Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 531— Search: SSRF×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 7.2
WordPress image-viewer-block Plugin SSRF/XSS Vulnerability Analysis
plugins.trac.wordpress.org · 2026-02-05

### Key Information - **Source File**: `image-viewer-block.php` version `1.0.2` - **Latest Change**: Commit `3405993` by `tomorbplugins`, 6 months ago. - **Functionality**: Interactive image mapping i…

Read more
CVSS 6.5
WordPress Plugins Vulnerability Summary: XSS, SSRF, RCE, SQLi
patchstack.com · 2026-04-02

## Vulnerability Key Information Summary ### Vulnerability Overview and Scope This page displays a list of known vulnerabilities affecting multiple WordPress plugins and software, primarily involving …

Read more
PerfreeBlog SSRF Vulnerability in uploadAttachByUrl API and Fix
github.com · 2025-10-31

### Key Information #### Vulnerability Description - **Vulnerability Type**: SSRF (Server-Side Request Forgery) - **Affected API**: `uploadAttachByUrl` - **Issue**: The API allows unauthorized SSRF at…

Read more
Premium intel
CVSS 7.1
Analysis of RFI and SSRF vulnerabilities in PHP file handling code
github.com · 2025-11-14

### Key Vulnerability Summary #### 1. **Potential Remote File Inclusion (RFI) Risk** - **Code Line**: `$tempFile = tmpfile();` - **Description**: Temporary file is created using `tmpfile()`, but the d…

Read more
CVSS 4.3
KNIME Business Hub Multiple CVEs Advisory (RCE/SSRF/Hardcoded Password)
www.knime.com · 2025-11-09

## Critical Vulnerability Summary ### 1. CVE-2025-11240 - Open Redirect Vulnerability in KNIME Business Hub - **Release Date**: 2025-10-02 - **Affected Product**: KNIME Business Hub before 1.16.0 - **…

Read more
Premium intel
CVSS 8.3
OpenHarnness Path Bypass and SSRF Vulnerability Fix
github.com · 2026-04-18

# [security] Harden path rules and web fetch network guards #92 ## Vulnerability Overview This Pull Request fixes two security vulnerabilities present in the OpenHarness tool: 1. **Sensitive path bypa…

Read more
CVSS 4.9
Flarum Custom LESS Bypass Leading to LFI/SSRF Fix
github.com · 2026-05-09

### Vulnerability Overview This vulnerability involves the custom LESS settings within the Flarum framework. An attacker can bypass restrictions by using `@import` and `data:uri` in custom LESS settin…

Read more
CVSS 8.6
Red Hat Enterprise Linux CVE-2025-59088 Unauthenticated SSRF via DNS SRV Advisory
bugzilla.redhat.com · 2025-11-14

### Key Information - **CVE ID**: CVE-2025-59088 (Bug 2393955) - **Vulnerability Type**: Unauthenticated SSRF via Realm-Controlled DNS SRV - **Priority**: High - **Severity**: High - **Reported Date**…

Read more
CVSS 5.3
CVE-2024-5223: SSRF in priyankark/a11y-mcp src/index.js
vuldb.com · 2026-04-02

### 漏洞关键信息总结 **漏洞概述** * **漏洞名称:** Priyankark a11y-mcp SSRF 漏洞 * **CVE编号:** CVE-2024-5223 * **漏洞类型:** 服务器端请求伪造 (Server-Side Request Forgery, SSRF) * **CVSS评分:** 4.1(摘要中描述为 critical) * **当前利用价格:** $0–$5…

Read more
Premium intel
CVSS 10.0KEV
Zimbra Joule 8.8.15 Patch 46 Security Bulletin: SSRF, RCE, XSS Fixes (CVE-2024-45519)
wiki.zimbra.com · 2024-10-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Security Fixes**: - **CVE-2024-45519**: Fixed a security vulnerability in the postjournal serv…

Read more
Jenkins Plugin Security Advisory: XSS, SSRF, and Privilege Escalation Vulnerabilities
www.jenkins.io · 2024-11-17

From this webpage screenshot, the following key information about the vulnerabilities can be obtained: 1. **Vulnerability Descriptions**: - **Script Security Plugin**: The plugin does not perform perm…

Read more
Jenkins Plugin Security Advisory: XSS, SSRF, Privilege Escalation (SECURITY-2954, SECURITY-3010, etc.)
www.jenkins.io · 2024-11-17

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability Description**: - **Script Security Plugin Missing permission check vulnerability**: Script…

Read more
CVSS 5.4
Backstage Scaffolder SSRF/SSTI Vulnerability Analysis (CVE-2024-53983)
github.com · 2024-12-01

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: Server-side request forgery in Backstage Scaffolder plugin 2. **Vulnerab…

Read more
Premium intel
CVSS 8.8
WordPress Plugin external-image-replace 1.0.8 file_get_contents SSRF/RCE Analysis
plugins.trac.wordpress.org · 2025-05-07

### Critical Vulnerability Information - **File Path**: `external-image-replace/tags/1.0.8/class.php` - **Last Modified**: September 27, 2015 (7 years ago) - **File Size**: 5.1 KB #### Potential Vulne…

Read more
CVSS 8.6
a-blog cms Vulnerability Advisory: SSRF, Path Traversal, XSS (CVE-2025-27566, CVE-2025-32999, CVE-2025-36560, CVE-2025-4
jvn.jp · 2025-05-20

### Critical Vulnerability Information #### Vulnerability Overview - **CVE IDs**: CVE-2025-27566, CVE-2025-32999, CVE-2025-36560, CVE-2025-41429 - **Affected Product**: a-blog cms by appleple inc. - *…

Read more
CVSS 4.9
WordPress WPThumb Plugin SSRF Vulnerability Advisory
patchstack.com · 2025-07-06

### Key Information - **Vulnerability Name**: WordPress WPThumb Plugin <= 0.10 is vulnerable to Server Side Request Forgery (SSRF) - **Priority**: Low priority - **Affected Versions**: <= 0.10 - **Off…

Read more
CVSS 8.1
SSRF Vulnerability in improbable-eng/github-script Action (CVSS 8.1)
gitlab.com · 2025-07-06

### Key Information Summary #### Vulnerability Overview - **Vulnerability Type**: SSRF (Server-Side Request Forgery) - **Affected Scope**: Users of GitHub Actions utilizing the `improbable-eng/github-…

Read more
CVSS 7.5
Red Hat JBoss EAP 7.3 Security Update Advisory (CVEs: SSRF, DoS, Memory Exhaustion)
access.redhat.com · 2025-07-06

### Critical Vulnerability Information #### Vulnerability Overview - **Type/Severity**: Important - **Subject**: Red Hat JBoss Enterprise Application Platform 7.3.14 security update, addressing multip…

Read more
CVSS 8.2
SSRF Bypass in npm private-ip package due to missing multicast IP range
gist.github.com · 2025-07-26

### Key Information #### Vulnerability Description - **Vulnerability Type**: SSRF Bypass in private-ip - **Affected Package**: `private-ip` is an npm package used to check whether an IP address is a p…

Read more
CVSS 8.6
SSRF Vulnerability in File Conversion API (CVSS 7.5) with PoC
github.com · 2025-08-13

### Key Information #### Vulnerability Overview - **Vulnerability Type**: SSRF (Server-Side Request Forgery) - **Affected Versions**: All versions - **Fixed Version**: 1.1.0 - **Severity**: High (CVSS…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.