2 matches found
CVE-2026-45561
CVE-2026-45561 affects Roxy-WI web interface (versions 8.2.6.4 and earlier) and allows SSRF via the /smon/agent/{version,uptime,status,checks}/ endpoints. The path component is passed verbatim into requests.get("http://{server_ip}:{agent_port}/...") and is only constrained by Flask’s default URL ...
Server Side Request Forgery (SSRF)
nossrf is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper hostname validation, allowing attackers to bypass the protection mechanism and access local or reserved IP addresses...