Security Intel Hub 478— Search: `SSRF`×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Jenkins Security Advisory 2018-07-30: Multiple Plugin Vulnerabilities (SSH Key Leak, CSRF, XSS, SSRF)

jenkins.io · 2025-11-08

This webpage screenshot provides the following key information about the vulnerability: - **Advisory ID**: Jenkins Security Advisory 2018-07-30 - **Vulnerable Plugins**: Multiple Jenkins plugins are a…

WordPress Plugin Security Audit: SQLi/XSS/CSRF/SSRF Vulnerability Analysis

plugins.trac.wordpress.org · 2025-11-07

### Critical Vulnerability Information #### 1. **Unvalidated User Input** - **Line Numbers**: Multiple - **Description**: The code contains multiple instances where user input is directly used without…

InvoicePlane SSRF Vulnerability: Unsanitized HTML in Payment Receipt PDF Rendering Leading to SSRF and Exploitation Anal

github.com · 2026-04-02

# SSRF in Payment Receipt PDF Rendering via Unsanitised HTML in Notes Field ### 漏洞概述这是一个严重的服务器端请求伪造（SSRF）漏洞。在支付收据PDF生成功能中，支付收据的Notes字段允许未清理的HTML输入。该HTML被传递到Gonf PDF渲染引擎，该引擎允许嵌入远程资源。攻击者可以利用此漏洞向内部网络发起请…

Jenkins Security Advisory: Sandbox Bypass, SSRF, CSRF in Multiple Plugins (CVE-2019-1003024)

jenkins.io · 2025-11-09

### Vulnerability Key Information #### Vulnerability Overview - **Advisory Name**: Jenkins Security Advisory 2019-02-19 - **Affected Plugins**: - Acunetix Plugin - Cloud Foundry Plugin - CloudBees CD …

forem CSRF Vulnerability (CVE-2023-27160) with SSRF Exploitation

gist.github.com · 2025-11-11

### CVE-2023-27160 - Cross Site Request Forgery (CSRF) #### Description forem up to v2022.11.11 was discovered to contain a Cross Site Request Forgery (CSRF) vulnerability via the components `/article…

SRMP3 Plugin Ajax Callback SSRF and SSL Verification Bypass Analysis

plugins.trac.wordpress.org · 2026-02-21

Key vulnerability information extracted from the screenshot: ### 1. Version Increment - **Change Description**: Version upgraded from `5.10` to `5.11`, primarily for version control and to avoid cachi…

SSRF Fix: Implementing axiosRequestDispatcher and URL Sanitization

github.com · 2025-08-28

### Key Information - **Vulnerability Type**: SSRF (Server-Side Request Forgery) - **Remediation**: Use `axiosRequestDispatcher` to prevent SSRF vulnerabilities. - **Code Changes**: - Introduced `axio…

PraisonAI SSRF via Unvalidated api_base in passthrough() Fallback

github.com · 2026-04-04

# SSRF via Unvalidated api_base in passthrough() Fallback -- PraisonAI ### 漏洞概述在 `praisonai` 包中，`passthrough()` 和 `apextranscript()` 函数接受一个未经验证的 `api_base` 参数。该参数直接与请求拼接，导致服务器端请求伪造（SSRF）和潜在的重定向攻击。攻击者…

Roundcube Webmail 1.7 RC5 Security Update: Fixes Pre-Auth File Write, SSRF, XSS, and CSRF

github.com · 2026-04-03

### Roundcube Webmail Security Update Summary **Vulnerability Overview** Roundcube Webmail has released version 1.7 RC5, addressing multiple critical security vulnerabilities reported recently. Key fi…

LangChain SSRF Vulnerability Fix: New SSRF Protection Module and RecursiveUrlLoader Hardening

github.com · 2026-02-12

### Key Information Summary #### Vulnerability Type - **SSRF (Server-Side Request Forgery)** #### Mitigation Measures - Added a new `@langchain/core/utils/ssrf` module containing URL validation utilit…

Adobe Commerce/Magento Security Advisory APSB25-26: Privilege Escalation, CSRF, and Access Control Bypass

helpx.adobe.com · 2025-04-10

### Critical Vulnerability Information #### Vulnerability Overview - **Advisory ID**: APSB25-26 - **Release Date**: April 8, 2025 - **Priority**: 2 Adobe has released security updates for Adobe Commer…

Red Hat Enterprise Linux CVE-2025-59088 Unauthenticated SSRF via DNS SRV Advisory

bugzilla.redhat.com · 2025-11-14

### Key Information - **CVE ID**: CVE-2025-59088 (Bug 2393955) - **Vulnerability Type**: Unauthenticated SSRF via Realm-Controlled DNS SRV - **Priority**: High - **Severity**: High - **Reported Date**…

WordPress Responsive Lightbox RCE/XSS/SSRF/RFI Vulnerability Analysis

plugins.trac.wordpress.org · 2026-02-25

### Vulnerability Key Information - **Source**: `responsive-lightbox/trunk/includes/class-remote-library.php` - **Last Change**: Revision 464562 by dfactory, checked in 7 days ago - **File Size**: 28.…

Analysis of RFI and SSRF vulnerabilities in PHP file handling code

github.com · 2025-11-14

### Key Vulnerability Summary #### 1. **Potential Remote File Inclusion (RFI) Risk** - **Code Line**: `$tempFile = tmpfile();` - **Description**: Temporary file is created using `tmpfile()`, but the d…

PerfreeBlog SSRF Vulnerability in uploadAttachByUrl API and Fix

github.com · 2025-10-31

### Key Information #### Vulnerability Description - **Vulnerability Type**: SSRF (Server-Side Request Forgery) - **Affected API**: `uploadAttachByUrl` - **Issue**: The API allows unauthorized SSRF at…

WordPress Plugin Vulnerabilities Summary: SSRF/XSS/RCE/SSTI

patchstack.com · 2026-04-02

### Vulnerability Key Information Summary **1. Vulnerability Overview and Scope** This page displays multiple security vulnerabilities in WordPress plugins and software within the Patchstack vulnerabi…

Fulcio SSRF via MetaIssuer Regex Bypass Analysis (CVSS 5.8)

github.com · 2026-01-20

### Key Information #### Vulnerability Overview - **Vulnerability Type**: Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass - **Severity**: Medium (CVSS: 5.8/10) - **CVE ID**: No known CV…

WordPress Plugins Vulnerability Summary: XSS, SSRF, RCE, SQLi

patchstack.com · 2026-04-02

## Vulnerability Key Information Summary ### Vulnerability Overview and Scope This page displays a list of known vulnerabilities affecting multiple WordPress plugins and software, primarily involving …

WordPress image-viewer-block Plugin SSRF/XSS Vulnerability Analysis

plugins.trac.wordpress.org · 2026-02-05

### Key Information - **Source File**: `image-viewer-block.php` version `1.0.2` - **Latest Change**: Commit `3405993` by `tomorbplugins`, 6 months ago. - **Functionality**: Interactive image mapping i…

Tiny Tiny RSS Vulnerability Analysis: XSS, SSRF, LFI (CVE-2020-25787/25788/25789)

blog.neagaru.com · 2025-12-29

## Key Vulnerability Information Summary ### 1. **Application Context** - Target Application: Tiny Tiny RSS (2020 version) - Objective: Identify and exploit security vulnerabilities --- ### 2. **Main …

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 478— Search: SSRF×

Security Intel Hub 478— Search: `SSRF`×