Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 531— Search: SSRF×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 6.3
SSRF Vulnerability in Psi Probe <=5.3.0 via Whois Lookup
github.com · 2026-02-27

### Server-Side Request Forgery (SSRF) in Psi Probe #### Affected Environment - **Project**: Psi Probe - **Repository**: https://github.com/psi-probe/psi-probe - **Affected Version**: (via WhoisContro…

Read more
CVSS 8.2
Gradio SSRF via Malicious proxy_url Injection in gr.load() (CVE-2026-28416)
github.com · 2026-02-28

### Vulnerability Information - **Vulnerability Name**: SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing - **Severity**: High - **CVE ID**: CVE-2026-28416 - **Affected Version…

Read more
CVSS 5.0
Jeesite XXE Vulnerability (CWE-611): Unfiltered logoutRequest Causes SSRF
www.yuque.com · 2026-03-02

## Jeesite XXE Vulnerability Report (CWE-611) ### 1. Description Jeesite contains an XXE vulnerability. The user-controlled `logoutRequest` XML is parsed without adequate XXE protections, enabling att…

Read more
CVSS 9.8
Sim Studio AI MongoDB SSRF and Arbitrary Document Deletion (CVE-2026-3431)
www.tenable.com · 2026-03-02

## Key Vulnerability Information ### Vulnerability Overview - **Name**: Sim Studio AI - MongoDB SSRF and Arbitrary Document Deletion - **Rating**: Critical ### Vulnerability Details - **CVE ID**: CVE-…

Read more
CVSS 5.3
Chamilo LMS CVE-2024-50337 Unauthenticated Blind SSRF via OpenID
github.com · 2026-03-03

### Key Vulnerability Information #### Vulnerability Name Potential unauthenticated blind SSRF via openid function #### Vulnerability Severity - Severity Level: Moderate - CVSS v3 Base Metrics: 5.3 / …

Read more
CVSS 5.3
GLPI Unauthenticated SSRF Fix: OpenID Provider Whitelisting
github.com · 2026-03-03

From this webpage screenshot, the following key vulnerability information can be obtained: - **Vulnerability Type**: - Fixed a potential "unauthenticated covert SSRF (Server-Side Request Forgery)" vul…

Read more
CrewAI Framework Multiple Vulnerabilities Summary (RCE/SSRF/File Read)
www.kb.cert.org · 2026-04-02

# Vulnerability Summary: CrewAI Multiple Vulnerabilities (VU#221883) ## Vulnerability Overview This advisory identifies four critical security vulnerabilities within the CrewAI framework, including Re…

Read more
CVSS 5.0
OpenStack Glance SSRF Fix: SafeRedirectHandler & IP Normalization
security.openstack.org · 2026-04-02

### Vulnerability Overview A Server-Side Request Forgery (SSRF) vulnerability exists in the OpenStack Glance image import functionality. Attackers can bypass URL validation checks by utilizing HTTP re…

Read more
CVSS 6.1
Cisco Nexus Dashboard SSRF Vulnerability Summary
sec.cloudapps.cisco.com · 2026-04-02

# Cisco Nexus Dashboard SSRF Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: Cisco Nexus Dashboard and Nexus Dashboard Insights Server-Side Request Forgery Vulnerability * **…

Read more
Kyverno CEL HTTP SSRF Vulnerability (CVE-2026-4789) Analysis and Mitigation
kb.cert.org · 2026-04-02

# Kyverno SSRF Vulnerability (VU#655822) ## Vulnerability Overview Kyverno versions 1.16.0 and later contain a Server-Side Request Forgery (SSRF) vulnerability in their CEL expression HTTP functions (…

Read more
CVSS 6.5
AVideo CVE-2024-34740 Stored SSRF via EPG Link
github.com · 2026-04-02

## Vulnerability Overview **Vulnerability Name**: Stored SSRF via Video EPG Link Missing isSSRSafeURL() Validation **CVE ID**: CVE-2024-34740 **Severity**: 6.5/10 (Medium) **Weakness**: CWE-918 (Serve…

Read more
CVSS 4.0
Tautulli Unauthenticated SSRF in pms_image_proxy (CVE-2024-31104)
github.com · 2026-04-02

## Vulnerability Overview **Tautulli pms_image_proxy Unauthenticated SSRF Vulnerability** Tautulli's `/pms_image_proxy` endpoint accepts a user-supplied `img` parameter and forwards it to Plex Media S…

Read more
Premium intel
CVSS 10.0
Unauthenticated SSRF in GoJSF httpTools Endpoint Leading to API Key Theft
github.com · 2026-04-02

Based on the webpage screenshot provided by the user, I extracted the following key information: 1. **Vulnerability Overview:** * **Title:** Unauthenticated SSRF via httpTools Endpoint Leads to Intern…

Read more
CVSS 7.6
InvoiceShelf SSRF in PDF Rendering via Unsanitised HTML
github.com · 2026-04-02

# Vulnerability Summary: SSRF in Estimate PDF Rendering Via Unsanitised HTML in Notes Field ### Vulnerability Overview This vulnerability exists in the Estimate PDF generation feature of the InvoiceSh…

Read more
CVSS 7.7
FastGPT MCP Tools Endpoint SSRF Vulnerability Analysis
github.com · 2026-04-02

# FastGPT MCP Tools SSRF Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name:** Server-Side Request Forgery via MCP Tools Endpoint in FastGPT (FastGPT's Server-Side Request Forgery …

Read more
CVSS 7.6
SSRF in Invoice PDF Rendering via Unsanitised HTML in Notes Field
github.com · 2026-04-02

# SSRF in Invoice PDF Rendering via Unsanitised HTML in Notes Field ### 漏洞概述 这是一个服务端请求伪造(SSRF)漏洞,存在于发票PDF生成模块中。由于`Notes`字段中的HTML输入未经过清理(unsanitised),攻击者可注入任意远程资源引用,从而触发对内部系统或外部恶意服务器的请求。该漏洞可通过PDF预览和邮件摘…

Read more
CVSS 5.8
Unauthenticated Blind SSRF in PTT Server /loadimg Endpoint
github.com · 2026-04-02

### Vulnerability Overview (漏洞概述) - **Title:** Unauthenticated Blind SSRF via /loadimg Endpoint Enables Internal Probing (未认证的盲SSRF通过/loadimg端点启用内部探测) - **Description:** The `/loadimg` endpoint of the…

Read more
SSRF in Docker Model Runner OCI Registry Client (Fixed in v1.1.25)
github.com · 2026-04-02

# Docker Model Runner SSRF 漏洞总结 ### 漏洞概述 * **漏洞名称**: Server-Side Request Forgery (SSRF) in Docker Model Runner OCI Registry Client * **漏洞描述**: Docker Model Runner 在 OCI 注册表令牌交换流程中存在 SSRF 漏洞。当拉取模型时,Mod…

Read more
Discourse SSRF in Group SMTP Test Endpoint (CVE-2026-39185)
github.com · 2026-04-02

### Vulnerability Summary **Vulnerability Title:** Group SMTP test endpoint susceptible to SSRF **Overview:** Discourse's group email settings test endpoint is vulnerable to Server-Side Request Forger…

Read more
CVSS 7.4
Clerk SSRF in clerkFrontendApiProxy Leaks Secret Keys: Affected Versions and Fix
github.com · 2026-04-02

# SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host ### 漏洞概述 `clerkFrontendApiProxy` 函数在 `@clerk/clerk-react` 中存在服务端请求伪造(SSRF)漏洞。不受信任的客户端可发送请求,导致秘密密钥(secret keys…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.