Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 477— Search: SSRF×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
FastGPT MCP Tools Endpoint SSRF Vulnerability Analysis
github.com · 2026-04-02

# FastGPT MCP Tools SSRF Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name:** Server-Side Request Forgery via MCP Tools Endpoint in FastGPT (FastGPT's Server-Side Request Forgery …

Read more
SSRF in Invoice PDF Rendering via Unsanitised HTML in Notes Field
github.com · 2026-04-02

# SSRF in Invoice PDF Rendering via Unsanitised HTML in Notes Field ### 漏洞概述 这是一个服务端请求伪造(SSRF)漏洞,存在于发票PDF生成模块中。由于`Notes`字段中的HTML输入未经过清理(unsanitised),攻击者可注入任意远程资源引用,从而触发对内部系统或外部恶意服务器的请求。该漏洞可通过PDF预览和邮件摘…

Read more
Unauthenticated Blind SSRF in PTT Server /loadimg Endpoint
github.com · 2026-04-02

### Vulnerability Overview (漏洞概述) - **Title:** Unauthenticated Blind SSRF via /loadimg Endpoint Enables Internal Probing (未认证的盲SSRF通过/loadimg端点启用内部探测) - **Description:** The `/loadimg` endpoint of the…

Read more
Discourse SSRF in Group SMTP Test Endpoint (CVE-2026-39185)
github.com · 2026-04-02

### Vulnerability Summary **Vulnerability Title:** Group SMTP test endpoint susceptible to SSRF **Overview:** Discourse's group email settings test endpoint is vulnerable to Server-Side Request Forger…

Read more
Clerk SSRF in clerkFrontendApiProxy Leaks Secret Keys: Affected Versions and Fix
github.com · 2026-04-02

# SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host ### 漏洞概述 `clerkFrontendApiProxy` 函数在 `@clerk/clerk-react` 中存在服务端请求伪造(SSRF)漏洞。不受信任的客户端可发送请求,导致秘密密钥(secret keys…

Read more
Tautulli Unauthenticated SSRF in pms_image_proxy (CVE-2024-31104)
github.com · 2026-04-02

## Vulnerability Overview **Tautulli pms_image_proxy Unauthenticated SSRF Vulnerability** Tautulli's `/pms_image_proxy` endpoint accepts a user-supplied `img` parameter and forwards it to Plex Media S…

Read more
Kyverno CEL HTTP SSRF Vulnerability (CVE-2026-4789) Analysis and Mitigation
kb.cert.org · 2026-04-02

# Kyverno SSRF Vulnerability (VU#655822) ## Vulnerability Overview Kyverno versions 1.16.0 and later contain a Server-Side Request Forgery (SSRF) vulnerability in their CEL expression HTTP functions (…

Read more
AVideo CVE-2024-34740 Stored SSRF via EPG Link
github.com · 2026-04-02

## Vulnerability Overview **Vulnerability Name**: Stored SSRF via Video EPG Link Missing isSSRSafeURL() Validation **CVE ID**: CVE-2024-34740 **Severity**: 6.5/10 (Medium) **Weakness**: CWE-918 (Serve…

Read more
Cisco Nexus Dashboard SSRF Vulnerability Summary
sec.cloudapps.cisco.com · 2026-04-02

# Cisco Nexus Dashboard SSRF Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: Cisco Nexus Dashboard and Nexus Dashboard Insights Server-Side Request Forgery Vulnerability * **…

Read more
Jeesite XXE Vulnerability (CWE-611): Unfiltered logoutRequest Causes SSRF
www.yuque.com · 2026-03-02

## Jeesite XXE Vulnerability Report (CWE-611) ### 1. Description Jeesite contains an XXE vulnerability. The user-controlled `logoutRequest` XML is parsed without adequate XXE protections, enabling att…

Read more
Sim Studio AI MongoDB SSRF and Arbitrary Document Deletion (CVE-2026-3431)
www.tenable.com · 2026-03-02

## Key Vulnerability Information ### Vulnerability Overview - **Name**: Sim Studio AI - MongoDB SSRF and Arbitrary Document Deletion - **Rating**: Critical ### Vulnerability Details - **CVE ID**: CVE-…

Read more
Chamilo LMS CVE-2024-50337 Unauthenticated Blind SSRF via OpenID
github.com · 2026-03-03

### Key Vulnerability Information #### Vulnerability Name Potential unauthenticated blind SSRF via openid function #### Vulnerability Severity - Severity Level: Moderate - CVSS v3 Base Metrics: 5.3 / …

Read more
CrewAI Framework Multiple Vulnerabilities Summary (RCE/SSRF/File Read)
www.kb.cert.org · 2026-04-02

# Vulnerability Summary: CrewAI Multiple Vulnerabilities (VU#221883) ## Vulnerability Overview This advisory identifies four critical security vulnerabilities within the CrewAI framework, including Re…

Read more
GLPI Unauthenticated SSRF Fix: OpenID Provider Whitelisting
github.com · 2026-03-03

From this webpage screenshot, the following key vulnerability information can be obtained: - **Vulnerability Type**: - Fixed a potential "unauthenticated covert SSRF (Server-Side Request Forgery)" vul…

Read more
OpenStack Glance SSRF Fix: SafeRedirectHandler & IP Normalization
security.openstack.org · 2026-04-02

### Vulnerability Overview A Server-Side Request Forgery (SSRF) vulnerability exists in the OpenStack Glance image import functionality. Attackers can bypass URL validation checks by utilizing HTTP re…

Read more
SSRF Vulnerability in Psi Probe <=5.3.0 via Whois Lookup
github.com · 2026-02-27

### Server-Side Request Forgery (SSRF) in Psi Probe #### Affected Environment - **Project**: Psi Probe - **Repository**: https://github.com/psi-probe/psi-probe - **Affected Version**: (via WhoisContro…

Read more
sz-boot-parent <= v1.3.2-beta SSRF and Arbitrary File Read Vulnerability
vuldb.com · 2026-02-26

### Key Information Summary #### Title - **Title**: feiyuchuixue https://github.com/feiyuchuixue/sz-boot-parent sz-boot-parent <= v1.3.2-beta Arbitrary_File_Read/SSRF #### Description - **Description*…

Read more
Gradio SSRF via Malicious proxy_url Injection in gr.load() (CVE-2026-28416)
github.com · 2026-02-28

### Vulnerability Information - **Vulnerability Name**: SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing - **Severity**: High - **CVE ID**: CVE-2026-28416 - **Affected Version…

Read more
CVE-2026-27732: Authenticated SSRF in AVideo <22
github.com · 2026-02-25

### Key Vulnerability Information - **Vulnerability ID:** GHSA-h39h-7cvg-q7j6 - **CVE ID:** CVE-2026-27732 - **Vulnerability Type:** Authenticated Server-Side Request Forgery (SSRF) — CWE-918 - **Affe…

Read more
changetection.io SSRF Vulnerability (CVE-2026-27696) Advisory
github.com · 2026-02-25

### Key Information - **Vulnerability Type**: Server-Side Request Forgery (SSRF) via Watch URLs - **Severity**: High (8.6/10) - **CVE ID**: CVE-2026-27696 - **Affected Versions**: `. ### Exploitation …

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.