Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 478— Search: SSRF×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Jenkins Plugin Security Advisory: XSS, SSRF, and Privilege Escalation Vulnerabilities
www.jenkins.io · 2024-11-17

From this webpage screenshot, the following key information about the vulnerabilities can be obtained: 1. **Vulnerability Descriptions**: - **Script Security Plugin**: The plugin does not perform perm…

Read more
Jenkins Plugin Security Advisory: XSS, SSRF, Privilege Escalation (SECURITY-2954, SECURITY-3010, etc.)
www.jenkins.io · 2024-11-17

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability Description**: - **Script Security Plugin Missing permission check vulnerability**: Script…

Read more
Zimbra Joule 8.8.15 Patch 46 Security Bulletin: SSRF, RCE, XSS Fixes (CVE-2024-45519)
wiki.zimbra.com · 2024-10-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Security Fixes**: - **CVE-2024-45519**: Fixed a security vulnerability in the postjournal serv…

Read more
no_proxy bypass via IP alias allows SSRF · Advisory · axios/axios · GitHub
github.com · 2026-04-25

# axios Security Vulnerability Summary ## Vulnerability Overview **Title**: no_proxy bypass via IP alias allows SSRF **CVE ID**: CVE-2026-42538 **Severity**: Moderate (CVSS v3 base metrics: 6.8 / 10) …

Read more
HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass · Advisory · langchain-ai/langchain · GitHub
github.com · 2026-04-25

# HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass ## Vulnerability Overview The `HTMLHeaderTextSplitter.split_text_from_url()` method validates the initial URL but then uses `requests.…

Read more
Image token counting SSRF protection can be bypassed via DNS rebinding · Advisory · langchain-ai/langchain · GitHub
github.com · 2026-04-25

# langchain-openai SSRF Vulnerability Summary ## Overview The `_url_to_size()` helper function in langchain-openai contains an SSRF (Server-Side Request Forgery) vulnerability when used to calculate i…

Read more
Flowise SSRF Protection Bypass via TOCTOU and Default Insecure Config
github.com · 2026-04-24

### Vulnerability Overview - **Vulnerability Name**: SSRF Protection Bypass (TOCTOU & Default Insecure) - **Vulnerability Type**: Server-Side Request Forgery (SSRF) Protection Bypass - **Vulnerability…

Read more
FlowiseAI SSRF Bypass via Unprotected Node.js Built-in Modules in Custom Function Sandbox
github.com · 2026-04-24

# SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox ## Vulnerability Overview A Server-Side Request Forgery (SSRF) protection bypass vulnerability exists in the C…

Read more
CVE-2026-33039: AVideo LiveLinks SSRF via DNS Rebinding Bypass
github.com · 2026-04-22

# CVE-2026-33039: SSRF Vulnerability in AVideo ## Vulnerability Overview The LiveLinks proxy plugin in AVideo has an incomplete SSRF fix. Although the `isSSRFsafeURL()` validation was added, a DNS TOC…

Read more
AVideo/WVPN SSRF Bypass via DNS Rebinding and Fix Analysis
github.com · 2026-04-22

# Vulnerability Summary: Enhanced SSRF Protection ## Vulnerability Overview This commit fixes insufficient SSRF (Server-Side Request Forgery) protection in the WVPN/AVideo project. The main issue was …

Read more
AVideo SSRF via Same-Domain Hostname Bypass (CVE-2024-41060)
github.com · 2026-04-22

### Vulnerability Overview - **Vulnerability Name**: SSRF via same-domain hostname with alternate port bypasses isSSRFsafeURL - **Vulnerability Type**: Server-Side Request Forgery (SSRF) - **Vulnerabi…

Read more
AgentScope SSRF Vulnerability: Multimodal Content Processing Leads to Cloud Credential Exfiltration
gist.github.com · 2026-04-20

# Vulnerability Summary: AgentScope SSRF Vulnerability ## Overview **Title**: Full (Non-Blind) SSRF via Multimodal Content Block Formatter Enables Direct Data Exfiltration **Description**: AgentScope’…

Read more
Blind SSRF Bypass in Dify <= v1.13.3 via OpenAI Plugin Schema Parser
gist.github.com · 2026-04-20

### Vulnerability Overview **Title**: Blind Server-Side Request Forgery (SSRF) Bypass via OpenAI Plugin Manifest Parsing **Description**: A blind Server-Side Request Forgery (SSRF) vulnerability exist…

Read more
EspoCRM Authenticated SSRF via IPv4 Notation Bypass (CVE-2024-XXXX)
github.com · 2026-04-18

# Vulnerability Summary: Authenticated SSRF via Internal-Host Validation Bypass Using Alternative IPv4 Notation ## Overview There is an authenticated Server-Side Request Forgery (SSRF) vulnerability i…

Read more
EspoCRM SSRF Vulnerability Fix and Bypass Analysis
github.com · 2026-04-18

# Vulnerability Summary ## Overview This vulnerability involves bypassing hostname resolution in `curl` requests. An attacker can construct specific URLs to bypass internal host checks and access inte…

Read more
VoiceServer SSRF and Rate Limit Bypass Vulnerability Fix
github.com · 2026-04-18

# Vulnerability Summary ## Overview This vulnerability involves security issues related to **SSRF (Server-Side Request Forgery)** and **rate limit bypass**. Specifically, VoiceServer has the following…

Read more
MaxKB Sandbox Network Hook Bypass Leading to SSRF
github.com · 2026-04-18

# SSRF via sandbox network hook bypass ## Vulnerability Overview The sandbox network protection in MaxKB can be bypassed by using `socket.sendto()` with the `MSG_FASTOPEN` flag. This allows authentica…

Read more
Axios SSRF Vulnerability: no_proxy Bypass via Hostname Normalization Flaw
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** A Server-Side Request Forgery (SSRF) vulnerability exists in the Axios library. This vulnerability stems from a flaw in the hostname normalization …

Read more
laravel-html-meta SSRF Bypass via Link Update (CVE-2020-33953) POC and Fix
github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** * **Name**: SSRF via CheckLinksCommand - Link URL Update Bypasses laravel-html-meta Protection * **CVE**: CVE-2020-33953 (Bypass) * **Description**…

Read more
OpenObserve SSRF Bypass via IPv6 Loopback Validation Flaw
github.com · 2026-04-08

### Vulnerability Overview The `validate_enrichment_url` function in the OpenObserve project contains a Server-Side Request Forgery (SSRF) vulnerability. * **Root Cause**: The Rust `url` crate, when p…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.