Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 478— Search: SSRF×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
request-filtering-agent SSRF: HTTPS bypasses 127.0.0.1 IP filtering
github.com · 2025-08-27

### Key Information #### Vulnerability Description - **Vulnerability Name**: request-filtering-agent 127.0.0.1 Vulnerability Test - **Affected Version**: v1.1.2 - **Fixed Version**: v2+ #### Issue Des…

Read more
SSRF Mitigation: URL Validation Fix Blocking Private IP Access
github.com · 2025-05-30

From this webpage screenshot, the following key vulnerability-related information can be obtained: - **Commit Information**: This is a commit named `0284aa8`, created by `zcaceres` 3 weeks ago. The co…

Read more
2FAuth CVE-2024-52598 SSRF via URI Validation Bypass
github.com · 2024-11-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Type**: SSRF + URI validation bypass - **Affect…

Read more
SSRF Analysis: fileUrl Parameter Bypass in /api/data/upload API Endpoint
github.com · 2024-11-03

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Type**: SSRF (Server-Side Request Forgery) vulnerability. 2. **Affected Path**: …

Read more
Sharp/Toshiba MFP Vulnerability Advisory: Auth Bypass, OOB Read, SSRF
jvn.jp · 2024-10-26

### Key Information 1. **Affected Products**: - Multifunction Printers (MFPs) provided by Sharp and Toshiba Tec Corporation, containing multiple vulnerabilities. 2. **Vulnerability Descriptions**: - *…

Read more
LobeChat SSRF Bypass via Redirect (CVE-2024-32964)
github.com · 2024-09-24

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability ID**: CVE-2024-32964 2. **Vulnerability Name**: Insufficient fix for GHSA-mxhq-xw3g-rphc 3…

Read more
Lightdash SSRF Vulnerability (CVE-2024-6586) Leads to Session Takeover
www.cve.org · 2024-09-01

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability ID**: CVE-2024-6586 2. **Release Date**: 2024-08-30 3. **Update Date**: 2024-08-…

Read more
Lightdash SSRF Session Takeover via Dashboard Export
github.com · 2024-09-01

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: Lightdash - Server-Side Request Forgery Session Takeover 2. **Vulnerabil…

Read more
DNS Rebinding Bypass SSRF Protection Vulnerability Analysis
github.com · 2024-09-07

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Name**: Bypass SSRF Protection with DNS Rebindi…

Read more
SSRF via redirect following in Cloudflare image-binding-transform endpoint (incomplete fix for GHSA-qpr4) · Advisory · w
github.com · 2026-04-25

# SSRF via redirect following in Cloudflare image-binding-transform endpoint (incomplete fix for GHSA-qpr4) ## Vulnerability Overview At line 28 of the file `packages/integrations/cloudflare/src/utils…

Read more
FlowiseAI APIChain SSRF Vulnerability (CVE-2024-41271) Analysis and PoC
github.com · 2026-04-24

# FlowiseAI <= 2.2.1 APIChain Prompt Injection SSRF Vulnerability Summary ## Vulnerability Overview The POST/GET API Chain component of FlowiseAI contains a Server-Side Request Forgery (SSRF) vulnerab…

Read more
OpenClaw Plivo Voice Callback SSRF Fix
github.com · 2026-04-24

### Vulnerability Overview - **Vulnerability Name**: `fix(voice-call): pin plivo callback origins` - **Vulnerability Description**: In the file `extensions/voice-call/src/providers/plivo.ts`, there is…

Read more
Kyverno apiCall SSRF Leading to ServiceAccount Token Leakage
github.com · 2026-04-24

# Kyverno ServiceAccount Token Leak Vulnerability Summary ## Vulnerability Overview Kyverno’s `apiCall` feature automatically attaches the admission controller’s ServiceAccount (SA) token to outbound …

Read more
SSRF Fix: Enforcing Hostname and Port Matching for Same-Origin Requests
github.com · 2026-04-22

# Vulnerability Summary ## Overview - **Vulnerability Type**: SSRF (Server-Side Request Forgery) - **Description**: By improving the SSRF protection mechanism, it is enforced that same-origin requests…

Read more
CraftCMS Host Header Injection Leads to SSRF via resource-js Endpoint
github.com · 2026-04-22

# CraftCMS Host Header Injection Leads to SSRF via resource-js Endpoint ## Vulnerability Overview - **Vulnerability Type**: Host Header Injection leading to SSRF (Server-Side Request Forgery) - **Affe…

Read more
Squidex CVE-2025-41170 Admin-Only SSRF in Backup Restore Endpoint
github.com · 2026-04-23

# SSRF via Backup Restore Endpoint — Admin-Controlled URL Download Allows Internal and External Requests ## Vulnerability Overview - **Vulnerability Type**: Server-Side Request Forgery (SSRF) - **Affe…

Read more
Squidex SSRF Vulnerability Analysis with PoC and Fix
github.com · 2026-04-23

# Squidex SSRF Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: Server-Side Request Forgery (SSRF) - **Vulnerable Path**: `/api/apps/{app}/assets` - **Vulnerability Descriptio…

Read more
Squidex SSRF via Jint Scripting Engine HTTP Functions
github.com · 2026-04-23

# SSRF via Jint Scripting Engine HTTP Functions Due to Missing SSRF Protection on "Jint" HttpClient ## Vulnerability Overview There is a Server-Side Request Forgery (SSRF) vulnerability in Squidex. Th…

Read more
Squidex Restore API Blind SSRF Vulnerability (CVE-2024-4177) Analysis and PoC
github.com · 2026-04-23

# Vulnerability Summary: Squidex Restore API Blind SSRF Vulnerability ## Overview * **Vulnerability Name**: Blind Server-Side Request Forgery (SSRF) in Restore API * **Vulnerability Type**: SSRF (Serv…

Read more
Wekan SSRF Vulnerability Fix: URL Protocol and Private IP Validation
github.com · 2026-04-23

# Vulnerability Summary ## Overview This commit fixes an **SSRF (Server-Side Request Forgery)** vulnerability in the Wekan platform. An attacker can craft a malicious Webhook URL to cause the server t…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.