Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via apiCall. An attacker can gain unauthorized access to sensitive resources and escalate privileges via malicious urlPath values that cause the system to perform Kubernetes API requests outside the...

CVE-2025-9522 Blind Server-Side Request Forgery (SSRF) in Omada Controller

Blind Server-Side Request Forgery SSRF in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information...

CVE-2021-47899 YetiShare File Hosting Script 5.1.0 Remote File Upload SSRF Vulnerability

YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the urluploadhandler endpoint to access sensitive files like /etc/passwd by...

CVE-2026-24548

Server-Side Request Forgery SSRF vulnerability in Prince Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through = 2.0.91...

PT-2026-4392

Name of the Vulnerable Software and Affected Versions Prince Radio Player versions through 2.0.91 Description A Server-Side Request Forgery SSRF vulnerability exists in Prince Radio Player. This issue allows for Server Side Request Forgery. Recommendations Update to a version later than 2.0.91...

CVE-2026-24117 Rekor affected by Server-Side Request Forgery (SSRF) via provided public key URL

Rekor is a software supply chain transparency log. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because /api/v1/index/retrieve supports retrieving a public key via user-provided URL. Since the SSRF only can trigger GET requests, the request cannot mutate...

EUVD-2026-3808

Rekor affected by Server-Side Request Forgery SSRF via provided public key URL...

CVE-2026-24360

Server-Side Request Forgery SSRF vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Server Side Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through = 3.14.1...

CVE-2025-62741

Server-Side Request Forgery SSRF vulnerability in SmartDataSoft Pool Services pool-services allows Server Side Request Forgery.This issue affects Pool Services: from n/a through = 3.3...

CVE-2025-56589

A Local File Inclusion LFI and a Server-Side Request Forgery SSRF vulnerability was found in the InsertFromHtmlString function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or...

CVE-2026-24381

CVE-2026-24381 is a SSRF in PhotoMe photome (WordPress theme/plugin) affecting PhotoMe versions before 5.7.2. Public disclosures in multiple feeds confirm an unauthenticated SSRF; Red Hat, CIRCL, NVD, and Wordfence reference this entry. The issue targets the PhotoMe photome component; remediation...

CVE-2026-24360

Server-Side Request Forgery SSRF vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Server Side Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through = 3.14.1...

CVE-2026-22482

CVE-2026-22482 describes a Server-Side Request Forgery (SSRF) in the IMGspider WordPress plugin (IMGspider/imgspider) affecting versions up to 2.3.12. Connected sources (Red Hat, CIRCL, NVD/CVE records) confirm this as an authenticated SSRF vulnerability in IMGspider, with no public patch details...

CVE-2026-22482 WordPress IMGspider plugin <= 2.3.12 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.This issue affects IMGspider: from n/a through = 2.3.12...

CVE-2026-22358

Server-Side Request Forgery SSRF vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through = 5.6...

CVE-2025-67961

CVE-2025-67961 : SSRF in the WordPress WPO365 plugin’s wpo365-login component (affecting WPO365 v1.x through = 40.0) or apply vendor-provided patch; refer to Patchstack/RedHat/CVE records for the exact patched version. If patch not yet applied in environments, monitor for updates and apply once a...

CVE-2025-64252 WordPress ANAC XML Viewer plugin <= 1.8.2 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Marco Milesi ANAC XML Viewer anac-xml-viewer allows Server Side Request Forgery.This issue affects ANAC XML Viewer: from n/a through = 1.8.2...

PT-2026-3989

Name of the Vulnerable Software and Affected Versions Apryse HTML2PDF SDK versions through 11.6.0 Description A Local File Inclusion LFI and a Server-Side Request Forgery SSRF issue exists in the InsertFromHtmlString function. These issues could allow an attacker to read local files on the server...

WordPress plugin PhotoMe has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Seriously Simple Podcasting has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...