Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 531— Search: SSRF×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
Saleor HTTP Redirect/SSRF Protection and File Upload Restriction Configuration
docs.saleor.io · 2026-01-27

## Critical Vulnerability Information ### HTTP Redirects and Timeouts - Saleor disables outgoing HTTP redirects by default and enforces strict timeout values (typically <20s). - This design aims to pr…

Read more
CVSS 9.1
Squidex CMS Webhook SSRF Vulnerability Analysis
github.com · 2026-01-28

### Critical Vulnerability Information #### Vulnerability Overview - **Type**: Server-Side Request Forgery (SSRF) - **Location**: Squidex CMS (Squidex) (C#) - Webhook Configuration - **Affected Versio…

Read more
CVSS 6.3
OpenProject Blocknote Extension ID Manipulation SSRF/DoS (CVE-2026-24775)
github.com · 2026-01-29

### Key Information Summary #### Vulnerability Overview - **Title**: Forced Actions, Content Spoofing, and Persistent DoS via ID Manipulation in OpenProject Blocknote Editor Extension - **Severity**: …

Read more
CVSS 4.9
CVE-2026-24767 Blind SSRF via Unvalidated HEAD Request
github.com · 2026-01-29

Key vulnerability information extracted from the web screenshot: - **Vulnerability Type**: Blind SSRF (Server-Side Request Forgery). - **Root Cause**: Unvalidated HEAD request. - **Affected Versions**…

Read more
CVSS 2.7
Keycloak Blind SSRF via CIBA Backchannel (CVE-2026-1518)
bugzilla.redhat.com · 2026-02-02

# Critical Vulnerability Information - **Bug ID:** 2433727 (CVE-2026-1518) - **Vulnerability Name:** keycloak: Blind Server-Side Request Forgery (SSRF) via CIBA Backchannel Notification Endpoint in Ke…

Read more
CVSS 4.7
ZenTao PMS Webhook Module SSRF Vulnerability Analysis
vuldb.com · 2026-02-05

### Critical Vulnerability Information **Title**: - **ZenTao PMS <=21.7.6-85642 SSRF** **Description**: - A Server-Side Request Forgery (SSRF) vulnerability exists in the Webhook module of ZenTao CMS.…

Read more
Group-Office WOPI Service SSRF and Local File Read Vulnerability (CVE-2026-25511)
github.com · 2026-02-05

### Key Information #### Vulnerability Overview - **Vulnerability Name**: SSRF and File Read in WOPI service discovery - **Severity**: High (8.2/10) - **CVE ID**: CVE-2026-25511 - **Affected Versions*…

Read more
CVSS 4.7
ZenTao Webhook SSRF Arbitrary File Read Vulnerability
github.com · 2026-02-05

### Key Information #### Vulnerability Overview - **Vulnerability Type**: Server-Side Request Forgery (SSRF) leading to arbitrary file read - **Severity**: High - **Affected Component**: Webhook modul…

Read more
CVSS 8.6
Pydantic AI SSRF Vulnerability Advisory and Fix Guide
github.com · 2026-02-07

### Key Information #### Summary - **Vulnerability Type**: Server-Side Request Forgery (SSRF) - **Affected Versions**: - `pydantic-ai`: >= 0.0.26 - `pydantic-ai-slim`: >= 0.0.26 - **Fixed Versions**: …

Read more
CVSS 5.3
Homarr Unauthenticated SSRF/Port-Scan via widget.app.ping (CVE-2026-25123)
github.com · 2026-02-07

## Critical Vulnerability Information ### Vulnerability Title Unauthenticated SSRF / Port-Scan Primitive via widget.app.ping ### CVE ID CVE-2026-25123 ### Affected Versions = 1.52.0 ### Vulnerability …

Read more
CVSS 5.8
LangSmith SDK SSRF via Tracing Header Injection (CVE-2026-25528)
github.com · 2026-02-10

## Critical Vulnerability Information ### Vulnerability Description - **Vulnerability Type**: Server-Side Request Forgery (SSRF) via Tracing Header Injection - **CVE ID**: CVE-2026-25528 - **CVSS v3 B…

Read more
CVE-2026-25492: GraphQL SSRF Exfiltrates AWS Credentials
github.com · 2026-02-10

- **Vulnerability Details** - **Title:** save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host - **Affected Versions:** - `>= 5.0.0-RC1, = 3.5.0, <= 4.16.17…

Read more
CVSS 5.8
Faraday SSRF Vulnerability (CVE-2026-25765) Analysis and Fix
github.com · 2026-02-10

## Key Information Overview ### Vulnerability Details - **Vulnerability Type**: SSRF (Server-Side Request Forgery) - **CVE ID**: CVE-2026-25765 - **Severity**: Moderate (5.8/10) - **Affected Versions*…

Read more
CVSS 5.8
DoraCMS <=3.1 UEditor Remote Image Fetch SSRF Vulnerability (CVE-2026-25870)
www.vulncheck.com · 2026-02-11

- **Advisories:** DoraCMS <= 3.1 UEditor Remote Image Fetch SSRF - **Severity:** Medium - **Date:** 2/10/2026 - **Affecting:** DoraCMS <= 3.1 - **References:** - CVE-2026-25870 - [GitHub Issue](https:…

Read more
CVSS 3.7
LangChain ChatOpenAI SSRF via image_url token counting
github.com · 2026-02-11

## SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages ### Affected Versions - langchain-core==0.3.81 ### Severity - Low (3.7 / 10) ### Summary The `ChatOpenAI.get_num_tokens_…

Read more
CVSS 5.8
DoraCMS 3.1 UEditor SSRF Vulnerability Analysis Report
github.com · 2026-02-11

## DoraCMS 3.1 Security Report SSRF (Responsible Disclosure) ### Report Title SSRF via UEditor Remote Image Fetch (catcher/catchImage) ### Product DoraCMS 3.1 ### Date 2026-02-10 ### Scope Source-code…

Read more
CVSS 4.3
SPIP <4.4.9 Blind SSRF Vulnerability (CVE-2026-27472)
www.vulncheck.com · 2026-02-21

- **Title**: SPIP < 4.4.9 Blind Server-Side Request Forgery via Syndicated Sites - **Severity**: Medium - **Date**: 2026-02-19 - **CVE ID**: CVE-2026-27472 - **CVSS V4 Base Score**: 4.4 - **CVSS V4 Ve…

Read more
Rocket TRUfusion Enterprise Pre-Auth SSRF Vulnerability (CVE-2025-32355)
www.rcesecurity.com · 2026-02-21

From the screenshot, the following key information about the vulnerability can be obtained: ### Key Information - **Product:** TRUfusion Enterprise - **Vendor URL:** https://www.rocketsoftware.com/en-…

Read more
CVSS 7.1
NetApp StorageGRID SSRF Vulnerability Advisory (CVE-2026-22048)
security.netapp.com · 2026-02-21

- **Vulnerability ID**: CVE-2026-22048 - **Advisory ID**: NTAP-20260217-0001 - **Affected Product**: StorageGRID (formerly StorageGRID Webscale) - **Vulnerable Versions**: Prior to 11.9.0.12 and 12.0.…

Read more
CVSS 5.6
worldquant-miner v1.0.9 SSRF Vulnerability in /console/api/remote-files
github.com · 2026-02-21

## Key Information - **Vulnerability Type**: Server-Side Request Forgery (SSRF) - **Affected Version**: worldquant-miner v1.0.9 - **Vulnerable Endpoint**: `/console/api/remote-files` - **Vulnerability…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.