Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Security Intel Hub 583— Search: SSRF×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
Authenticated DDNS webhook configuration allows blind SSRF from the dashboard host · Advisory · nezhahq/nezha · GitHub
github.com · 2026-06-13

### Vulnerability Overview **Title**: Authenticated DDNS webhook configuration allows blind SSRF from the dashboard host **Description**: This vulnerability allows authenticated Nebula dashboard users…

Read more
Squidex CVE-2025-41170 Admin-Only SSRF in Backup Restore Endpoint
github.com · 2026-04-23

# SSRF via Backup Restore Endpoint — Admin-Controlled URL Download Allows Internal and External Requests ## Vulnerability Overview - **Vulnerability Type**: Server-Side Request Forgery (SSRF) - **Affe…

Read more
Premium intel
CVSS 8.5
SSRF in SillyTavern Search Proxy via Unvalidated baseUrl
github.com · 2026-05-30

### Vulnerability Overview **Vulnerability Name**: SSRF in SearXNG Search Proxy via Unvalidated baseUrl **Description**: SillyTavern 1.17.0 exposes an `/api/search/searxng` endpoint that accepts an at…

Read more
Incomplete fix for CVE-2026-32812: SSRF in admidio · Advisory · Admidio/admidio · GitHub
github.com · 2026-05-07

# Vulnerability Summary: CVE-2026-32812 (SSRF in admidio) ## Vulnerability Overview The `fetch_metadata.php` file in Admidio contains an incomplete SSRF fix. Although the code resolves the IP address …

Read more
CVSS 7.3
HyperChat AI Proxy Middleware SSRF Vulnerability (#142) with POC
github.com · 2026-04-28

### Vulnerability Overview **Vulnerability Name**: Server-Side Request Forgery (SSRF) Vulnerability in AI Proxy Middleware of HyperChat **Vulnerability ID**: #142 **Vulnerability Type**: SSRF (Server-…

Read more
CVSS 5.0
WeasyPrint url_fetcher SSRF Vulnerability Analysis and Patch Details
github.com · 2026-05-29

### Vulnerability Overview This vulnerability involves the `url_fetcher` functionality within the WeasyPrint library, presenting a Server-Side Request Forgery (SSRF) risk. Attackers can craft maliciou…

Read more
Authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget · Advisory · apostrophecms/apostro
github.com · 2026-06-13

### Vulnerability Overview **Vulnerability Name**: Authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget **Description**: ApostropheCMS contains an authenticated Server…

Read more
Squidex SSRF via Jint Scripting Engine HTTP Functions
github.com · 2026-04-23

# SSRF via Jint Scripting Engine HTTP Functions Due to Missing SSRF Protection on "Jint" HttpClient ## Vulnerability Overview There is a Server-Side Request Forgery (SSRF) vulnerability in Squidex. Th…

Read more
SSRF via OAuth Profile Picture URL in _process_picture_url (oauth.py) · Advisory · open-webui/open-webui · GitHub
github.com · 2026-05-22

# SSRF via OAuth Profile Picture URL in `_process_picture_url` (oauth.py) ## Vulnerability Overview The `_process_picture_url` function in the Open WebUI backend code `open_webui/utils/oauth.py` conta…

Read more
CVSS 6.3
Toonflow v1.1.1 SSRF Vulnerability Leading to Internal Credential Leakage
github.com · 2026-04-27

# Vulnerability Summary: SSRF in Toonflow v1.1.1 Leads to Internal Credential Leakage ## 1. Vulnerability Overview * **Vulnerability Name**: Server-Side Request Forgery (SSRF) in Toonflow v1.1.1 * **V…

Read more
CVSS 7.7
SSRF Fix: Enforcing Hostname and Port Matching for Same-Origin Requests
github.com · 2026-04-22

# Vulnerability Summary ## Overview - **Vulnerability Type**: SSRF (Server-Side Request Forgery) - **Description**: By improving the SSRF protection mechanism, it is enforced that same-origin requests…

Read more
CVSS 7.7
CVE-2025-4750 Koel SSRF via Podcast Enclosure URL with Exploit POC
github.com · 2026-06-13

### Vulnerability Overview **Vulnerability Name**: SSRF via Podcast Episode Enclosure URLs **CVE ID**: CVE-2025-4750 **CVSS v3 Base Score**: 7.7 / 10 **Affected Versions**: ` value extracted from RSS …

Read more
[3.12] gh-87451: Apply CVE-2021-4189 PASV fix to ftplib.ftpcp() (GH-1… · python/cpython@c887044 · GitHub
github.com · 2026-06-13

### Vulnerability Overview This vulnerability affects the `FTP.pasv()` function in Python's `ftplib` module. An attacker can use a malicious FTP server to redirect the target server's data connection …

Read more
CVSS 6.3
Hunyuan3D Arbitrary File Read and SSRF Vulnerabilities with PoC and Fixes
github.com · 2026-06-03

### Vulnerability Overview Two security vulnerabilities were identified in the Hunyuan3D integration: 1. **Arbitrary File Read**: The `generate_hunyuan3d_model` function accepts a local file path as t…

Read more
CVSS 8.2
open-webSearch fetchWebContent SSRF Vulnerability Analysis (CVE-style)
github.com · 2026-05-22

# Vulnerability Summary: open-webSearch `fetchWebContent` MCP Tool SSRF Vulnerability ## Vulnerability Overview A Server-Side Request Forgery (SSRF) vulnerability exists in the `fetchWebContent` MCP t…

Read more
CVSS 6.3
XXL-JOB <= 3.3.2 Low-Privilege SSRF Vulnerability Analysis
github.com · 2026-04-29

# XXL-JOB SSRF Vulnerability Summary (Issue #3935) ## Vulnerability Overview A Server-Side Request Forgery (SSRF) vulnerability exists in the `/jobinfo/trigger` endpoint of `xxl-job-admin`. * **Trigge…

Read more
CVSS 7.3
SourceCoder SEO Meta Tag Extractor 1.0 SSRF Vulnerability Advisory and Fix
hackmd.io · 2026-06-02

### Vulnerability Overview **Vulnerability Name**: SourceCoder SEO Meta Tag Extractor 1.0 - Server-Side Request Forgery via URL Parameter **Vulnerability Type**: Server-Side Request Forgery (SSRF) (CW…

Read more
CVSS 7.3
xhs-mcp SSRF and Path Traversal Vulnerability Analysis with POC
github.com · 2026-04-30

# SSRF and Path Traversal Vulnerability Summary (xhs-mcp) ## 1. Vulnerability Overview * **Vulnerable Component**: The `xhs_publish_content` tool in the `xhs-mcp` project. * **Vulnerability Types**: *…

Read more
CVSS 6.3
JeecgBoot SSRF Vulnerability Analysis: /sys/common/uploadImgByHttp Endpoint
github.com · 2026-05-02

# Vulnerability Summary: Direct SSRF Vulnerability in JeecgBoot ## Vulnerability Overview A direct Server-Side Request Forgery (SSRF) vulnerability exists in the `/sys/common/uploadImgByHttp` interfac…

Read more
CVSS 5.0
SSRF in web_fetch due to unvalidated redirects, patch and PoC
github.com · 2026-06-02

### Vulnerability Overview This vulnerability involves a security issue in the `web_fetch` tool when handling redirects. Specifically, the initial URL is validated before fetching, but automatic redir…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.