Security Intel Hub 478— Search: `SSRF`×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

EspoCRM <9.3.2 Attachment SSRF via DNS Rebinding

github.com · 2026-04-18

# SSRF via DNS Rebinding in Attachment fromImageUrl Endpoint Allows Internal Network Access ## Vulnerability Overview * **Vulnerability Type**: Server-Side Request Forgery (SSRF) achieved through DNS …

Chamilo LMS Unauthenticated SSRF and Open Email Relay Vulnerability

github.com · 2026-04-18

# Vulnerability Summary ## Overview - **Vulnerability Name**: Unauthenticated SSRF and Open Email Relay via install.ajax.php test_mailer action (<=2.0-RC.2) - **Vulnerability Types**: - Server-Side Re…

Chamilo LMS PENS Plugin Unauthenticated SSRF Vulnerability (CVE-2026-34160)

github.com · 2026-04-18

# Vulnerability Summary: Chamilo LMS PENS Plugin SSRF Vulnerability ## Overview The PENS (Package Exchange Notification Services) plugin in Chamilo LMS version 2.x contains an unauthenticated Server-S…

Fit2Cloud Sandbox SSRF Vulnerability Fix: connect/sendto/sendmsg Hooks

github.com · 2026-04-18

# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: SSRF (Server-Side Request Forgery) - **Vulnerability Description**: In the sandbox environment, security restrictions can be…

Tiny File Manager v2.0 SSRF Vulnerability Analysis and POC

drive.google.com · 2026-04-18

# Tiny File Manager v2.0 SSRF Vulnerability Summary ## Vulnerability Overview The URL file upload feature in Tiny File Manager v2.0 contains a Server-Side Request Forgery (SSRF) vulnerability. When au…

CraftQL Plugin SSRF Vulnerability Analysis (Craft CMS)

github.com · 2026-04-18

# CraftQL SSRF Vulnerability Summary ## Vulnerability Overview CraftQL is a GraphQL plugin for Craft CMS. This plugin contains a **Server-Side Request Forgery (SSRF)** vulnerability when processing re…

Blind SSRF in Image Edit Functionality (CVE-2026-3425)

github.com · 2026-04-18

# Vulnerability Summary: Blind Server Side Request Forgery in Image Edit Functionality ## Overview This is a blind Server-Side Request Forgery (Blind SSRF) vulnerability present in the functionality t…

NocoBase SSRF Vulnerability (CVE-2025-40346) Analysis and Fix

github.com · 2026-04-18

# SSRF in Workflow HTTP Request and Custom Request Plugins (CWE-918) ## Vulnerability Overview The Workflow HTTP Request plugin and Custom Request Action plugin of NocoBase allow the server to initiat…

NocoBase plugin-workflow-request SSRF Vulnerability Fix

github.com · 2026-04-18

# Vulnerability Summary ## Overview This vulnerability involves the server-side HTTP request sending logic in the `plugin-workflow-request` plugin of the `nocobase` project. Due to the lack of securit…

Authenticated SSRF in Jellyfin Server URL Verification (CWE-918) with POC

github.com · 2026-04-18

# Vulnerability Summary: Authenticated Server-Side Request Forgery (SSRF) via Jellyfin Server URL Verification ## Vulnerability Overview - **Vulnerability Type**: Server-Side Request Forgery (SSRF) - …

Plex/Jellyfin SSRF Vulnerability Fix and Protection Configuration Guide

github.com · 2026-04-18

# Vulnerability Summary ## Overview This commit fixes a **Server-Side Request Forgery (SSRF)** vulnerability. * **Affected Components**: Plex server and Jellyfin server. * **Vulnerability Principle**:…

Jellyfin SSRF Arbitrary File Read via ffmpeg Injection (CVE-2026-9333)

github.com · 2026-04-18

# Vulnerability Summary: Jellyfin SSRF + Arbitrary File Read ## Overview Jellyfin has an unauthenticated remote arbitrary file read vulnerability (SSRF), achieved via `ffmpeg` parameter injection. An …

Jellyfin LiveTV M3U Tuner SSRF and Arbitrary File Read Vulnerability (CVE-2026-35032)

github.com · 2026-04-18

# Jellyfin Potential SSRF + Arbitrary File Read Vulnerability (LiveTV M3U Tuner) ## Vulnerability Overview The LiveTV M3U tuner endpoint of Jellyfin (`POST /LiveTv/Tuners/IsAllowed`) does not validate…

UsersWP <=1.2.58 Authenticated SSRF via uwp_crop Parameter

www.wordfence.com · 2026-04-13

### Vulnerability Overview - **Vulnerability Name**: UsersWP <= 1.2.58 - Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop' Parameter - **Description**: The UsersWP plugin is used …

Weblate SSRF Vulnerability Analysis and Fix Guide

github.com · 2026-04-18

# Vulnerability Summary ## Overview This vulnerability involves an issue with the use of the `fetch_url` function in the Weblate project. The `fetch_url` function does not adequately validate the targ…

Krayin CRM SSRF Vulnerability (CVE-2026-38527) Analysis and Fix

github.com · 2026-04-18

# CVE-2026-38527 Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: Krayin CRM Server-Side Request Forgery (SSRF) * **CVE ID**: CVE-2026-38527 * **CVSS Score**: 8.6 (High) * **A…

craftql SSRF Vulnerability Report and PoC

github.com · 2026-04-18

# craftql_ssrf Vulnerability Report ## Vulnerability Overview This is a vulnerability report on `craftql_ssrf`, including code analysis, proof of concept (PoC), and reproduction steps. ## Impact Scope…

api-lab-mcp SSRF Vulnerability Analysis with PoC and Fix

github.com · 2026-04-10

### Vulnerability Overview * **Vulnerability Type**: Server-Side Request Forgery (SSRF, CWE-918). * **Description**: The `api-lab-mcp` project contains an SSRF vulnerability within the MCP/HTTP tool h…

SSRF Vulnerability in api-lab-mcp (CVE-918) with POC

github.com · 2026-04-10

### Vulnerability Overview * **Vulnerability Name**: Server-Side Request Forgery (SSRF) / 服务器端请求伪造 * **CVE ID**: CVE-918 * **Description**: An SSRF vulnerability was discovered in the MCP tools (`anal…

web3.py SSRF via CCIP Read (CVE-2024-40772) Analysis and Fix

github.com · 2026-04-10

# Vulnerability Summary: web3.py SSRF via CCIP Read (EIP-3668) ## 1. Vulnerability Overview The `web3.py` library contains a Server-Side Request Forgery (SSRF) vulnerability in its implementation of t…

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 478— Search: SSRF×

Security Intel Hub 478— Search: `SSRF`×