PT-2026-38305

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.6.32 Description A logical flaw in the URL checking logic allows attackers to bypass security filters, leading to Server-Side Request Forgery SSRF. The system uses the validate url function to perform security...

PT-2026-38290

Name of the Vulnerable Software and Affected Versions dssrf versions prior to 1.3.0 Description A flaw in the library allows attackers to bypass Server-Side Request Forgery SSRF protections by using various IPv6 address categories. This occurs because the is url safe function fails to properly...

PT-2026-38265

Name of the Vulnerable Software and Affected Versions New API versions 0.11.9-alpha.1 and earlier Description New API, a large language model LLM gateway and artificial intelligence AI asset management system, contains a Server-Side Request Forgery SSRF flaw. This issue occurs due to insufficient...

RHCOS 4 : OpenShift Container Platform 4.4.8 openshift (RHSA-2020:2448)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2448 advisory. - kubernetes: Server side request forgery SSRF in kube-controller-manager allows users to leak secret information CVE-2020-8555 Note that...

RHCOS 4 : OpenShift Container Platform 4.3.25 openshift (RHSA-2020:2440)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2440 advisory. - kubernetes: Server side request forgery SSRF in kube-controller-manager allows users to leak secret information CVE-2020-8555 Note that...

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isSSRFSafeURL process. An attacker can access sensitive internal resources and exfiltrate data by supplying a crafted URL...

AVideo has Blind SSRF in YPTWallet Donation Webhook via Missing isSSRFSafeURL() Check and CURLOPT_FOLLOWLOCATION Redirect Bypass

Summary An authenticated user can configure their own donation-notification webhook URL to point at internal/loopback/metadata hosts e.g. http://127.0.0.1:8080/..., http://169.254.169.254/latest/..., RFC1918 addresses. When any other user including a second account owned by the same attacker...

EUVD-2025-22851

ssrfcheck: SSRF Bypass Caused by Failure to Classify Reserved IP Address Space as Invalid...

CVE-2026-35527

Incus (pre-7.0.0) is vulnerable to a blind SSRF via image import preflight HEAD requests. An authenticated user can coerce the daemon to issue a host-originated HEAD request to a user-supplied URL before policy checks complete, exposing server metadata in headers (Incus-Server-Architectures, Incu...

requests-hardened is Vulnerable to Server-Side Request Forgery

The SSRF protection in requests-hardened prior to version 1.2.1 fails to block IP addresses within the RFC 6598 Shared Address Space 100.64.0.0/10. An attacker who can supply arbitrary URLs to requests-hardened could exploit this gap to access internal services hosted within 100.64.0.0/10. This i...

CVE-2026-33975

Twenty is an open source CRM built with NestJS Node.js. In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 addresses in URL IP literals. Node.js's URL parser normalizes IPv4-mapped IPv6 addresses to compressed hex...

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the tabs/action endpoint in browser tab action routes. An attacker can gain unauthorized access to restricted resources by sending crafted requests that bypass...

CVE-2026-43573

OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction routes. Attackers can bypass SSRF navigation guards to interact with or navigate to unauthorized targets without policy enforcement...

CVE-2026-43527

OpenClaw is affected by CVE-2026-43527: before 2026.4.14, a server-side request forgery in the browser SSRF policy allows private-network navigation by default, enabling browser-driven requests to internal services or metadata endpoints. Impact is confined to what the vendor notes; exploitability...

SUSE CVE-2026-40682

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

NPM: Axios: no_proxy bypass via IP alias allows SSRF

NPM: Axios: noproxy bypass via IP alias allows SSRF vulnerability discovered by ? in WordPress Npm axios versions = 0.31.0...

PT-2026-37258

Name of the Vulnerable Software and Affected Versions MagicMirror² versions prior to 2.36.0 Description An unauthenticated Server-Side Request Forgery SSRF exists in the '/cors' endpoint, which acts as an open HTTP proxy without authentication or URL validation. This allows remote attackers to...

PT-2026-36758

Name of the Vulnerable Software and Affected Versions pixelsock directus-mcp version 1.0.0 Description A flaw in the MCP Interface component allows for server-side request forgery SSRF, a condition where an attacker can induce the server to make requests to an unintended location. This occurs...

CVE-2026-6229

The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery (SSRF) in versions up to 1.7.1057. The root cause is insufficient validation of user-supplied URLs in render_csv_data(), which can be bypassed by including docs.google.com/spreadsheets in a query paramete...

CVE-2026-7049

The PixelYourSite Pro – Your smart PIXEL TAG Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 12.5.0.1 via the scanvideo. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating fro...