Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 477— Search: SSRF×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Rocket TRUfusion Enterprise Pre-Auth SSRF Vulnerability (CVE-2025-32355)
www.rcesecurity.com · 2026-02-21

From the screenshot, the following key information about the vulnerability can be obtained: ### Key Information - **Product:** TRUfusion Enterprise - **Vendor URL:** https://www.rocketsoftware.com/en-…

Read more
LangSmith SDK SSRF via Tracing Header Injection (CVE-2026-25528)
github.com · 2026-02-10

## Critical Vulnerability Information ### Vulnerability Description - **Vulnerability Type**: Server-Side Request Forgery (SSRF) via Tracing Header Injection - **CVE ID**: CVE-2026-25528 - **CVSS v3 B…

Read more
Faraday SSRF Vulnerability (CVE-2026-25765) Analysis and Fix
github.com · 2026-02-10

## Key Information Overview ### Vulnerability Details - **Vulnerability Type**: SSRF (Server-Side Request Forgery) - **CVE ID**: CVE-2026-25765 - **Severity**: Moderate (5.8/10) - **Affected Versions*…

Read more
DoraCMS <=3.1 UEditor Remote Image Fetch SSRF Vulnerability (CVE-2026-25870)
www.vulncheck.com · 2026-02-11

- **Advisories:** DoraCMS <= 3.1 UEditor Remote Image Fetch SSRF - **Severity:** Medium - **Date:** 2/10/2026 - **Affecting:** DoraCMS <= 3.1 - **References:** - CVE-2026-25870 - [GitHub Issue](https:…

Read more
CVE-2026-25492: GraphQL SSRF Exfiltrates AWS Credentials
github.com · 2026-02-10

- **Vulnerability Details** - **Title:** save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host - **Affected Versions:** - `>= 5.0.0-RC1, = 3.5.0, <= 4.16.17…

Read more
DoraCMS 3.1 UEditor SSRF Vulnerability Analysis Report
github.com · 2026-02-11

## DoraCMS 3.1 Security Report SSRF (Responsible Disclosure) ### Report Title SSRF via UEditor Remote Image Fetch (catcher/catchImage) ### Product DoraCMS 3.1 ### Date 2026-02-10 ### Scope Source-code…

Read more
LangChain ChatOpenAI SSRF via image_url token counting
github.com · 2026-02-11

## SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages ### Affected Versions - langchain-core==0.3.81 ### Severity - Low (3.7 / 10) ### Summary The `ChatOpenAI.get_num_tokens_…

Read more
Homarr Unauthenticated SSRF/Port-Scan via widget.app.ping (CVE-2026-25123)
github.com · 2026-02-07

## Critical Vulnerability Information ### Vulnerability Title Unauthenticated SSRF / Port-Scan Primitive via widget.app.ping ### CVE ID CVE-2026-25123 ### Affected Versions = 1.52.0 ### Vulnerability …

Read more
Pydantic AI SSRF Vulnerability Advisory and Fix Guide
github.com · 2026-02-07

### Key Information #### Summary - **Vulnerability Type**: Server-Side Request Forgery (SSRF) - **Affected Versions**: - `pydantic-ai`: >= 0.0.26 - `pydantic-ai-slim`: >= 0.0.26 - **Fixed Versions**: …

Read more
Group-Office WOPI Service SSRF and Local File Read Vulnerability (CVE-2026-25511)
github.com · 2026-02-05

### Key Information #### Vulnerability Overview - **Vulnerability Name**: SSRF and File Read in WOPI service discovery - **Severity**: High (8.2/10) - **CVE ID**: CVE-2026-25511 - **Affected Versions*…

Read more
ZenTao PMS Webhook Module SSRF Vulnerability Analysis
vuldb.com · 2026-02-05

### Critical Vulnerability Information **Title**: - **ZenTao PMS <=21.7.6-85642 SSRF** **Description**: - A Server-Side Request Forgery (SSRF) vulnerability exists in the Webhook module of ZenTao CMS.…

Read more
ZenTao Webhook SSRF Arbitrary File Read Vulnerability
github.com · 2026-02-05

### Key Information #### Vulnerability Overview - **Vulnerability Type**: Server-Side Request Forgery (SSRF) leading to arbitrary file read - **Severity**: High - **Affected Component**: Webhook modul…

Read more
OpenProject Blocknote Extension ID Manipulation SSRF/DoS (CVE-2026-24775)
github.com · 2026-01-29

### Key Information Summary #### Vulnerability Overview - **Title**: Forced Actions, Content Spoofing, and Persistent DoS via ID Manipulation in OpenProject Blocknote Editor Extension - **Severity**: …

Read more
Squidex CMS Webhook SSRF Vulnerability Analysis
github.com · 2026-01-28

### Critical Vulnerability Information #### Vulnerability Overview - **Type**: Server-Side Request Forgery (SSRF) - **Location**: Squidex CMS (Squidex) (C#) - Webhook Configuration - **Affected Versio…

Read more
CVE-2026-24767 Blind SSRF via Unvalidated HEAD Request
github.com · 2026-01-29

Key vulnerability information extracted from the web screenshot: - **Vulnerability Type**: Blind SSRF (Server-Side Request Forgery). - **Root Cause**: Unvalidated HEAD request. - **Affected Versions**…

Read more
Keycloak Blind SSRF via CIBA Backchannel (CVE-2026-1518)
bugzilla.redhat.com · 2026-02-02

# Critical Vulnerability Information - **Bug ID:** 2433727 (CVE-2026-1518) - **Vulnerability Name:** keycloak: Blind Server-Side Request Forgery (SSRF) via CIBA Backchannel Notification Endpoint in Ke…

Read more
YetiShare v5.1.0 SSRF Vulnerability Leading to Local File Read
www.exploit-db.com · 2026-01-27

## Key Information - **EDB-ID**: 49534 - **CVE**: N/A - **Author**: NUMAN TÜRLE - **Type**: WEBAPPS - **Platform**: PHP - **Date**: 2021-02-08 - **Vulnerable App**: YetiShare File Hosting Script 5.1.0…

Read more
Backstage SSRF Vulnerability (CVE-2026-24048) in @backstage/backend-defaults
github.com · 2026-01-27

## Critical Vulnerability Information ### Vulnerability Overview - **Vulnerability Type**: SSRF (Server-Side Request Forgery) - **CVE ID**: CVE-2026-24048 - **Information Source**: GitHub Security Adv…

Read more
SSRF Vulnerability in sigstore/rekor (CVE-2026-24117)
github.com · 2026-01-27

## Server-Side Request Forgery (SSRF) via provided public key URL ### Affected Package - **Package**: github.com/sigstore/rekor (Go) - **Affected Versions**: <= 1.4.3 - **Patched Versions**: 1.5.0 ###…

Read more
Skipper ExternalName SSRF Leading to Internal Service Exposure (GHSA-mxxc-p822-2hx9)
github.com · 2026-01-27

## Key Information - **Vulnerability Name:** dataclient/kubernetes ExternalName SSRF Leading to Internal Service Exposure - **Publisher:** szeucs - **Vulnerability ID:** GHSA-mxxc-p822-2hx9 - **Releas…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.