1435 matches found
CVE-2026-2393
CVE-2026-2393: MLflow prior to 3.9.0 is vulnerable to SSRF via a user-controlled webhook URL. The _create_webhook() handler stores the URL without validation, and _send_webhook_request() POSTs to that URL, enabling an authenticated attacker to cause the MLflow backend to reach internal services, ...
PT-2026-39713
Open edX Platform enables the authoring and delivery of online learning at any scale. The sync provider data endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL via the metadata url POST parameter. This URL is passed directly to requests.get ...
Unity Linux 20.1060e / 20.1070e Security Update: php (UTSA-2026-017575)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017575 advisory. In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filtervar function with FILTERVALIDATEURL...
CVE-2026-44313
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery SSRF vulnerability in the fetchTitleAndHeaders function allows authenticated users to make arbitrary HTTP requests to internal...
CVE-2026-44335
CVE-2026-44335 concerns PraisonAI prior to 1.6.32 with an SSRF bypass in the URL validation logic. The vulnerability arises from a discrepancy between Python urlparse() parsing and the requests library when handling certain URLs (e.g., http://127.0.0.1:[email protected]). urlparse() may extract a publ...
CVE-2026-41905
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl but then re-validates the original URL instead of the final redirect destination. An...
CVE-2026-42259
Technical details are not publicly available in the provided Connected documents. Monitor for updates on Saltcorn CVE-2026-42259 for any vendor advisories or patches beyond the initial description.
EUVD-2026-28383
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTERFLAGNOPRIVRANGE | FILTERFLAGNORESRANGE that does not block...
Admidio 输入验证错误漏洞
Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a vulnerability related to input validation errors. This...
PT-2026-38614
Name of the Vulnerable Software and Affected Versions Cinny versions prior to 4.10.3 Description A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes can cause the victim's client to send their Matrix access token to an attacker-controlled...
GHSA-FHQ3-2GF3-8F3J misp-modules has nsafe remote resource fetching in expansion
An unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allow Server-Side Request Forgery against loopback, private, or link-local network resources. Additionally...
misp-modules has nsafe remote resource fetching in expansion
An unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allow Server-Side Request Forgery against loopback, private, or link-local network resources. Additionally...
EUVD-2026-28199
OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia and uploadGroupMedia endpoints to relay unintended requests...
Duplicate Advisory: OpenClaw: QQBot direct media upload skipped URL SSRF validation
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c4qg-j8jg-42q5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skip...
CVE-2026-44117
OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia and uploadGroupMedia endpoints to relay unintended requests...
CVE-2026-44116 OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo Photo URL Validation
OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass SSRF protection by providing malicious photo URLs to the Zalo Bot API, enabling unauthoriz...
PT-2026-38255
Name of the Vulnerable Software and Affected Versions Slider Revolution versions 7.0.0 through 7.0.10 Description Insufficient file type validation in the get media url and check file path functions allows authenticated attackers with subscriber-level access or higher to perform an Arbitrary File...
AVideo has SSRF Protection Bypass via HTTP Redirect and DNS Rebinding in isSSRFSafeURL()
Summary Two endpoints in AVideo call isSSRFSafeURL to validate user-supplied URLs, then fetch them using bare filegetcontents without disabling PHP's automatic redirect following. An attacker can supply a URL pointing to a server they control that returns a 302 redirect to an...
AVideo has Blind SSRF in YPTWallet Donation Webhook via Missing isSSRFSafeURL() Check and CURLOPT_FOLLOWLOCATION Redirect Bypass
Summary An authenticated user can configure their own donation-notification webhook URL to point at internal/loopback/metadata hosts e.g. http://127.0.0.1:8080/..., http://169.254.169.254/latest/..., RFC1918 addresses. When any other user including a second account owned by the same attacker...
PT-2026-37252
Name of the Vulnerable Software and Affected Versions Geyser versions prior to 2.9.3 Description A server-side request forgery SSRF exists in the handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the '/give' command, an attacker can cause the...