Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 477— Search: SSRF×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
n8n-mcp Post-Auth SSRF Vulnerability and Mitigation Guide
github.com · 2026-04-10

### Vulnerability Overview This is a post-authentication Server-Side Request Forgery (SSRF) vulnerability located within the `n8n-mcp` package. An attacker possessing a valid `AUTH_TOKEN` can induce t…

Read more
Plane Platform SSRF in Favicon Fetching Analysis
github.com · 2026-04-10

# SSRF Vulnerability Summary in Plane Platform Favicon Retrieval ## Vulnerability Overview * **Vulnerability Name**: Full Read Server-Side Request Forgery (SSRF) in Favicon Fetching via Redirection * …

Read more
Sonarverse Audiostreaming Stack SSRF Vulnerability Analysis
github.com · 2026-04-10

# Sonarverse Audiostreaming Stack SSRF Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: Server-Side Request Forgery via user-controlled URLs in dashboard API client * **Severi…

Read more
SiYuan Note Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Rendering (CVE-2024-40107)
github.com · 2026-04-10

# SiYuan Note Mermaid Rendering Vulnerability Summary ## Vulnerability Overview **CVE ID**: CVE-2024-40107 **Vulnerability Name**: Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Renderi…

Read more
Praisonal Jobs API SSRF Vulnerability and Exploit PoC
github.com · 2026-04-10

### Vulnerability Overview A Server-Side Request Forgery (SSRF) vulnerability exists in the Jobs API (`/api/v1/runs` endpoint) of the `praisonal` package. This endpoint accepts a `webhook_url` paramet…

Read more
prisonaagents web_crawl SSRF and Local File Read Vulnerability
github.com · 2026-04-10

### Vulnerability Overview An SSRF (Server-Side Request Forgery) and local file read vulnerability exists in the `web_crawl` function of the `prisonaagents` tool. The function accepts arbitrary URLs f…

Read more
SSRF Vulnerability in bigsk1/openai-realtime-ui (CVE-2026-5803)
vuldb.com · 2026-04-09

### Vulnerability Overview * **CVE ID:** CVE-2026-5803 * **Vulnerability Name:** bigsk1 openai-realtime-ui API Proxy Endpoint server.js Query server-side request forgery * **Vulnerability Type:** Serv…

Read more
SSRF Fix: IP/Hostname Filtering and DNS Rebinding Protection
github.com · 2026-04-09

### Vulnerability Overview This commit addresses **SSRF (Server-Side Request Forgery)** vulnerabilities and **insecure redirection** issues present in the `/api/proxy` endpoint. Attackers could exploi…

Read more
SSRF Vulnerability in openai-realtime-ui server.js and Fix Details
github.com · 2026-04-09

### Vulnerability Overview This is a **Server-Side Request Forgery (SSRF)** vulnerability (CWE-918) present in the `server.js` component of the `openai-realtime-ui` project. * **Vulnerability Mechanis…

Read more
SSRF Fix: /api/proxy Hardening, IP Blocklist & Redirect Chain Defense
github.com · 2026-04-09

### Vulnerability Overview This Pull Request fixes an **SSRF (Server-Side Request Forgery)** vulnerability in the `/api/proxy` endpoint. Attackers can control the `url` parameter to access internal se…

Read more
Fix SSRF protection logic in fetch-guard: DNS pinning fallback when trusted proxy is unavailable
github.com · 2026-04-09

### Vulnerability Key Information Summary **1. Vulnerability Overview** This commit resolves a conflict between DNS pinning logic and Trusted Environment Proxy logic within the `fetch-guard` module. *…

Read more
SSRF via $ref Dereferencing in mcp-from-openapi
github.com · 2026-04-09

### Vulnerability Summary: SSRF via $ref Dereferencing in Untrusted OpenAPI Specifications **Vulnerability Overview** This vulnerability exists in the `mcp-from-openapi` library. When the `OpenAPITool…

Read more
LORIS Publication Module SSRF via Untrusted baseURL Input
github.com · 2026-04-09

# Vulnerability Summary: Improper Trust of User Input in Publication Module ## Vulnerability Overview A security vulnerability exists within the publication module of the LORIS system. The system erro…

Read more
WP Migrate Lite CVE-2025-11427 Unauthenticated Blind SSRF Vulnerability Analysis
research.cleantalk.org · 2026-04-09

### Vulnerability Overview * **CVE ID**: CVE-2025-11427 * **Affected Plugin**: WP Migrate Lite (Version <= 2.7.6) * **Vulnerability Type**: Unauthenticated Blind Server-Side Request Forgery (SSRF) * *…

Read more
Authenticated SSRF in WP Fastest Cache (CVE-2025-10583): Analysis and Fix
research.cleantalk.org · 2026-04-09

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **CVE ID:** CVE-2025-10583 * **Vulnerability Type:** Authenticated Server-Side Request Forgery (SSRF) * **Description:** This …

Read more
Kibana SSRF Vulnerability (CVE-2026-33458) Advisory and Mitigation
discuss.elastic.co · 2026-04-09

### Vulnerability Key Information Summary **Vulnerability Overview** * **Name:** Server-Side Request Forgery (SSRF) in Kibana One Workflow (Kibana One Workflow 中的服务器端请求伪造) * **Type:** CWE-918 - Server…

Read more
Dolibarr 23.0.2 Security Update: SSRF and File Handling Vulnerabilities Fixed
github.com · 2026-04-07

# Dolibarr 23.0.2 Security Update Summary ## Vulnerability Overview This release (23.0.2) includes multiple security fixes and permission improvements, primarily addressing the following critical vuln…

Read more
Papra <=26.3.0 Blind SSRF via Webhook URL Analysis and Fix
github.com · 2026-04-08

### Vulnerability Overview **Vulnerability Name:** Blind Server-Side Request Forgery (SSRF) via Webhook URL **Description:** Papra's webhook system allows authenticated users to register any URL as a …

Read more
ChurchCRM SSRF Vulnerability Analysis and PoC
github.com · 2026-04-08

### Vulnerability Summary: ChurchCRM SSRF Vulnerability **Vulnerability Overview** A Server-Side Request Forgery (SSRF) vulnerability exists in ChurchCRM versions 5.21.0 and earlier. Attackers can ind…

Read more
CVE-2026-15486 SSRF in text-generation-webui superbooga extension
github.com · 2026-04-08

# CWE-918 SSRF Vulnerability Summary ## Vulnerability Overview A severe Server-Side Request Forgery (SSRF) vulnerability exists in the RAG (Retrieval-Augmented Generation) functionality within the `su…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.