9430 matches found
BrightSign Digital Signage 8.2.26 - Server-Side Request Forgery
Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in the BrightSign digital signage media player affecting the Diagnostic Web Server DWS. The application parses user supplied data in the 'url' GET parameter to construct a diagnostics request to the Download Speed Test service...
Visualizer <3.3.1 - Blind Server-Side Request Forgery
Visualizer prior to 3.3.1 suffers from a blind server-side request forgery vulnerability via the /wp-json/visualizer/v1/upload-data endpoint. id: CVE-2019-16932 info: name: Visualizer 3.3.1 - Blind Server-Side Request Forgery author: akincibor severity: critical description: | Visualizer prior to...
PT-2026-60971
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.15.0-beta.32. This affects the function CheckSSRF/isPrivateIP of the file internal/tools/web shared.go of the component web fetch. Such manipulation leads to server-side request forgery. The attack can be launched...
CVE-2026-53727
cssparser is a Ruby CSS parser. From 2.2.0 until 3.0.0, CssParser::Parserreadremotefile in lib/cssparser/parser.rb, and therefore loaduri! and the @import-following branch of addblock!, issued HTTP and HTTPS requests against any host, port, and URI without a scheme allowlist, host or IP filtering...
CVE-2026-53727 css_parser: SSRF and Local File Disclosure in `CssParser::Parser#read_remote_file`
cssparser is a Ruby CSS parser. From 2.2.0 until 3.0.0, CssParser::Parserreadremotefile in lib/cssparser/parser.rb, and therefore loaduri! and the @import-following branch of addblock!, issued HTTP and HTTPS requests against any host, port, and URI without a scheme allowlist, host or IP filtering...
EUVD-2026-45295
oras-go is a Go library for managing OCI artifacts. Prior to 2.6.1, auth.Client follows the realm URL from a registry's WWW-Authenticate: Bearer challenge without validating the scheme or host, allowing a malicious or compromised registry to cause SSRF to internal networks such as...
CVE-2026-7754
CVE-2026-7754 affects Langflow OSS versions 1.0.0–1.10.0, where SSRF protection could be disabled by default settings, allowing an authenticated user to trigger server-side requests to arbitrary URLs (including metadata endpoints). The IBM bulletin confirms the vulnerability stems from misconfigu...
EUVD-2026-45194
Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows unauthenticated attackers to cause the server to open outbound TLS connections to arbitrary hosts and ports by supplying an unvalidated serverName parameter to the legacy media download endpoint. Attackers ca...
CVE-2026-41854
A flaw was found in Spring Framework. Due to incorrect host parsing in the UriComponentsBuilder component, applications that process externally provided URL strings may be vulnerable to a Server-Side Request Forgery SSRF attack. An SSRF attack allows an attacker to trick the server into making...
Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery
Jenkins GitHub Plugin 1.29.1 and earlier is susceptible to server-side request forgery via GitHubTokenCredentialsCreator.java, which allows attackers to leverage attacker-specified credentials IDs obtained through another method and capture the credentials stored in Jenkins. id: CVE-2018-1000600...
WordPress Canto 1.3.0 - Blind Server-Side Request Forgery
WordPress Canto plugin 1.3.0 is susceptible to blind server-side request forgery. An attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized administrative...
Oracle Weblogic - Server-Side Request Forgery
An unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services. id: CVE-2014-4210 info: name: Oracle Weblogic - Server-Side Request Forgery author:...
LiteLLM - Server-Side Request Forgery
LiteLLM vulnerable to Server-Side Request Forgery SSRF vulnerability Exposes OpenAI API Keys. id: CVE-2024-6587 info: name: LiteLLM - Server-Side Request Forgery author: pdresearch,iamnoooob,rootxharsh,lambdasawa severity: high description: | LiteLLM vulnerable to Server-Side Request Forgery SSRF...
GeoServer WPS - Server Side Request Forgery
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service WPS specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request...
Ignite Realtime Openfire <=4.4.2 - Server-Side Request Forgery
Ignite Realtime Openfire through version 4.4.2 allows attackers to send arbitrary HTTP GET requests in FaviconServlet.java, resulting in server-side request forgery. id: CVE-2019-18394 info: name: Ignite Realtime Openfire =4.4.3 to fix this vulnerability. reference: -...
CVE-2026-62214 OpenClaw < 2026.5.28 Bot Framework SSRF via serviceUrl Parameter Validation
OpenClaw versions before 2026.5.28 Bot Framework contains an improper input validation vulnerability that allows lower-trust callers to expose bot tokens and credentials by failing to properly validate serviceUrl parameters. Attackers can supply malicious serviceUrl values through configured inpu...
PT-2026-60789
Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows unauthenticated attackers to cause the server to open outbound TLS connections to arbitrary hosts and ports by supplying an unvalidated serverName parameter to the legacy media download endpoint. Attackers ca...
CVE-2026-44023 Docling Core has unsafe remote filename resolution
Docling Core defines core data types and transformations for the document processing application Docling. In versions 1.5.0 and above, prior to 2.74.1, docling-core did not sufficiently restrict remote request destinations and could resolve a server-provided Content-Disposition to a local path in...
CVE-2026-44023
Docling Core (docling-core) versions >= 1.5.0 and = 2.74.1 is recommended. If upgrading isn’t immediately possible, a workaround is to avoid passing untrusted URLs into remote fetch functionality. There is no exploitation detail in the provided documents, and no in‑the‑wild exploit information...
CVE-2026-45568 zrok Python ProxyShare can be used as an SSRF proxy through absolute URL paths
zrok is software for sharing web services, files, and network resources. Prior to 2.0.3, zrok's Python SDK ProxyShare Flask proxy route accepts an absolute URL in the request path and passes it to urllib.parse.urljoin, allowing the requested path to replace the configured target host and causing...