Lucene search
K

12 matches found

EUVD
EUVD
added 2026/01/20 4:29 p.m.15 views

EUVD-2025-206301

WeasyPrint has a Server-Side Request Forgery SSRF Protection Bypass via HTTP Redirect...

7.5CVSS5.3AI score0.00501EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2026/01/20 4:29 p.m.13 views

WeasyPrint has a Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect

Summary A Server-Side Request Forgery SSRF Protection Bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata endpoints even when a developer has implemented a custom urlfetcher to block...

7.5CVSS5.8AI score0.00501EPSS
Exploits2References7Affected Software1
SUSE CVE
SUSE CVE
added 2026/01/20 12:27 a.m.9 views

SUSE CVE-2025-68616

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery SSRF protection bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata...

7.5CVSS5.6AI score0.00501EPSS
Exploits2References3
OSV
OSV
added 2026/01/19 4:15 p.m.6 views

DEBIAN-CVE-2025-68616

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery SSRF protection bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata...

7.5CVSS5.4AI score0.00501EPSS
Exploits2References1
NVD
NVD
added 2026/01/19 4:15 p.m.3 views

CVE-2025-68616

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery SSRF protection bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata...

7.5CVSS0.00501EPSS
Exploits2References5
Snyk
Snyk
added 2026/01/19 3:48 p.m.4 views

Server-side Request Forgery (SSRF)

Overview weasyprint is a The Awesome Document Factory Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the defaulturlfetcher function. An attacker can access internal network resources by exploiting automatic HTTP redirects that are not re-validated against...

7.5CVSS5.6AI score0.00501EPSS
Exploits2References2
OSV
OSV
added 2026/01/19 3:20 p.m.4 views

CVE-2025-68616 WeasyPrint Vulnerable to Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery SSRF protection bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata...

7.5CVSS5.6AI score0.00501EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2026/01/19 3:20 p.m.1 views

CVE-2025-68616 WeasyPrint Vulnerable to Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery SSRF protection bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata...

7.5CVSS5.5AI score0.00501EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/01/19 3:20 p.m.17 views

CVE-2025-68616 WeasyPrint Vulnerable to Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery SSRF protection bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata...

7.5CVSS0.00501EPSS
Exploits2References2
AlpineLinux
AlpineLinux
added 2026/01/19 3:20 p.m.5 views

CVE-2025-68616

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery SSRF protection bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata...

7.5CVSS5.6AI score0.00501EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/01/19 3:20 p.m.6 views

CVE-2025-68616

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery SSRF protection bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata...

7.5CVSS5.4AI score0.00501EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.3 views

PT-2026-3446

Name of the Vulnerable Software and Affected Versions WeasyPrint versions prior to 68.0 Description WeasyPrint is a tool used by web developers to generate PDF documents. A server-side request forgery SSRF protection bypass exists in WeasyPrint’s default url fetcher for versions prior to 68.0. Th...

7.5CVSS5.3AI score0.00501EPSS
Exploits2References22
Rows per page
Query Builder