Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 478— Search: SSRF×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Saleor Security Configuration Guide: SSRF Protection, File Upload Restrictions, and XSS Sanitization
docs.saleor.io · 2026-01-27

## Critical Vulnerability Information - **HTTP Redirects and Timeouts** - Saleor disables HTTP redirects for outgoing connections by default and enforces strict timeout values (typically <20s). - This…

Read more
lucy-xss-filter SSRF and Java Info Disclosure Vulnerability Analysis
github.com · 2026-01-20

### Critical Vulnerability Information #### Vulnerability Type - **SSRF (Server-Side Request Forgery)** - **Java Server-Side Java Console Information Disclosure** #### Vulnerability Trigger Conditions…

Read more
Sonatype Nexus Repository 3.88.0 Security Update: CVE-2026-0601 XSS Fix & SSRF Mitigation
help.sonatype.com · 2026-01-20

### Critical Vulnerability Information #### Known Issues - **NuGet Search Issue**: In Sonatype Nexus Repository 3.88.0, NuGet client search requests may fail when the application runs on an embedded H…

Read more
XunRuiCMS <=4.7.1 Domain Binding SSRF Leading to Remote XSS
vuldb.com · 2025-12-05

**Vulnerability Details:** - **Title:** Sichuan Xunrui Cloud Software Development Co., Ltd xunruicms <=4.7.1 URL redirection causing remote XSS - **Description:** In the backend of the xunruicms frame…

Read more
Red Hat JBoss EAP 8.0.2 Security Update: SSRF/Credential Leak Fixes (CVE-2024-1233, CVE-2024-1102)
access.redhat.com · 2025-11-14

### Key Vulnerability Information #### Synopsis - **Severity**: Moderate - Update for Red Hat JBoss Enterprise Application Platform 8.0.2 Security Update #### Vulnerabilities Addressed - **CVE-2023-45…

Read more
Lichess Game Export API SSRF Vulnerability Analysis
hackerone.com · 2025-11-14

### Key Information #### Vulnerability Type - **Server-Side Request Forgery (SSRF) via Game Export API** #### Discoverer - **oblivionsage** #### Report Submission Time - **May 28, 2025, 9:36am UTC** #…

Read more
CVE-2025-12520: WP Airbnb Review Slider SSRF to Stored XSS Vulnerability Analysis
cyberresearchhub.com · 2025-11-09

## CVE-2025-12520 - SSRF to XSS ### Affected Component - **Plugin:** WP Airbnb Review Slider - **Affected versions:** < 4.3 - **Vulnerable behavior:** - URL input is validated only by `FILTER_VALIDATE…

Read more
CVE-2022-1722: SSRF in jgraph/drawio via IPv6 link-local address bypass
huntr.dev · 2025-11-09

### Critical Vulnerability Information - **Vulnerability Name**: SSRF in editor's proxy via IPv6 link-local address in jgraph/drawio - **CVE ID**: CVE-2022-1722 - **Vulnerability Type**: Server-Side R…

Read more
OX App Suite Vulnerability Advisory: SSRF, XSS, Info Disclosure (CVE-2019-14225/14226/14227)
seclists.org · 2025-11-09

- **Product**: OX App Suite - **Vendor**: OX Software GmbH - **Vulnerabilities**: - **Server-Side Request Forgery (CWE-918)**: - **Details**: Vulnerability in the iCal event subscription mechanism. - …

Read more
LocalStack 0.12.6 OS Command Injection, SSRF, and XSS Vulnerabilities Analysis (CVE-2021-32090/32091)
blog.sonarsource.com · 2025-11-09

### Key Information about the LocalStack Vulnerabilities #### Overview - **Article Title**: Hack the Stack with LocalStack: Code Vulnerabilities Explained - **Author**: Dennis Brinkrolf (Security Rese…

Read more
WSO2 SSRF and Reflected XSS Vulnerability (CVE-2025-5350) Advisory
security.docs.wso2.com · 2025-10-24

### Key Information #### Vulnerability Overview - **Vulnerability ID**: WSO2-2025-4124/CVE-2025-5350 - **Release Date**: 2025-10-24 - **Update Date**: 2025-10-24 - **Version**: 1.0.0 - **Severity**: M…

Read more
Nagios XI <5.6.11 Unauthenticated XSS and SSRF via Highcharts (CVE-2020-36862)
www.vulncheck.com · 2025-10-31

### Key Information - **Vulnerability Title**: Nagios XI < 5.6.11 Unauthenticated XSS and SSRF via Highcharts - **Severity**: MEDIUM - **Date**: October 30, 2025 - **Affected Versions**: XI < 5.6.11 -…

Read more
SSRF Vulnerability in File Conversion API (CVSS 7.5) with PoC
github.com · 2025-08-13

### Key Information #### Vulnerability Overview - **Vulnerability Type**: SSRF (Server-Side Request Forgery) - **Affected Versions**: All versions - **Fixed Version**: 1.1.0 - **Severity**: High (CVSS…

Read more
SSRF Bypass in npm private-ip package due to missing multicast IP range
gist.github.com · 2025-07-26

### Key Information #### Vulnerability Description - **Vulnerability Type**: SSRF Bypass in private-ip - **Affected Package**: `private-ip` is an npm package used to check whether an IP address is a p…

Read more
Red Hat JBoss EAP 7.3 Security Update Advisory (CVEs: SSRF, DoS, Memory Exhaustion)
access.redhat.com · 2025-07-06

### Critical Vulnerability Information #### Vulnerability Overview - **Type/Severity**: Important - **Subject**: Red Hat JBoss Enterprise Application Platform 7.3.14 security update, addressing multip…

Read more
WordPress WPThumb Plugin SSRF Vulnerability Advisory
patchstack.com · 2025-07-06

### Key Information - **Vulnerability Name**: WordPress WPThumb Plugin <= 0.10 is vulnerable to Server Side Request Forgery (SSRF) - **Priority**: Low priority - **Affected Versions**: <= 0.10 - **Off…

Read more
SSRF Vulnerability in improbable-eng/github-script Action (CVSS 8.1)
gitlab.com · 2025-07-06

### Key Information Summary #### Vulnerability Overview - **Vulnerability Type**: SSRF (Server-Side Request Forgery) - **Affected Scope**: Users of GitHub Actions utilizing the `improbable-eng/github-…

Read more
a-blog cms Vulnerability Advisory: SSRF, Path Traversal, XSS (CVE-2025-27566, CVE-2025-32999, CVE-2025-36560, CVE-2025-4
jvn.jp · 2025-05-20

### Critical Vulnerability Information #### Vulnerability Overview - **CVE IDs**: CVE-2025-27566, CVE-2025-32999, CVE-2025-36560, CVE-2025-41429 - **Affected Product**: a-blog cms by appleple inc. - *…

Read more
WordPress Plugin external-image-replace 1.0.8 file_get_contents SSRF/RCE Analysis
plugins.trac.wordpress.org · 2025-05-07

### Critical Vulnerability Information - **File Path**: `external-image-replace/tags/1.0.8/class.php` - **Last Modified**: September 27, 2015 (7 years ago) - **File Size**: 5.1 KB #### Potential Vulne…

Read more
Backstage Scaffolder SSRF/SSTI Vulnerability Analysis (CVE-2024-53983)
github.com · 2024-12-01

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: Server-side request forgery in Backstage Scaffolder plugin 2. **Vulnerab…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.