14 matches found
CVE-2026-35461
Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, the Papra webhook system allows authenticated users to register arbitrary URLs as webhook endpoints with no validation of the destination address. The server makes outbound HTTP POST requests to registered URLs,...
CVE-2026-34719
CVE-2026-34719 affects Zammad. The vulnerability is a server-side request forgery (SSRF) in the webhook model. Before 7.0.1 and 6.5.4, the webhook validation only checked the URL scheme and hostname, missing proper validation for loopback and link-local addresses, enabling potential access to con...
Zammad 代码问题漏洞
Zammad is a ticketing management software developed by the German company Zammad. Versions of Zammad prior to 7.0.1 and 6.5.4 contained code vulnerabilities. These vulnerabilities stemmed from the Webhook model’s lack of validation for loopback addresses, which could lead to the retrieval of...
CVE-2026-33992 pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration
pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery SSRF attacks. An authenticated attacker can exploit this to access internal network service...
PT-2026-28586
Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev97 Description pyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery SSRF attacks. An authenticated attacker can exploit this to access internal network...
CVE-2026-33226
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions from 3.30.6 and prior, the REST datasource query preview endpoint POST /api/queries/preview makes server-side HTTP requests to any URL supplied by the user in fields.path with no validation. An...
CVE-2025-67743 Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service
Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service downloadservice.py makes HTTP requests using raw requests.get without utilizing the application's SSRF protection saferequests.py. This can allow...
EUVD-2021-27371
Malware in sbrugna...
CVE-2023-29010 BudiBase Server-Side Request Forgery vulnerability
Budibase is a low code platform for creating internal tools, workflows, and admin panels. Versions prior to 2.4.3 07 March 2023 are vulnerable to Server-Side Request Forgery. This can lead to an attacker gaining access to a Budibase AWS secret key. Users of Budibase cloud need to take no action...
CVE-2021-40186
The AppCheck research team identified a Server-Side Request Forgery SSRF vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In...
Server side request forgery (ssrf)
The AppCheck research team identified a Server-Side Request Forgery SSRF vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In...
CVE-2021-40186
The OpenVAS entry identifies a DNN CMS (DotNetNuke) SSRF vulnerability affecting DNN versions up to 9.11.2. The flaw enables an attacker to cause the server to perform network requests on its behalf, potentially reaching internal systems and other resources. The vulnerability is described as a se...
CVE-2021-40186 DNN CMS Server-Side Request Forgery (SSRF)
The AppCheck research team identified a Server-Side Request Forgery SSRF vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In...
Qualys Cloud Platform 2.35 New Features
This release of the Qualys Cloud Platform version 2.35 includes updates and new features for AssetView, Cloud Agent, Security Assessment Questionnaire, and Web Application Scanning, highlights as follows. Note: this post has been edited after publishing to remove the Rule-Based Method to...