CVE-2026-10690

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component readfile. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...

EUVD-2026-33605

A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. T...

CVE-2026-6605

A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function getbytesfromweburl of the file src/agentscope/utils/common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate the...

CVE-2026-5623

A vulnerability was identified in hcengineering Huly Platform 0.7.382. This affects an unknown part of the file server/front/src/index.ts of the component Import Endpoint. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit is publicly availabl...

CVE-2026-4907

A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. The impacted element is the function sitemap.fetch of the file /sitemap of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack is...

CVE-2026-3966

A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vulnerability is the function getDownloadFilePath of the file /src/main/java/com/genersoft/iot/vmp/media/abl/ABLMediaNodeServerService.java of the component IP Address Handler. The manipulation of the...

PT-2026-23988

Name of the Vulnerable Software and Affected Versions Bytedesk versions up to 1.3.9 Description A server-side request forgery condition exists in Bytedesk. The issue is located in the getModels function within the SpringAIOpenrouterRestController component, specifically in the file...

CVE-2025-14516

A vulnerability was found in Yalantis uCrop 2.2.11. Affected by this issue is the function downloadFile of the file com.yalantis.ucrop.task.BitmapLoadTask.java of the component URL Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. The...

CVE-2025-14004

A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of the attack is...

CVE-2025-10760

A flaw has been found in Harness 3.3.0. This impacts the function LookupRepo of the file app/api/controller/gitspace/lookuprepo.go. Executing manipulation of the argument url can lead to server-side request forgery. The attack may be launched remotely. The exploit has been published and may be...

CVE-2020-7126

A remote server-side request forgery ssrf vulnerability was discovered in Aruba Airwave Software versions: Prior to 1.3.2...

CVE-2025-2835

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched...

The vulnerability of the modDeepSecurity module in the monitoring and security management widget of Trend Micro Apex Central allows a attacker to perform an SSRF attack.

The vulnerability of the modDeepSecurity module in the monitoring panel of the Trend Micro Apex Central security management and monitoring tool is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack remotely...

The vulnerability of the modTMSL module in the monitoring and security management panel of Trend Micro Apex Central allows a attacker to perform an SSRF attack.

The vulnerability of the modTMSL module in the monitoring and security management widgets of Trend Micro Apex Central relates to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack remotely...

CVE-2022-28616

CVE-2022-28616 describes a server-side request forgery (SSRF) vulnerability in HPE OneView prior to 7.0. Affected product: HPE OneView. Root cause: unspecified in initial description, but remediation exists via a software update to resolve the vulnerability. Documents confirm a fix is provided by...

CVE-2020-7126

A remote server-side request forgery ssrf vulnerability was discovered in Aruba Airwave Software versions: Prior to 1.3.2...

Server side request forgery (ssrf)

A remote server-side request forgery ssrf vulnerability was discovered in Aruba Airwave Software versions: Prior to 1.3.2...

Mantis 0.19 Remote Server-Side Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10993/info Mantix is reportedly susceptible to a remote server-side script execution vulnerability. This vulnerability only presents itself when PHP is configured on the hosting computer with 'registerglobals = on'. When...

YaPiG 0.92 Remote Server-Side Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10891/info A vulnerability is reported to exist in YaPiG that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue exists due to a lack if sanitization of user-supplied data. It is...

Gallery 1.4.4 - Remote Server-Side Script Execution

Gallery 1.4.4 - Remote Server-Side Script Execution source: https://www.securityfocus.com/bid/10968/info A vulnerability is reported to exist in Gallery that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue is a design error that occurs due to the...