Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 531— Search: SSRF×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 7.5
CVE-2026-15486 SSRF in text-generation-webui superbooga extension
github.com · 2026-04-08

# CWE-918 SSRF Vulnerability Summary ## Vulnerability Overview A severe Server-Side Request Forgery (SSRF) vulnerability exists in the RAG (Retrieval-Augmented Generation) functionality within the `su…

Read more
CVSS 6.5
WWBN/AVideo Stored SSRF in Live Restream Log Callback
github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** This vulnerability exists in the **WWBN/AVideo** project, specifically within the **Live restream log callback flow**. * **Vulnerability Type**: St…

Read more
CVSS 7.7
OpenObserve SSRF Vulnerability Fix: IP Validation Logic Analysis
github.com · 2026-04-08

### Vulnerability Summary **Vulnerability Overview** A flaw exists in OpenObserve's URL validation logic, which fails to effectively block access to private IP addresses and loopback addresses. Attack…

Read more
CVSS 6.3
SSRF Vulnerability in bigsk1/openai-realtime-ui (CVE-2026-5803)
vuldb.com · 2026-04-09

### Vulnerability Overview * **CVE ID:** CVE-2026-5803 * **Vulnerability Name:** bigsk1 openai-realtime-ui API Proxy Endpoint server.js Query server-side request forgery * **Vulnerability Type:** Serv…

Read more
CVSS 6.3
SSRF Fix: IP/Hostname Filtering and DNS Rebinding Protection
github.com · 2026-04-09

### Vulnerability Overview This commit addresses **SSRF (Server-Side Request Forgery)** vulnerabilities and **insecure redirection** issues present in the `/api/proxy` endpoint. Attackers could exploi…

Read more
CVSS 6.3
SSRF Vulnerability in openai-realtime-ui server.js and Fix Details
github.com · 2026-04-09

### Vulnerability Overview This is a **Server-Side Request Forgery (SSRF)** vulnerability (CWE-918) present in the `server.js` component of the `openai-realtime-ui` project. * **Vulnerability Mechanis…

Read more
CVSS 6.3
SSRF Fix: /api/proxy Hardening, IP Blocklist & Redirect Chain Defense
github.com · 2026-04-09

### Vulnerability Overview This Pull Request fixes an **SSRF (Server-Side Request Forgery)** vulnerability in the `/api/proxy` endpoint. Attackers can control the `url` parameter to access internal se…

Read more
Premium intel
CVSS 8.8
Fix SSRF protection logic in fetch-guard: DNS pinning fallback when trusted proxy is unavailable
github.com · 2026-04-09

### Vulnerability Key Information Summary **1. Vulnerability Overview** This commit resolves a conflict between DNS pinning logic and Trusted Environment Proxy logic within the `fetch-guard` module. *…

Read more
CVSS 7.5
SSRF via $ref Dereferencing in mcp-from-openapi
github.com · 2026-04-09

### Vulnerability Summary: SSRF via $ref Dereferencing in Untrusted OpenAPI Specifications **Vulnerability Overview** This vulnerability exists in the `mcp-from-openapi` library. When the `OpenAPITool…

Read more
CVSS 3.5
LORIS Publication Module SSRF via Untrusted baseURL Input
github.com · 2026-04-09

# Vulnerability Summary: Improper Trust of User Input in Publication Module ## Vulnerability Overview A security vulnerability exists within the publication module of the LORIS system. The system erro…

Read more
CVSS 5.8
WP Migrate Lite CVE-2025-11427 Unauthenticated Blind SSRF Vulnerability Analysis
research.cleantalk.org · 2026-04-09

### Vulnerability Overview * **CVE ID**: CVE-2025-11427 * **Affected Plugin**: WP Migrate Lite (Version <= 2.7.6) * **Vulnerability Type**: Unauthenticated Blind Server-Side Request Forgery (SSRF) * *…

Read more
CVSS 3.5
Authenticated SSRF in WP Fastest Cache (CVE-2025-10583): Analysis and Fix
research.cleantalk.org · 2026-04-09

### Vulnerability Key Information Summary **1. Vulnerability Overview** * **CVE ID:** CVE-2025-10583 * **Vulnerability Type:** Authenticated Server-Side Request Forgery (SSRF) * **Description:** This …

Read more
CVSS 6.8
Kibana SSRF Vulnerability (CVE-2026-33458) Advisory and Mitigation
discuss.elastic.co · 2026-04-09

### Vulnerability Key Information Summary **Vulnerability Overview** * **Name:** Server-Side Request Forgery (SSRF) in Kibana One Workflow (Kibana One Workflow 中的服务器端请求伪造) * **Type:** CWE-918 - Server…

Read more
CVSS 7.3
api-lab-mcp SSRF Vulnerability Analysis with PoC and Fix
github.com · 2026-04-10

### Vulnerability Overview * **Vulnerability Type**: Server-Side Request Forgery (SSRF, CWE-918). * **Description**: The `api-lab-mcp` project contains an SSRF vulnerability within the MCP/HTTP tool h…

Read more
CVSS 7.3
SSRF Vulnerability in api-lab-mcp (CVE-918) with POC
github.com · 2026-04-10

### Vulnerability Overview * **Vulnerability Name**: Server-Side Request Forgery (SSRF) / 服务器端请求伪造 * **CVE ID**: CVE-918 * **Description**: An SSRF vulnerability was discovered in the MCP tools (`anal…

Read more
web3.py SSRF via CCIP Read (CVE-2024-40772) Analysis and Fix
github.com · 2026-04-10

# Vulnerability Summary: web3.py SSRF via CCIP Read (EIP-3668) ## 1. Vulnerability Overview The `web3.py` library contains a Server-Side Request Forgery (SSRF) vulnerability in its implementation of t…

Read more
CVSS 8.5
n8n-mcp Post-Auth SSRF Vulnerability and Mitigation Guide
github.com · 2026-04-10

### Vulnerability Overview This is a post-authentication Server-Side Request Forgery (SSRF) vulnerability located within the `n8n-mcp` package. An attacker possessing a valid `AUTH_TOKEN` can induce t…

Read more
CVSS 7.7
Plane Platform SSRF in Favicon Fetching Analysis
github.com · 2026-04-10

# SSRF Vulnerability Summary in Plane Platform Favicon Retrieval ## Vulnerability Overview * **Vulnerability Name**: Full Read Server-Side Request Forgery (SSRF) in Favicon Fetching via Redirection * …

Read more
Premium intel
CVSS 9.9
Sonarverse Audiostreaming Stack SSRF Vulnerability Analysis
github.com · 2026-04-10

# Sonarverse Audiostreaming Stack SSRF Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: Server-Side Request Forgery via user-controlled URLs in dashboard API client * **Severi…

Read more
SiYuan Note Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Rendering (CVE-2024-40107)
github.com · 2026-04-10

# SiYuan Note Mermaid Rendering Vulnerability Summary ## Vulnerability Overview **CVE ID**: CVE-2024-40107 **Vulnerability Name**: Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Renderi…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.