Visualizer <3.3.1 - Blind Server-Side Request Forgery

Visualizer prior to 3.3.1 suffers from a blind server-side request forgery vulnerability via the /wp-json/visualizer/v1/upload-data endpoint. id: CVE-2019-16932 info: name: Visualizer 3.3.1 - Blind Server-Side Request Forgery author: akincibor severity: critical description: | Visualizer prior to...

CVE-2026-41177

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...

CVE-2026-7798 FluentCRM <= 2.9.87 - Unauthenticated Blind Server-Side Request Forgery via 'SubscribeURL' Parameter

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.9.87 via the 'SubscribeURL' parameter. This makes it possible for...

GHSA-3R75-XC34-5F44 Crawlee for Python: SSRF via sitemap-derived URLs

Overview - Vulnerability type: Blind SSRF - Affected components: src/crawlee/utils/sitemap.py, src/crawlee/utils/robots.py, src/crawlee/requestloaders/sitemaprequestloader.py, and all built-in HTTP clients. - Trigger: an attacker-controlled sitemap or robots.txt containing a URL that points to an...

CVE-2026-43879

WWBN AVideo is an open source video platform. In versions up to and including 29.0, an authenticated user can configure their own donation-notification webhook URL to point at internal/loopback/metadata hosts e.g. http://127.0.0.1:8080/..., http://169.254.169.254/latest/..., RFC1918 addresses. Wh...

Open WebUI vulnerable to blind server side request forgery (SSRF) via the PDF generate function

Summary Blind server side request forgery SSRF via the PDF generate function. The finding resulted from a penetration test for a customer. It is suspected that the root cause of the issue lies within the core of Open WebUI, which is why it is being reported as a security issue here. Tested on Ope...

CVE-2026-39383 Gotenberg unauthenticated blind SSRF via unfiltered webhook URL

Gotenberg is an API-based document conversion tool. In version 8.29.1, an unauthenticated attacker with network access can force the server to make outbound HTTP POST requests to arbitrary internal or external destinations by supplying a crafted URL in the Gotenberg-Webhook-Url request header. Th...

CVE-2026-35527 Incus blind SSRF via image import preflight HEAD request

Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supplied URL before validating the request against project restrictions such as restricted.images.servers. The imgPostURLInfo function...

GHSA-8GW4-P4WQ-4HCV Incus has Blind SSRF via Image Import Preflight HEAD

Summary A partial implementation of our restricted.images.servers project restriction allows users in such restricted projects to still cause Incus to send HEAD requests to arbitrary endpoints. The actual image download will be rejected by the project restriction, but the ability to trigger...

CVE-2026-41461

CVE-2026-41461 affects SocialEngine ≤ 7.8.0. A blind SSRF exists in the /core/link/preview endpoint where input passed through the uri parameter is not sanitized when constructing outbound HTTP requests. Authenticated remote attackers can supply arbitrary URLs, including internal or loopback addr...

EUVD-2026-25110

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...

CVE-2026-34225

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in the functionality that allows editing an image via a prompt. The affected function performs a GET request to a user-provided U...

PT-2026-32582

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in the functionality that allows editing an image via a prompt. The affected function performs a GET request to a user-provided U...

EUVD-2026-21649

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to blind Server-Side Request Forgery in all versions up to, and including, 1.2.58. This is due to insufficient URL origin validation in the processimagecrop...

EUVD-2026-18823

prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests...

CVE-2026-22662 prompts.chat Blind SSRF via media-generate

prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests...

CVE-2026-22662

prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests...

CVE-2026-22662 prompts.chat Blind SSRF via media-generate

prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests...

CVE-2026-33081

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Versions 0.8.2 and below have a Blind SSRF vulnerability in the /download endpoint. The validateDownloadURL function only checks the initial user-supplied URL, but the embedded Chromium browser can...

CVE-2026-33081 PinchTab has Blind SSRF via browser-side redirect bypass in /download URL validation

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Versions 0.8.2 and below have a Blind SSRF vulnerability in the /download endpoint. The validateDownloadURL function only checks the initial user-supplied URL, but the embedded Chromium browser can...