9291 matches found
CVE-2026-55455 Appsmith: SSRF in REST API / GraphQL datasource plugins via insufficient host denylist
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the outbound HTTP host filter applied by WebClientUtils used by the REST API and GraphQL datasource plugins validates hosts against an exact-match string denylist. The comprehensive address-class check...
CVE-2026-53945
CVE-2026-53945 affects Ghost CMS: from 6.0.9 up to 6.21.1, the private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing the Ghost server to reach internal hosts through features that issue external fetches. Remediation: upgrade to Ghost 6.21.1 or later. Impact per...
CVE-2026-44016 Docling: Unsafe Playwright-based HTML Rendering
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering...
CVE-2026-57303
CVE-2026-57303 affects Jenkins Assembla Plugin 1.4 and earlier. The root cause is that the plugin’s XML parser is not configured to prevent XML external entity (XXE) attacks. This can allow an attacker who can influence the Assembla server responses to exfiltrate secrets from the Jenkins controll...
EUVD-2026-38735
Server-Side Request Forgery SSRF CWE-918 in the PDF generation endpoint GET /api/reports/id/pdf backend/main.py in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the...
CVE-2026-11370
The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'newlink' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations...
CVE-2026-12095
The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'apiurl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...
CVE-2026-11370 WP Meta SEO <= 4.5.18 - Authenticated (Contributor+) Server-Side Request Forgery via 'new_link' Parameter
The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'newlink' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations...
CVE-2026-12100
CVE-2026-12100 affects the WordPress URL Preview plugin. It is vulnerable to unauthenticated Server-Side Request Forgery via the url parameter in all versions up to and including 1.0. An unauthenticated attacker can cause the web application to issue requests to arbitrary locations from the web a...
PT-2026-52113
Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 2.1 Description The bundled Caddy reverse-proxy admin API is bound to 0.0.0.0:2019 inside the container and lacks authentication by default. Although the listener is not published to the host, it remains accessible t...
PT-2026-52163
Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.3 Description A Server-Side Request Forgery SSRF issue exists in the URL component located at src/lfx/src/lfx/components/data source/url.py. This is caused by a Time-of-Check/Time-of-Use TOCTOU race...
Gitlab -- Vulnerabilities
Gitlab reports: Cross-site Scripting issue in Analytics Dashboard impacts GitLab EE Cross-site Scripting issue in Web IDE workbench asset handler impacts GitLab CE/EE Information Disclosure issue in Duo Workflows impacts GitLab EE Authorization Bypass issue in Virtual Registry Cleanup Policy API...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the JDKFromStringDeserializer class, which constructs InetSocketAddress and resolves the hostname through DNS at deserialization time. An attacker can force the server to issue outbound DNS lookups fo...
CVE-2026-54514 jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...
CVE-2026-53755
CVE-2026-53755 affects Crawl4AI up to version 0.8.9. The Docker API server fails to apply SSRF checks to proxy addresses, allowing an unauthenticated attacker to specify a proxy pointing at an internal IP while using a valid crawl URL. This can route Chromium egress through the proxy to reach int...
CVE-2026-50221
In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...
CVE-2026-54008 Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url`
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backend/openwebui/utils/oauth.py::processpictureurl calls validateurlpictureurl on the initial URL only, then invokes aiohttp.ClientSession.getpictureurl, ... without...
WordPress WP Meta SEO plugin <= 4.5.18 - Authenticated (Contributor+) Server-Side Request Forgery vulnerability
Authenticated Contributor+ Server-Side Request Forgery vulnerability discovered by Enes Ismail - Enes in WordPress Plugin WP Meta SEO versions = 4.5.18...
CVE-2026-12774
A flaw was found in BerriAI litellm. A remote attacker could exploit a Server-Side Request Forgery SSRF vulnerability in the MCP Server Connection Testing component. This flaw, specifically within the executewithmcpclient function, allows an attacker to trick the server into making unauthorized...
PT-2026-51623
Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description A Server-Side Request Forgery SSRF issue exists in the repository migration functionality. The application validates the hostname of the initially submitted URL against a blocklist of local and...