Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 477— Search: SSRF×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Fix SSRF & Credential Leakage in fourclement Poll.at status polling
github.com · 2026-04-04

### Key Vulnerability Information Summary **Vulnerability Overview** * **Type**: SSRF (Server-Side Request Forgery) and Credential Leakage. * **Description**: A vulnerability in the `fourclement` modu…

Read more
SSRF in PraisonAI praisonagents FileTools.download_file via Unvalidated URL
github.com · 2026-04-04

# SSRF in FileTools.download_file() via Unvalidated URL -- PraisonAI ### Summary This is an SSRF (Server-Side Request Forgery) vulnerability in the `FileTools.download_file()` function within the `pra…

Read more
Casdoor v2.356.0 Webhook SSRF Vulnerability Analysis
vuldb.com · 2026-04-03

### Vulnerability Key Information Summary **Vulnerability Overview** * **Vulnerability Name**: Casdoor v2.356.0 Server-Side Request Forgery (SSRF) * **Vulnerability Type**: Webhook SSRF (Server-Side R…

Read more
Casdoor 2.356.0 Webhook URL SSRF Vulnerability Analysis
vuldb.com · 2026-04-03

### 漏洞总结:CASDOOR 2.356.0 Webhook URL SSRF **漏洞概述** * **漏洞名称:** CASDOOR 2.356.0 Webhook URL Server-Side Request Forgery (SSRF) * **CVE编号:** CVE-2026-5469 (注:截图中显示年份为2026年,疑似虚构或未来占位) * **严重程度:** Critica…

Read more
huimeicloud hmEditor 2.2.3 SSRF Vulnerability Analysis
vuldb.com · 2026-04-03

### Vulnerability Summary **Vulnerability Overview** * **Vulnerability Title**: huimeicloud hmEditor 2.2.3 Server-Side Request Forgery (SSRF) * **Vulnerability Type**: Server-Side Request Forgery (SSR…

Read more
FastMCP OpenAPI Provider SSRF & Path Traversal Vulnerability Analysis
github.com · 2026-04-03

# SSRF & Path Traversal Vulnerability in FastMCP OpenAPI Provider ## 漏洞概述 * **漏洞名称:** SSRF & Path Traversal Vulnerability in FastMCP OpenAPI Provider * **严重性:** Critical (严重) * **CVSS 评分:** 9.8 * **描述…

Read more
Prometheus SSRF Path Traversal Fix (GHSA-wvq-7j5c-7h27)
github.com · 2026-04-03

* **Vulnerability Overview:** This is a fix for an SSRF (Server-Side Request Forgery) path traversal vulnerability.

Read more
CVE-2024-5346: Huimeicloud HM Editor SSRF in client.get
vuldb.com · 2026-04-03

### 漏洞总结:CVE-2024-5346 **漏洞概述** * **漏洞名称:** Huimeicloud HM Editor Image-to-Base64 Endpoint SSRF * **CVE编号:** CVE-2024-5346 * **CVSS评分:** 6.6 (Critical) * **漏洞类型:** 服务器端请求伪造 (SSRF) * **受影响组件:** `huimei…

Read more
Debian L4J Startscript SQL Injection and SSRF Vulnerability Analysis
vuldb.com · 2026-04-03

Based on the webpage screenshot provided by the user, I extracted the following key vulnerability information: 1. **Vulnerability Summary**: * **Vulnerability Name**: Debian SQL Injection via L4J Star…

Read more
SQLbot <=1.6.0 SSRF via Unvalidated Elasticsearch Host Parameter
www.notion.so · 2026-04-03

# SQLbot SSRF Vulnerability Summary ### Vulnerability Description SQLbot is an intelligent data querying system based on large language models and RAG. In the `backend/apps/ai/es_engine.py` file, the …

Read more
SilkyWann <1.16.0 SSRF via Incomplete IP Validation (CVE-2025-2626)
github.com · 2026-04-03

# Vulnerability Summary: Incomplete IP Validation in `/api/search/visit` Allows

Read more
Fix Webhook SSRF: Enforce Public HTTP(S) URLs Only
github.com · 2026-04-03

### 漏洞关键信息总结 **漏洞概述** 该提交修复了一个 Webhook URL 验证不严的安全漏洞。此前实现允许 Webhook URL 指向内部网络地址(如内网 IP、localhost 等),存在 SSRF(服务器端请求伪造)攻击风险。修复通过引入 `IsSafeWebhook` 结构体,强制校验 URL 必须为公共 HTTP(S) 地址,有效防范潜在攻击。 **影响范围** - **文…

Read more
priyankark a11y-mcp 1.0.4 Server-Side Request Forgery (SSRF)
vuldb.com · 2026-04-02

### Vulnerability Key Information Summary **Vulnerability Overview** * **Vulnerability Name**: priyankark a11y-mcp 1.0.4 Server-Side Request Forgery (SSRF) * **Vulnerability Type**: Server-Side Reques…

Read more
a17y-mvp SSRF Vulnerability with POC
github.com · 2026-04-02

# a17y-mvp Server-side Request Forgery Vulnerability ## Vulnerability Overview This is a Server-Side Request Forgery (SSRF) vulnerability. An attacker can craft malicious requests to induce the server…

Read more
Invoice Ninja v6.x Unauthenticated SQLi and SSRF Vulnerability (CVE-2025-29525)
gist.github.com · 2026-04-02

# CVE-2025-29525: Invoice Ninja 未认证 SQL 注入与 SSRF 漏洞 ### 漏洞概述 * **漏洞名称:** Invoice Ninja Unauthenticated SQLi Server-Side Request Forgery (SSRF) * **CVE 编号:** CVE-2025-29525 * **CVSS 评分:** 9.8 (Critical…

Read more
Kubeflow ResourceComposition SSRF and HTTP Header Injection Vulnerability Analysis
gist.github.com · 2026-04-02

**Vulnerability Summary** * **Vulnerability Name**: Kubeflow ResourceComposition ChartUtil.SSIF + Header Injection * **Vulnerability Type**: Server-Side Request Forgery (SSRF) and HTTP Header Injectio…

Read more
SSRF in Frostmourn 1.0 Alarm Preview (AlarmController.java)
fx4tqqfvdw4.feishu.cn · 2026-04-02

### Vulnerability Summary **Vulnerability Overview** * **Vulnerability Name**: Server-Side Request Forgery (SSRF) in Frostmourn e 1.0 Alarm Preview * **Vulnerability Type**: Server-Side Request Forger…

Read more
SSRF in Docker Model Runner OCI Registry Client (Fixed in v1.1.25)
github.com · 2026-04-02

# Docker Model Runner SSRF 漏洞总结 ### 漏洞概述 * **漏洞名称**: Server-Side Request Forgery (SSRF) in Docker Model Runner OCI Registry Client * **漏洞描述**: Docker Model Runner 在 OCI 注册表令牌交换流程中存在 SSRF 漏洞。当拉取模型时,Mod…

Read more
Unauthenticated SSRF in GoJSF httpTools Endpoint Leading to API Key Theft
github.com · 2026-04-02

Based on the webpage screenshot provided by the user, I extracted the following key information: 1. **Vulnerability Overview:** * **Title:** Unauthenticated SSRF via httpTools Endpoint Leads to Intern…

Read more
InvoiceShelf SSRF in PDF Rendering via Unsanitised HTML
github.com · 2026-04-02

# Vulnerability Summary: SSRF in Estimate PDF Rendering Via Unsanitised HTML in Notes Field ### Vulnerability Overview This vulnerability exists in the Estimate PDF generation feature of the InvoiceSh…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.