PT-2026-45048

Summary An authenticated Nezha dashboard user can create or update a DDNS profile with provider webhook and configure an arbitrary webhook url, HTTP method, request body, and headers. When DDNS is triggered for a server that uses that profile, the dashboard process sends the configured request wi...

CVE-2026-39965 TypeBot: SSRF via Open Redirect Bypass in HTTP Request and Code Blocks

TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl to block private IPs and cloud metadata hostnames. However, the HTTP clients ky and fetch follow 3...

CISA Security Leak

Crazy story: Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency CISA maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the...

PT-2026-38638

Name of the Vulnerable Software and Affected Versions Next.js versions 13.4.13 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description Self-hosted applications using the built-in Node.js server are subject to server-side request forgery SSRF, a condition where an attacker forces a serv...

CVE-2026-41271

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery SSRF vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests t...

CVE-2026-35548

An issue was discovered in guardsix formerly Logpoint ODBC Enrichment Plugins before 5.2.1 5.2.1 is used in guardsix 7.9.0.0. A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source,...

AI Firm Mercor Confirms Breach as Hackers Claim 4TB of Stolen Data

AI firm Mercor confirms a breach linked to a LiteLLM supply chain attack, as hackers claim to have stolen 4TB of sensitive data and internal systems...

CVE-2026-0688

The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.6.2 via the 'Tools::read' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

CVE-2026-2376

A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automatically follows redirects without verifying the final...

CVE-2026-2376

A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automatically follows redirects without verifying the final...

CVE-2026-2376

A flaw was found in mirror-registry where an authenticated user can trick the system into accessing unintended internal or restricted systems by providing malicious web addresses. When the application processes these addresses, it automatically follows redirects without verifying the final...

CVE-2026-2376

CVE-2026-2376 affects mirror-registry. The issue arises when an authenticated user supplies malicious web addresses; the application follows redirects without verifying the final destination, enabling requests to be routed to unintended internal or restricted systems. Documented impact is exposur...

PT-2026-25009

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration allowAbsoluteUrls: true...

GHSA-CWPP-325Q-2CVP Statamic Vulnerable to Server-Side Request Forgery via Glide

Impact When Glide image manipulation is used in insecure mode which is not the default, the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary URLs—either via the URL directly or via the watermark feature. That can allow access to internal...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the doHead function in the Link Check API, which performs HTTP HEAD requests to URLs extracted from email content without validating target hosts or filtering private/internal IP addresses. An attack...

PT-2026-4993

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'get audio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

USN-7976-1 node-form-data vulnerability

Ben Shonaldmann discovered that Form-data incorrectly generated boundary values for multipart form-encoded data, leading to predictable values. A remote attacker could possibly use this issue to make arbitrary requests to internal systems...

USN-7976-1: Form-Data vulnerability

Ben Shonaldmann discovered that Form-data incorrectly generated boundary values for multipart form-encoded data, leading to predictable values. A remote attacker could possibly use this issue to make arbitrary requests to internal systems...

curl: CRLF Injection in Gopher Protocol (`lib/gopher.c`)

Control characters slip through during URL handling in curl’s Gopher setup. Though null bytes get blocked by the REJECTZERO setting, returns and line feeds remain permitted. A specially built address using percent-encoded breaks - like %0D%0A - opens room for command insertion. Because of how...

httparty 代码问题漏洞

httparty is a library from the individual developer John Nunemaker. A code issue vulnerability exists in httparty version 0.23.2 and earlier, which stems from the presence of a server-side request forgery vulnerability that could lead to API key disclosure or requests to an internal server...