Security Intel Hub 478— Search: `SSRF`×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Tiny File Manager v2.6 SSRF via HTTP Redirect Bypass (CVE-2025-46651)

github.com · 2026-02-04

## Key Information Overview ### Vulnerability Summary - **CVE ID**: CVE-2025-46651 - **Vulnerability Type**: Server-Side Request Forgery (SSRF) via HTTP Redirect Bypass - **Affected Version**: Tiny Fi…

WeasyPrint CVE-2025-68616 SSRF Protection Bypass via HTTP Redirect

github.com · 2026-01-20

## Vulnerability Key Information ### Vulnerability Overview - **Type**: Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect - **Severity**: High (7.5/10) - **CVE ID**: CVE-2025-6861…

Mailpit CVE-2026-23845 SSRF in HTML Check API via CSS Handler

github.com · 2026-01-20

### Vulnerability Summary - **Vulnerability Type**: Server-Side Request Forgery (SSRF) via HTML Check API - **Severity**: Moderate (5.8/10) - **CVE ID**: CVE-2026-23845 - **Affected Versions**: ` tags…

Mastodon SSRF Protection Bypass Vulnerability (CVE-2026-22245)

github.com · 2026-01-20

### SSRF Protection Bypass Vulnerability in Mastodon #### Severity - **High** #### Package - Mastodon #### Affected Versions - < v4.2.29, < v4.3.17, < v4.4.11, < v4.5.4 #### Patched Versions - v4.2.29…

Deco apps SSRF Vulnerability in analyticsScript.ts Loader

vuldb.com · 2025-12-04

- **Title**: Deco deco-apps 0.114.12 - 0.120.1 Server-Side Request Forgery - **Description**: A Server-Side Request Forgery (SSRF) vulnerability exists in the analyticsScript.ts loader. The URL parame…

Pandoc --sandbox default behavior discussion and SSRF vulnerability analysis

github.com · 2025-11-25

- **Issue Title:** Make --sandbox default behavior #11261 - **Status:** Closed - **Key Information:** - **Issue Raised:** Due to the potential for SSRF (Server-Side Request Forgery) and other attacks …

ClipperCMS 1.3.3 SSRF Vulnerability in rss_url_news Parameter

github.com · 2025-11-19

From the provided web screenshot's Markdown document, the following key information about the vulnerability can be obtained: - **Vulnerability Type**: - SSRF (Server-Side Request Forgery) vulnerabilit…

GitLab SSRF DNS Rebinding Protection Bypass via Outbound Requests Setting

gitlab.com · 2025-11-20

Here is the key vulnerability information extracted from the webpage screenshot: - **Vulnerability Title**: - `SSRF: DNS rebinding protection bypass when allowing an IP address in Outbound Requests se…

Zoom Security Bulletin: Multiple CVEs including RCE, SSRF, and Auth Bypass in Clients

zoom.us · 2025-11-19

- **ZSB-25045**: Zoom Workplace VDI Plugin macOS Universal Installer - Symlink Following - **Severity**: Medium - **CVE**: CVE-2025-30662 - **Date Published**: 11/11/2025 - **Date Updated**: 11/14/202…

CVE-2025-61925: Request Header Injection Leading to SSRF and Middleware Bypass

github.com · 2025-11-14

### Critical Vulnerability Information #### Vulnerability Overview - **CVE ID**: CVE-2025-61925 - **Summary**: URL construction using unvalidated request headers `x-forwarded-proto` and `x-forwarded-p…

Grist v1.7.7 Security Advisory: Fetch URL SSRF and /compare Unauthorized Access Fix

github.com · 2025-11-14

### Key Vulnerability Information #### v1.7.7 Security Advisory - **Vulnerabilities Found**: Two vulnerabilities were identified in Grist through a private bug bounty program funded by DINUM (the Inte…

Typebot.io Webhook SSRF Bypasses IMDSv2 to Extract AWS IAM Credentials

github.com · 2025-11-14

### Key Information #### Vulnerability Description - **Type**: Server-Side Request Forgery (SSRF) - **Location**: Typebot.io's Webhook block (HTTP request component) functionality - **Impact**: Allows…

CVE-2025-64180: Manager Desktop/Server SSRF Bypass via TOCTOU

github.com · 2025-11-09

### Key Information #### Vulnerability Name Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU) Vulnerability #### Vulnerability ID CVE-2025-64180 #### Severity Critical #### CVS…

GLPI 10.0.3 SSRF Bypass for CVE-2022-36112 with PoC

huntr.dev · 2025-11-09

### Key Vulnerability Information - **Vulnerability Type:** CWE-918: Server-Side Request Forgery (SSRF) - **Severity:** Low (3.5) - **Affected Version:** 10.0.3 - **Status:** Fixed - **Found by:** w0r…

SSRF in tRPC endpoint allows internal resource access via unvalidated URLs

github.com · 2025-10-18

### Critical Vulnerability Information #### Vulnerability Overview - **Type**: SSRF (Server-Side Request Forgery) - **Affected Versions**: 1.136.1 - **Fixed Version**: 1.136.2 - **Severity**: Low (CVS…

JeecgBoot v3.4.0 SSRF Vulnerability Analysis and Bypass Technique

github.com · 2025-10-20

### Key Information Summary #### 0x01 Vulnerability Overview - **Vulnerability Type**: SSRF (Server-Side Request Forgery) - **Affected Scope**: JeecgBoot v3.4.0 and earlier versions - **Description**:…

NPM IP Package v2.0.1 SSRF Bypass Vulnerability Analysis (CVE-2021-43859)

cosmosofcyberspace.github.io · 2025-09-17

### Critical Vulnerability Information #### Vulnerability Overview - **CVE ID**: CVE-2021-43859 - **Product**: NPM IP Package v2.0.1 - **Affected Versions**: 2.0.1 (v2.0.1 is Current Latest) - **Vulne…

Node.js SSRF Exploit: Cloud Metadata Access and Local File Read via Proxy

github.com · 2025-09-03

### Key Information #### Vulnerability Type - SSRF (Server-Side Request Forgery) #### Impact - Read cloud metadata to obtain credentials and take over cloud infrastructure. - Access internal systems. …

SSRF Vulnerability POC: Cloud Metadata Access and Internal Network Exploitation

github.com · 2025-09-03

### Key Information #### Vulnerability Type - SSRF (Server-Side Request Forgery) #### Impact - Read cloud metadata to obtain credentials, potentially leading to takeover of cloud infrastructure. - Acc…

CVE-2025-57814: SSRF Bypass in request-filtering-agent via HTTPS to 127.0.0.1

github.com · 2025-08-27

### Key Information #### Vulnerability Overview - **Vulnerability Type**: SSRF Bypass via HTTPS Requests to 127.0.0.1 - **Affected Versions**: <2.0.0 - **Fixed Version**: 2.0.0 - **Severity**: High - …

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 478— Search: SSRF×

Security Intel Hub 478— Search: `SSRF`×