CVE-2026-2393

A Server-Side Request Forgery SSRF vulnerability exists in MLflow versions prior to 3.9.0. The createwebhook function in mlflow/server/handlers.py accepts a user-controlled url parameter without validation, and the sendwebhookrequest function in mlflow/webhooks/delivery.py sends HTTP POST request...

CVE-2026-30118

CVE-2026-30118 affects scalar/astro v0.1.13. The vulnerability is a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy endpoint. Unauthenticated attackers can coerce the backend to perform HTTP requests to attacker-controlled URLs, leading to exposure of auth...

Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget

Summary ApostropheCMS contains an authenticated server-side request forgery SSRF in the rich-text widget import flow. An authenticated user who can submit/edit rich-text widget content can cause the server to fetch attacker-controlled URLs during widget validation. For image-compatible responses,...

MCP Atlassian 代码问题漏洞

MCP Atlassian is an MCP server developed by Hyeonsoo Lee, which connects AI assistants with project management tools. Versions of MCP Atlassian prior to 0.17.0 contained code vulnerabilities. These vulnerabilities stemmed from defects in the HTTP middleware and dependency injection layer,...

CVE-2026-27170 OpenSift: SSRF risk in URL ingestion endpoint

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Potential access/probing of private/local...

CVE-2026-27170 OpenSift: SSRF risk in URL ingestion endpoint

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Potential access/probing of private/local...

UBUNTU-CVE-2025-69195

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted...

Remote Code Execution (RCE)

Signal K Server is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsanitized npm version specifiers in the appstore install API, where attacker-controlled URLs or git sources can be passed to npm, allowing execution of malicious postinstall scripts when an administrator...

EUVD-2025-36688

An unauthenticated server-side request forgery SSRF vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacker to cause the server to issue HTTP requests to attacker-controlled URLs, including internal addresses. The endpoint performs a server-side GET to a...

EUVD-2022-4215

Malicious code in bioql PyPI...

Server-Side Request Forgery (SSRF)

mcp-markdownify-server is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper input validation due to the Markdownify.get function allowing attacker-controlled URLs to be fetched and their responses read via conversion tools like webpage-to-markdown,...

Arbitrary Command Execution

github.com/cli/go-gh is vulnerable to Arbitrary command execution. The vulnerability is due to unsafe handling of GitHub-provided URLs, allowing an attacker-controlled GitHub Enterprise Server to replace HTTP URLs with local file paths that could be executed on the user's machine...

GHSA-FRQ9-3HP2-XVXG Markdownify MCP Server allows Server-Side Request Forgery (SSRF) via the Markdownify.get() function

All versions of the package mcp-markdownify-server are vulnerable to Server-Side Request Forgery SSRF via the Markdownify.get function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the webpage-to-markdown, bing-search-to-markdown, and youtube-to-markdown tools to...

Exploit for CVE-2024-46982

Next.js Cache Poisoning Exploit This tool automates the detec...

New Relic: GitHub Integration doesn't sanitize repository URLs which might be attacker-controlled

New Relic's integration of Github repos had an implicit assumption that URL's for repos would not need to be sanitized. The researcher demonstrated that an attacker can return a manually configure the htmlurl value on an attacker controlled server emulating the Github API. A victim would need to...