Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 477— Search: SSRF×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
PHP Excel Library Absolute Path Traversal and SSRF Vulnerability Analysis
github.com · 2024-10-09

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Type**: Absolute Path Traversal and Server-Side…

Read more
Apache Batik/FOP/XML Graphics Commons SSRF/XXE/Deserialization Vulnerabilities Summary (CVE-2022-44729 etc.)
xmlgraphics.apache.org · 2024-10-10

From this webpage screenshot, the following key information about vulnerabilities can be obtained: 1. **Apache Batik Project - Apache Batik Security**: - Batik 1.17: SSRF vulnerability CVE-2022-44729 …

Read more
Ivanti Avalanche 6.4.5 Security Advisory: SSRF/Path Traversal Vulnerabilities (CVE-2024-47008/47011/47010)
forums.ivanti.com · 2024-10-10

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability Name**: Ivanti Avalanche 6.4.5 Security Advisory (Multiple CVE's) 2. **Vulnerability Descr…

Read more
LiteLLM CVE-2024-6587 SSRF Vulnerability Leads to OpenAI API Key Leakage
huntr.com · 2024-09-15

From this webpage screenshot, the following key information about the vulnerability can be extracted: 1. **Vulnerability Description**: - Users can specify the `api_base` parameter to send requests to…

Read more
SeaCMS v13.1 SSRF Vulnerability in admin_reslib.php
github.com · 2024-09-10

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Type**: SeaCMS v13.1 Server-Side Request Forger…

Read more
Axios SSRF Vulnerability (CVE-2024-39338) Analysis and PoC
jeffhacks.com · 2024-08-10

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: Server-Side Request Forgery Vulnerability (CVE-2024-39338) 2. **Affected…

Read more
Journeyx jtime Unauthenticated XXE Vulnerability (SSRF/File Read)
korelogic.com · 2024-08-10

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Affected Vendor and Product**: - Vendor: Journeyx - Product: Journeyx (jtime) - Version: 11.5.…

Read more
Microsoft Copilot Studio SSRF Information Disclosure Vulnerability (CVE-2024-38206)
msrc.microsoft.com · 2024-08-10

### Vulnerability Information #### Vulnerability Description - **CVE Number**: CVE-2024-38206 - **Vulnerability Type**: Information Disclosure - **Severity**: Critical - **Release Date**: August 6, 20…

Read more
WAHA Media Conversion Endpoint Authenticated SSRF Vulnerability Analysis
github.com · 2026-04-25

# WAHA Authentication SSRF Vulnerability Summary ## Vulnerability Overview The WAHA media conversion endpoint accepts user-supplied file URLs and fetches them server-side. The input URL is passed via …

Read more
WordPress Stop Spammer Plugin Vulnerability Analysis: Nonce, Input Sanitization, XSS
plugins.trac.wordpress.org · 2026-01-28

### Key Information - **Version**: 2026 - **Vulnerability Types**: - **Unverified nonce**: `NonceVerification.Missing` found in multiple files, such as `classes/ss_addtolist.php` and `classes/ss_chall…

Read more
GitLab Patch Release: SSRF, XSS, DoS, Auth Bypass Fixes
about.gitlab.com · 2026-02-11

### Key Information #### GitLab Patch Release: 18.8.4, 18.7.4, 18.6.6 - **Date:** Feb 10, 2024 - **Publisher:** Félix Veillette-Potvin #### Security Fixes | Title | Severity | | --- | --- | | Incomple…

Read more
Red Hat JBoss EAP 7.1 Security Advisory: Deserialization, SQLi, SSRF Fixes
access.redhat.com · 2025-07-06

### Critical Vulnerability Information #### Vulnerability Overview - **Type/Severity**: Important - **Affected Product**: Red Hat JBoss Enterprise Application Platform 7.1 on RHEL 7 - **Release Date**…

Read more
Red Hat JBoss EAP 7.1 Security Advisory RHSA-2024:10208: Multiple CVEs (RCE, SSRF, DoS)
access.redhat.com · 2024-11-27

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability ID**: RHSA-2024:10208 2. **Release Date**: November 25, 2024 3. **Update Date**: November …

Read more
SolarWinds Observability & Third-party CVEs: Open Redirect, XSS, Jetty Info Disc, Logback ELI/SSRF
documentation.solarwinds.com · 2025-11-18

### Critical Vulnerability Information #### SolarWinds CVEs | CVE-ID | Vulnerability Title | Description | Severity | Credit | |--------|--------------------|-------------|----------|--------| | CVE-2…

Read more
OX App Suite Security Advisory: SSRF, Code Injection, and Auth Bypass Vulnerabilities
seclists.org · 2025-11-11

## Critical Vulnerability Information - **Vulnerability Overview:** - This email contains multiple vulnerability descriptions related to OXAAS-ADV-2023-0002: OX App Suite Security Advisory. - **Main V…

Read more
Ubuntu Oxide Browser Security Update: UAF, SOP Bypass, SSRF (CVE-2015-1209/1210/1212)
www.ubuntu.com · 2025-11-07

### Key Information Summary #### Vulnerability Overview - **Release Date**: February 10, 2015 - **Overview**: Multiple security issues were fixed in Oxide. - **Affected Versions**: 14.10, 14.04 LTS ##…

Read more
Zimbra Collaboration 9.0.0 Patch 41 Security Bulletin: RCE, SSRF, XSS Fixes (CVE-2024-45513, CVE-2024-45519)
wiki.zimbra.com · 2024-10-24

From this webpage screenshot, the following key information about vulnerabilities can be obtained: 1. **Security Fixes**: - **CVE-2024-45513**: Fixed a stored XSS vulnerability in the `contacts/print`…

Read more
Azure Datastrix Privilege Escalation via SSRF (CVE-2026-33107) Advisory
msrc.microsoft.com · 2026-04-03

# Azure Datastrix 提权漏洞 (CVE-2026-33107) ## 漏洞概述 * **漏洞名称**: Azure Datastrix Elevation of Privilege Vulnerability * **CVE编号**: CVE-2026-33107 * **发布日期**: 2026年4月2日 * **严重性**: Critical (严重) * **CVSS评分**…

Read more
aiohttp fix: drop malicious Host/Origin headers on redirect to prevent SSRF
github.com · 2026-04-02

### 漏洞概述 该 Commit 修复了 **aiohttp** 库中的一个安全漏洞:在客户端进行重定向(Redirect)时,若目标为外部绝对 URL,原有的 `Host` 和 `Origin` 请求头会被保留并发送至新目标,可能导致 **Host 头注入** 或 **SSRF(服务器端请求伪造)** 攻击。攻击者可利用此行为欺骗后端服务,绕过安全校验。 ### 影响范围 - **项目**: …

Read more
aiohttp Static Resource Handler NTLMv2 Credential Theft via SSRF (CVE-2026-34115)
github.com · 2026-04-02

### Vulnerability Key Information Summary **Vulnerability Overview** * **Title**: UNC SRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows * **Description**: On Windows sy…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.