40 matches found
Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing
Summary A Server-Side Request Forgery SSRF vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses gr.load to load an attacker-controlled Space, the malicious proxyurl from the config is...
Server-side Request Forgery (SSRF)
Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the gr.load function. An attacker can access internal services, cloud metadata endpoints, and private networks b...
PYSEC-2026-66
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery SSRF vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses...
CVE-2026-28416
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery SSRF vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses...
PYSEC-2026-66
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery SSRF vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses...
CVE-2026-28416 Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery SSRF vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses...
CVE-2026-28416 Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery SSRF vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses...
EUVD-2026-9084
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery SSRF vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses...
CVE-2026-28416
Gradio prior to v6.6.0 is affected by an SSRF in gr.load() via a malicious Space that causes the config-provided proxy_url to be trusted and added to the allowlist. An attacker can trigger arbitrary HTTP requests from the victim’s server to internal services, cloud metadata endpoints, and private...
CVE-2026-28416 Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery SSRF vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses...
Gradio 代码问题漏洞
Gradio is an open-source Python library developed by Google. It provides a user-friendly web interface for demonstrating machine learning models. Versions of Grradio prior to 6.6.0 had code vulnerabilities. These vulnerabilities stemmed from maliciously configured proxyurl settings, which could...
CVE-2026-1495
The vulnerability, if exploited, could allow an attacker with Event Log Reader S-1-5-32-573 privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server...
CVE-2026-1495 Insertion of Sensitive Information into Log File vulnerability in AVEVA PI to CONNECT Agent
The vulnerability, if exploited, could allow an attacker with Event Log Reader S-1-5-32-573 privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server...
Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources
Summary Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs embedded in feed entry content, including internal addresse...
EUVD-2022-24574
Malicious code in bioql PyPI...
EUVD-2024-49313
Malicious code in bioql PyPI...
CVE-2022-1239
The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the editposts capability by default contributor and above to perform SSRF attacks...
CVE-2025-47269 code-server session cookie can be extracted by having user visit specially crafted proxy URL
code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Failure to properly validate the port for a proxy request can result in proxying to a...
CVE-2024-8635 Server-Side Request Forgery (SSRF) in GitLab
A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy UR...
CVE-2024-8635 Server-Side Request Forgery (SSRF) in GitLab
A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy UR...