Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 531— Search: SSRF×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
Invoice Ninja v6.x Unauthenticated SQLi and SSRF Vulnerability (CVE-2025-29525)
gist.github.com · 2026-04-02

# CVE-2025-29525: Invoice Ninja 未认证 SQL 注入与 SSRF 漏洞 ### 漏洞概述 * **漏洞名称:** Invoice Ninja Unauthenticated SQLi Server-Side Request Forgery (SSRF) * **CVE 编号:** CVE-2025-29525 * **CVSS 评分:** 9.8 (Critical…

Read more
Kubeflow ResourceComposition SSRF and HTTP Header Injection Vulnerability Analysis
gist.github.com · 2026-04-02

**Vulnerability Summary** * **Vulnerability Name**: Kubeflow ResourceComposition ChartUtil.SSIF + Header Injection * **Vulnerability Type**: Server-Side Request Forgery (SSRF) and HTTP Header Injectio…

Read more
CVSS 6.3
SSRF in Frostmourn 1.0 Alarm Preview (AlarmController.java)
fx4tqqfvdw4.feishu.cn · 2026-04-02

### Vulnerability Summary **Vulnerability Overview** * **Vulnerability Name**: Server-Side Request Forgery (SSRF) in Frostmourn e 1.0 Alarm Preview * **Vulnerability Type**: Server-Side Request Forger…

Read more
CVSS 5.3
priyankark a11y-mcp 1.0.4 Server-Side Request Forgery (SSRF)
vuldb.com · 2026-04-02

### Vulnerability Key Information Summary **Vulnerability Overview** * **Vulnerability Name**: priyankark a11y-mcp 1.0.4 Server-Side Request Forgery (SSRF) * **Vulnerability Type**: Server-Side Reques…

Read more
CVSS 5.3
a17y-mvp SSRF Vulnerability with POC
github.com · 2026-04-02

# a17y-mvp Server-side Request Forgery Vulnerability ## Vulnerability Overview This is a Server-Side Request Forgery (SSRF) vulnerability. An attacker can craft malicious requests to induce the server…

Read more
huimeicloud hmEditor 2.2.3 SSRF Vulnerability Analysis
vuldb.com · 2026-04-03

### Vulnerability Summary **Vulnerability Overview** * **Vulnerability Title**: huimeicloud hmEditor 2.2.3 Server-Side Request Forgery (SSRF) * **Vulnerability Type**: Server-Side Request Forgery (SSR…

Read more
CVE-2024-5346: Huimeicloud HM Editor SSRF in client.get
vuldb.com · 2026-04-03

### 漏洞总结:CVE-2024-5346 **漏洞概述** * **漏洞名称:** Huimeicloud HM Editor Image-to-Base64 Endpoint SSRF * **CVE编号:** CVE-2024-5346 * **CVSS评分:** 6.6 (Critical) * **漏洞类型:** 服务器端请求伪造 (SSRF) * **受影响组件:** `huimei…

Read more
FastMCP OpenAPI Provider SSRF & Path Traversal Vulnerability Analysis
github.com · 2026-04-03

# SSRF & Path Traversal Vulnerability in FastMCP OpenAPI Provider ## 漏洞概述 * **漏洞名称:** SSRF & Path Traversal Vulnerability in FastMCP OpenAPI Provider * **严重性:** Critical (严重) * **CVSS 评分:** 9.8 * **描述…

Read more
Prometheus SSRF Path Traversal Fix (GHSA-wvq-7j5c-7h27)
github.com · 2026-04-03

* **Vulnerability Overview:** This is a fix for an SSRF (Server-Side Request Forgery) path traversal vulnerability.

