CVE-2026-25765

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

CVE-2026-25765

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

CVE-2026-25765

CVE-2026-25765 affects Faraday (an HTTP client abstraction). The vulnerability arises in build_exclusive_url (lib/faraday/connection.rb) which uses URI#merge; protocol-relative URLs (e.g., //evil.com/…) override the base URL’s host, enabling potential SSRF if user-controlled input is passed to ge...

CVE-2026-0632

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...

CVE-2026-25904

The CVE-2026-25904 entry concerns Pydantic-AI MCP Run Python tool configuring the Deno sandbox in a way that allows the underlying Python code to access the host’s localhost interface, enabling SSRF. Affected component: the Deno sandbox configuration used by mcp-run-python (Pydantic-AI MCP Run Py...

Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url

Impact Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986, protocol-relative URLs e.g. //evil.com/path are treated as network-path references that override the base URL's host/authority...

CVE-2026-25123 Homarr affected by Unauthenticated SSRF / Port-Scan Primitive via widget.app.ping

Homarr is an open-source dashboard. Prior to 1.52.0, a public unauthenticated tRPC endpoint widget.app.ping accepts an arbitrary url and performs a server-side request to that URL. This allows an unauthenticated attacker to trigger outbound HTTP requests from the Homarr server, enabling SSRF...

CVE-2026-25580

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 0.0.26 to before 1.56.0, aServer-Side Request Forgery SSRF vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources,...

CVE-2026-25580 Pydantic AI Affected by Server-Side Request Forgery (SSRF) in URL Download Handling

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 0.0.26 to before 1.56.0, aServer-Side Request Forgery SSRF vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources,...

PT-2026-6846

Summary A Server-Side Request Forgery SSRF vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources, attackers can include malicious URLs that cause the server to make HTTP requests to internal network resources, potentially...

Linux Distros Unpatched Vulnerability : CVE-2025-68157

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack's HTTPS resolver HttpUriPlugin enforces...

CVE-2025-68157

Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that...

CVE-2025-68157 webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects

Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that...

CVE-2025-68157

Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that...

WordPress JSM file_get_contents() Shortcode plugin < 2.7.1 - Contributor+ SSRF vulnerability

Contributor+ SSRF vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin JSM filegetcontents Shortcode versions 2.7.1...

CVE-2026-1294

The CVE-2026-1294 issue affects the WordPress plugin All In One Image Viewer Block, version

CVE-2026-1294 All In One Image Viewer Block <= 1.0.2 - Unauthenticated Server-Side Request Forgery via image-proxy Endpoint

The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.2 due to missing authorization and URL validation on the image-proxy REST API endpoint. This makes it possible for unauthenticated attackers to make web...

Server-Side Request Forgery (SSRF)

Apache HTTP Server is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of encoded and merged slashes when AllowEncodedSlashes is enabled and MergeSlashes is disabled on Windows, which allows an attacker to exploit crafted requests or malicious content ...

CVE-2026-25511

Group-Office is vulnerable to SSRF and file read through the WOPI service discovery URL. An authenticated user in the System Administrator group can trigger SSRF to access internal hosts/ports, with the SSRF response exfiltrated via the built-in debug system, effectively enabling full server-side...

CVE-2026-22247

GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5...