EUVD-2026-11051

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A high-privileged attacker could exploit this vulnerability to manipulate...

EUVD-2026-11054

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A high-privileged attacker could exploit this vulnerability to manipulate...

CVE-2026-21294

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A high-privileged attacker could exploit this vulnerability to manipulate...

PT-2026-24558

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A high-privileged attacker could exploit this vulnerability to manipulate...

PT-2026-24679

CVE-2025-70027 An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive informati… https://t.co/0CdAjHLKpo...

CVE-2026-31829 Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including...

GHSA-7R34-79R5-RCC9 MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers

Summary An unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL by supplying two custom HTTP headers without an Authorization header. No authentication is required. The...

CVE-2026-27826 MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL b...

CVE-2026-27826 MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL b...

EUVD-2026-10690

Server-side request forgery ssrf in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network...

EUVD-2026-10451

SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery SSRF. Successful exploitation could lead to interaction with...

EUVD-2026-10450

SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery SSRF. Successful exploitation could lead to interaction with...

CVE-2026-26118

Server-side request forgery ssrf in Azure MCP Server allows an authorized attacker to elevate privileges over a network...

CVE-2026-26121

Server-side request forgery ssrf in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-26118

Server-side request forgery ssrf in Azure MCP Server allows an authorized attacker to elevate privileges over a network...

CVE-2026-26121

Server-side request forgery ssrf in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network...

Security Bulletin: Multiple vulnerabilities in IBM Aspera Orchestrator

Summary Multiple vulnerabilities were addressed in IBM Aspera Orchestrator 4.1.3 Vulnerability Details CVEID:CVE-2025-13213 DESCRIPTION: IBM Aspera Orchestrator is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to...

CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added three security flaws to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerability list is as follows - CVE-2021-22054 CVSS score: 7.5 - A server-side request forgery...

CVE-2026-24316

CVE-2026-24316 describes a Server-Side Request Forgery in SAP NetWeaver Application Server for ABAP. An ABAP Report used for testing can send HTTP requests to arbitrary internal or external endpoints, enabling interaction with potentially sensitive internal endpoints. The documented impact is low...

PT-2026-24328

Name of the Vulnerable Software and Affected Versions Azure MCP Server affected versions not specified Description An authorized attacker can exploit a server-side request forgery SSRF condition in Azure MCP Server to gain elevated privileges on a network. SSRF occurs when an application makes...