Read more
SSRF in Approvix WebClientInts via getWebClient
github.com · 2026-04-03

# Vulnerability Summary: SSRF in Approvix via WebClientInts ### Vulnerability Overview * **Vulnerability Name**: Server-Side Request Forgery (SSRF) in Approvix via WebClientInts * **Vulnerability Type…

Read more
Debian L4J Startscript SQL Injection and SSRF Vulnerability Analysis
vuldb.com · 2026-04-03

Based on the webpage screenshot provided by the user, I extracted the following key vulnerability information: 1. **Vulnerability Summary**: * **Vulnerability Name**: Debian SQL Injection via L4J Star…

Read more
SQLbot <=1.6.0 SSRF via Unvalidated Elasticsearch Host Parameter
www.notion.so · 2026-04-03

# SQLbot SSRF Vulnerability Summary ### Vulnerability Description SQLbot is an intelligent data querying system based on large language models and RAG. In the `backend/apps/ai/es_engine.py` file, the …

Read more
SilkyWann <1.16.0 SSRF via Incomplete IP Validation (CVE-2025-2626)
github.com · 2026-04-03

# Vulnerability Summary: Incomplete IP Validation in `/api/search/visit` Allows

Read more
Fix Webhook SSRF: Enforce Public HTTP(S) URLs Only
github.com · 2026-04-03

### 漏洞关键信息总结 **漏洞概述** 该提交修复了一个 Webhook URL 验证不严的安全漏洞。此前实现允许 Webhook URL 指向内部网络地址(如内网 IP、localhost 等),存在 SSRF(服务器端请求伪造)攻击风险。修复通过引入 `IsSafeWebhook` 结构体,强制校验 URL 必须为公共 HTTP(S) 地址,有效防范潜在攻击。 **影响范围** - **文…

Read more
CVSS 4.7
Casdoor v2.356.0 Webhook SSRF Vulnerability Analysis
vuldb.com · 2026-04-03

### Vulnerability Key Information Summary **Vulnerability Overview** * **Vulnerability Name**: Casdoor v2.356.0 Server-Side Request Forgery (SSRF) * **Vulnerability Type**: Webhook SSRF (Server-Side R…

Read more
CVSS 4.7
Casdoor 2.356.0 Webhook URL SSRF Vulnerability Analysis
vuldb.com · 2026-04-03

### 漏洞总结:CASDOOR 2.356.0 Webhook URL SSRF **漏洞概述** * **漏洞名称:** CASDOOR 2.356.0 Webhook URL Server-Side Request Forgery (SSRF) * **CVE编号:** CVE-2026-5469 (注:截图中显示年份为2026年,疑似虚构或未来占位) * **严重程度:** Critica…

Read more
CVSS 6.3
SSRF in mixelpixx google-search-mcp 0.1.0 via extractContent
vuldb.com · 2026-04-04

### Vulnerability Key Information Summary **Vulnerability Overview** * **Vulnerability Name**: mixelpixx google-search-mcp 0.1.0 Server-Side Request Forgery (SSRF) * **Pull Request ID**: #781778 * **D…

Read more
Premium intel
CVSS 9.6
Budibase 3.33.4 Security Release: Fixes Command Injection, Path Traversal, and SSRF Risks
github.com · 2026-04-04

### Budibase 3.33.4 Security Update Summary **Vulnerability Overview** This release (version 3.33.4) addresses multiple security vulnerabilities, including: * **REST Target Restriction**: Default enfo…

Read more
Premium intel
CVSS 9.6
Salesforce REST Connect SSRF via Empty Default Endpoint
github.com · 2026-04-04

Based on the provided webpage screenshot, here is a summary of the vulnerability: **Vulnerability Overview** * **Vulnerability Name**: Server-Side Request Forgery (SSRF) via REST Connect with Empty De…

Read more
Premium intel
CVSS 9.1
ZimaOS CVE-2023-28788 SSRF via Cloudflare Tunnel
github.com · 2026-04-04

# 漏洞总结:ZimaOS Cloudflare Tunnel SSRF 漏洞 **漏洞概述** * **漏洞名称:** Arbitrary internal service access via /v1/sys/proxy when Cloudflare Tunnel is enabled on ZimaOS * **CVE ID:** CVE-2023-28788 * **严重程度:** Cr…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.