CVE-2026-50887

A Server-Side Request Forgery SSRF in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internal resources via supplying a crafted longUrl...

PT-2026-49328

A Server-Side Request Forgery SSRF in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internal resources via supplying a crafted longUrl...

PT-2026-49329

An authenticated Server-Side Request Forgery SSRF in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0 allows attackers to scan internal resources via supplying a crafted URL...

CVE-2026-50886

Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request...

CVE-2026-50888

An authenticated Server-Side Request Forgery SSRF in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0 allows attackers to scan internal resources via supplying a crafted URL...

CVE-2026-50888

An authenticated Server-Side Request Forgery SSRF in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0 allows attackers to scan internal resources via supplying a crafted URL...

CVE-2026-36756

A Server-Side Request Forgery SSRF in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

CVE-2026-36759

The CVE-2026-36759 entry describes a Server-Side Request Forgery (SSRF) in halo v2.22.14 affecting the /themes/{name}/upgrade-from-uri endpoint. authenticated attackers can issue a crafted GET request to scan internal resources. The provided data includes CVSS v3.1 metrics (base score 6.5, MEDIUM...

CVE-2026-36757

A Server-Side Request Forgery SSRF in the /plugins/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

PT-2026-36118

A Server-Side Request Forgery SSRF in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...

EUVD-2026-22298

A Server-Side Request Forgery SSRF in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request...

Webkul Krayin CRM has Server-Side Request Forgery (SSRF)

A Server-Side Request Forgery SSRF in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request...

CVE-2026-38527

A Server-Side Request Forgery SSRF in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request...

PT-2026-32681

CVE-2026-38527 A Server-Side Request Forgery SSRF in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying … https://t.co/UnVbPvc3Tv...

CVE-2025-60541

A Server-Side Request Forgery SSRF in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request...

Prompt Optimizer 安全漏洞

Prompt Optimizer is a prompt word optimizer by and Alchemy Time Personal Developer. A security vulnerability exists in Prompt Optimizer versions 1.3.0 through 1.4.2, which stems from a server-side request forgery in the /api/proxy component, which could allow an attacker to scan internal resource...

CVE-2025-60541

A Server-Side Request Forgery SSRF in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request...