Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CEL-based HTTP functions. An attacker can make unauthorized network requests to internal or external resources and exfitrate sensitive information AWS IAM credentials, GCP tokens by crafting...

CVE-2026-27739

The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery SSRF vulnerability in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL...

CVE-2026-27739

The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery SSRF vulnerability in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL...

CVE-2026-27739

The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery SSRF vulnerability in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL...

CVE-2026-27739 Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline

The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery SSRF vulnerability in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL...

Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains a PHP remote file inclusion vulnerability that could allow for remote attackers to craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory...

PT-2026-2488

Name of the Vulnerable Software and Affected Versions Fortinet FortiSandbox versions 4.0 through 5.0.4 Fortinet FortiSandbox version 4.4 Fortinet FortiSandbox version 4.2 Description An authenticated attacker may be able to proxy internal requests limited to plaintext endpoints only by sending...

CVE-2025-34229 Vasion Print (formerly PrinterLogic) Blind SSRF via HP installApp.php

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a blind server-side request forgery SSRF vulnerability reachable via the /var/www/app/consolerelease/hp/installApp.php script that can be...

dify 代码注入漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A code injection vulnerability exists in dify v0.9.1 and prior versions, which stems from an internal SSRF request that could lead to code injection that could remove the entire sandbox service...

ArangoDB 代码问题漏洞

ArangoDB is a NoSQL database system from ArangoDB GmbH. A code issue vulnerability exists in ArangoDB versions v3.7.0 through v3.9.0-alpha.1, which stems from the system having a feature that downloads Foxx services from publicly available URLs, but this feature does not enforce proper filtering ...

Better Errors跨站请求伪造漏洞

Better Errors is a better, more useful error page replacing the standard Rails error page. A cross-site request forgery vulnerability exists in versions prior to Better Errors 2.8.0, which stems from the software not implementing CSRF protection for its internal requests. It also did not enforce...