request URLs supplied through the x-n8n-url header in multi-tenant HTTP mode, which allows an authenticated attacker to send...

EUVD-2026-30648

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.11, there is a blind server side request forgery SSRF via the PDF generate function. In the PDF export, user inputs are interpreted as HTML and embedded into the PDF. According to tests...

CVE-2026-45331

CVE-2026-45331 concerns Open WebUI’s validate_url() in backend/open_webui/retrieval/web/utils.py, where a call to validators.ipv6(ip, private=True) raises a ValidationError due to the library not implementing the private keyword for IPv6. This causes IPv6 addresses to bypass the intended filter, ...

Server-side Request Forgery (SSRF)

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the req function. An attacker can access internal services and sensitive cloud metadata by leveraging HTTP redirects through an attacker-controlled server,...

Server-side Request Forgery (SSRF)

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the processUrlFile function. An attacker can access internal network resources and sensitive cloud metadata by supplying crafted URLs that target internal or...