CVE-2026-41171

Squidex is an open source headless content management system and content management hub. Versions prior to 7.23.0 have a Server-Side Request Forgery SSRF vulnerability due to missing SSRF protection on the Jint HTTP client used by scripting engine functions getJSON, request, etc.. An authenticate...

CVE-2026-41172 Squidex vulnerable to Server-Side Request Forgery (SSRF) via URL-based asset upload (/api/apps/{app}/assets)

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, an SSRF vulnerability allows a user with asset upload permission to force the server to fetch arbitrary URLs, including localhost/private network targets, and persist the response as ...

Server-side Request Forgery (SSRF)

Overview flarum/core is a simple discussion platform for your website. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the interpolation of unvalidated LESS config variables during CSS compilation. An attacker can access arbitrary files on the server or...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the POST /api/lunchflow/link endpoint, which insufficiently validates user-supplied URLs and fails to restrict access to internal or sensitive network addresses. An attacker can cause the server to...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the POST /api/lunchflow/link endpoint, which insufficiently validates user-supplied URLs and fails to restrict access to internal or sensitive network addresses. An attacker can cause the server to...

monetr: Server-side request forgery in Lunch Flow link creation and refresh

Impact A server-side request forgery SSRF vulnerability in monetr's Lunch Flow integration allowed any authenticated user on a self-hosted instance to cause the monetr server to issue HTTP GET requests to arbitrary URLs supplied by the caller, with the response body from non-200 upstream response...

USN-8199-1: OpenStack Glance vulnerabilities

Martin Kaesberger discovered that OpenStack Glance's image processing could return the contents of arbitrary files. An attacker could possibly use this issue to exfiltrate sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2024-32498 Hyeongeun Ji and Abhishek Keka...

GHSA-5FGG-JCPF-8JJW i18next-http-middleware: Prototype pollution and path traversal via user-controlled language and namespace parameters

Summary Versions of i18next-http-middleware prior to 3.9.3 pass user-controlled lng and ns parameters to two internal paths that use them in ways that enable prototype pollution and, depending on the configured backend, path traversal or SSRF. The vulnerable entry points are unauthenticated HTTP...

CVE-2026-33626

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating...

Squidex 代码问题漏洞

Squidex is an open-source content management system developed by Squidex. Versions of Squidex prior to 7.23.0 had code vulnerabilities. These vulnerabilities were caused by a server-side request forgeing issue, allowing users with asset upload permissions to force the server to obtain arbitrary...

PT-2026-34569

WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the url schema field accepts any string without protocol restriction or destination validation. Attackers who can create or modify integrations can set webhook URLs to internal network...

PT-2026-37157

Name of the Vulnerable Software and Affected Versions Flarum versions prior to 1.8.16 Flarum versions prior to 2.0.0-rc.1 Description An authenticated administrator can inject an arbitrary @import directive into the compiled forum.css file. This occurs because settings registered as LESS config...

CVE-2026-41055 AVideo has an incomplete fix for CVE-2026-33039 (SSRF)

WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in AVideo's LiveLinks proxy adds isSSRFSafeURL validation but leaves DNS TOCTOU vulnerabilities where DNS rebinding between validation and the actual HTTP request redirects traffic to internal...

CVE-2026-41055

Summary: CVE-2026-41055 (and related CVE-2026-33039) affect WWBN AVideo’s LiveLinks proxy. In versions ≤ 29.0, an incomplete fix to SSRF validation uses isSSRFSafeURL() for the initial URL but does not re-validate after DNS resolution or redirects, enabling DNS TOCTOU/ DNS rebinding between valid...

CVE-2026-5921

CVE-2026-5921 describes a server-side request forgery (SSRF) in GitHub Enterprise Server. The notebook rendering service can be reached via an open redirect chain when private mode is disabled, allowing an unauthenticated SSRF to internal services. A timing side-channel across a regex-filtered in...

CVE-2026-40566

FreeScout (versions before 1.8.213) contains an SSRF in the IMAP/SMTP connection test flow via MailboxesController. The three AJAX actions fetch_test, send_test, and imap_folders pass admin-configured in_server/in_port and out_server/out_port directly to fsockopen and to IMAP/SMTP clients without...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the loadimage and encodeimagebase64 functions in LMDeploy's vision-language module, which fetch URLs without validating whether the destination is an internal or private address. An attacker can acce...

PT-2026-34201

WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in AVideo's LiveLinks proxy adds isSSRFSafeURL validation but leaves DNS TOCTOU vulnerabilities where DNS rebinding between validation and the actual HTTP request redirects traffic to internal...

CVE-2026-35587 Glances IP Plugin has SSRF via public_api that leads to credential leakage

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery SSRF vulnerability exists in the Glances IP plugin due to improper validation of the publicapi configuration parameter. The value of publicapi is used directly in outbound HTTP...

CVE-2026-35587

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery SSRF vulnerability exists in the Glances IP plugin due to improper validation of the publicapi configuration parameter. The value of publicapi is used directly in outbound HTTP...