CVE-2026-42595 Gotenberg: Server-Side Request Forgery via Chromium URL Endpoint with Redirect-Based Deny-List Bypass

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint /forms/chromium/convert/url has no default protection against HTTP/HTTPS-based SSRF. The default deny-list regex only blocks file:// URIs. An unauthenticated attacker can point...

CVE-2026-42595 Gotenberg: Server-Side Request Forgery via Chromium URL Endpoint with Redirect-Based Deny-List Bypass

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint /forms/chromium/convert/url has no default protection against HTTP/HTTPS-based SSRF. The default deny-list regex only blocks file:// URIs. An unauthenticated attacker can point...

GHSA-CHWH-F6GM-R836 Gotenberg: Server-Side Request Forgery via Chromium URL Endpoint with Redirect-Based Deny-List Bypass

A review of 4 published Gotenberg security advisories exposed an SSRF issue. GHSA-pjrr-jgp4-v2fm covers SSRF via the downloadFrom endpoint. GHSA-pcrp-7g9h-7qhp covers SSRF via the webhook endpoint. Neither advisory addresses SSRF through the primary Chromium URL-to-PDF conversion endpoint...

Gotenberg: Server-Side Request Forgery via Chromium URL Endpoint with Redirect-Based Deny-List Bypass

A review of 4 published Gotenberg security advisories exposed an SSRF issue. GHSA-pjrr-jgp4-v2fm covers SSRF via the downloadFrom endpoint. GHSA-pcrp-7g9h-7qhp covers SSRF via the webhook endpoint. Neither advisory addresses SSRF through the primary Chromium URL-to-PDF conversion endpoint...

CVE-2026-7221

CVE-2026-7221 affects TencentCloudBase CloudBase-MCP (up to v2.17.0) with a vulnerability in the openUrl function (mcp/src/interactive-server.ts) of the open-url API Endpoint. Manipulating req.body.url enables server-side request forgery (SSRF) and can be exploited remotely; the exploit is public...

Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks

Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system OS commands under certain conditions. "The vulnerability allows remote unauthenticated attackers to easily...

PT-2025-44787

Name of the Vulnerable Software and Affected Versions React Native Community CLI versions 4.8.0 through 20.0.0-alpha.2 Description The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint vulnerable to...

CVE-2022-32013

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/category/index.php?view=edit=...

PT-2024-36472 · Unknown · Stirling-Pdf

Name of the Vulnerable Software and Affected Versions: Stirling-PDF version 0.35.1 Description: A Server-Side Request Forgery SSRF issue in the endpoint "http://your-server/url-to-pdf" of Stirling-PDF allows attackers to access sensitive information via a crafted request. This enables attackers t...

CVE-2024-29010

The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity XXE injection, potentially resulting in the disclosure of sensitive information. This issue affects GMS: 9.3.4 and earlier versions...

CVE-2024-29010

The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity XXE injection, potentially resulting in the disclosure of sensitive information. This issue affects GMS: 9.3.4 and earlier versions...

CVE-2023-39279

SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash...

Stack overflow

SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash...

CVE-2023-41712

SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash...

CVE-2023-39279

CVE-2023-39279 affects SonicOS, with a post-authentication Stack-Based Buffer Overflow in the getPacketReplayData.json endpoint that leads to a firewall crash. The Nessus/SonicWall PSIRT entries consolidate multiple related CVEs but this item specifically targets getPacketReplayData.json. Affecte...

CVE-2023-39279

SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash...

CVE-2023-39279

SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash...

CVE-2023-39276

CVE-2023-39276 is a post-authentication stack-based buffer overflow in SonicOS’ getBookmarkList.json endpoint that can crash affected SonicWall firewalls. The Nessus/SNWLID-2023-0012 notes this as part of multiple vulnerabilities affecting SonicOS Management Web Interface and SSLVPN Portal, with ...

CVE-2023-39276

SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash...

Server-Side Request Forgery (SSRF)

GeoNode is vulnerable to Server-Side Request Forgery SSRF. The vulnerability allows an attacker to make unauthorized requests to arbitrary hosts on an internal network via the /proxy/?url= endpoint, which could be used to steal sensitive data, launch denial-of-service attacks, or possibly execute...