CVE-2021-22255

SSRF in URL file upload in Baserow 1.1.0 allows remote authenticated users to retrieve files from the internal server network exposed over HTTP by inserting an internal address...

DEBIAN-CVE-2025-68696

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd...

CVE-2025-68696 httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd...

EUVD-2022-5449

Malicious code in bioql PyPI...

CVE-2021-25972

In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery SSRF in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read...

CVE-2024-12376

A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...

FastChat Server-Side Request Forgery vulnerability

A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...

CVE-2024-12376 Server Side Request Forgery in lm-sys/fastchat

A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...

CVE-2024-47580

An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment. By specifying the file to be an internal server file and subsequently downloading the generated PDF, the attacker can read any file on the server with no effect on integrity or...

PT-2024-27348 · Microsoft +1 · Azure Blob Storage +1

Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions 2.1.0 through 2.14.3 Description: The issue allows an attacker with a CVAT account to exploit a feature by specifying custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob...

PYSEC-2024-127

Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the SSRFPROTECTIONENABLED environment variable can be bypassed to access...

GHSA-86Q5-QCJC-7PV4 Presto JDBC Server-Side Request Forgery by nextUri

Summary Presto JDBC is vulnerable to Server-Side Request Forgery SSRF when connecting a remote Presto server. An attacker can modify the nextUri parameter to internal server in response content that Presto JDBC client will request next and view sensitive information from highly sensitive internal...

PT-2023-32996 · Unknown · Presto Jdbc

Name of the Vulnerable Software and Affected Versions: Presto JDBC affected versions not specified Description: The issue allows for Server-Side Request Forgery SSRF when connecting to a remote Presto server. An attacker can modify the nextUri parameter to point to an internal server, causing the...

PT-2023-20682 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 9.23.0 Description: Directus is a real-time API and App dashboard for managing SQL database content. It is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server via a POST...

SSRF via Plugin SMTP

Description The SMTP plugin doesn't have verification or validation, allowing the attacker to make requests to internal servers and get the contents. Reproduce 1. Go to Team & Settings 2. App Store SMTP 3. Configure and intercept Test request 4. Change Host/Port to internal address, example:...

h1-ctf: [h1-2006 2020] Chained vulnerabilities lead to account takeover

Summary Mårten Mickos lost his account for BountyPay, the new service HackerOne is using to pay bug bounties. In this report I explain how I accessed a customer's account using a log file and bypassed its 2FA validation. I then leverage an open redirect bug to gain access to an internal server an...

Node.js third-party modules: [Uppy] Internal Server side request forgery (bypass of #786956)

I would like to report Internal Server-side request forgery in Uppy It allows the attacker to easily extract information from internal servers Module module name: Uppy version:1.15.0 npm page: https://www.npmjs.com/package/uppy Module Description Uppy is a sleek, modular JavaScript file uploader...

SAP Mobile Platform XXE Information Disclosure Vulnerability (CNVD-2015-02245)

SAP Mobile Platform is an enterprise mobility platform. SAP Mobile Platform suffers from an XXE External Entity Reference vulnerability that allows remote attackers to submit special XML to send requests to an internal server to obtain sensitive information...

Apache Patch released for Reverse proxy Bypass Vulnerability

Apache Patch released forReverse proxy Bypass Vulnerability Security experts at Context have discovered a hole in the Apache web server that allows remote attackers to access internal servers. Security experts are warning firms running the Apache web server to keep up to date with the latest...

CheckPoint FW1 HTTP Security Hole

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings! A quite known proxy vulnerability was found for FW1 V4.1 SP5 plus hotfixes - thanks to Ryan Snyder for announcing the first bits on Firewall-1 mailing list. If you connect to a server you are allowed to connect to via HTTP proxy e.g. a comm...