Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 531— Search: SSRF×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
CraftCMS Host Header Injection Leads to SSRF via resource-js Endpoint
github.com · 2026-04-22

# CraftCMS Host Header Injection Leads to SSRF via resource-js Endpoint ## Vulnerability Overview - **Vulnerability Type**: Host Header Injection leading to SSRF (Server-Side Request Forgery) - **Affe…

Read more
Squidex CVE-2025-41170 Admin-Only SSRF in Backup Restore Endpoint
github.com · 2026-04-23

# SSRF via Backup Restore Endpoint — Admin-Controlled URL Download Allows Internal and External Requests ## Vulnerability Overview - **Vulnerability Type**: Server-Side Request Forgery (SSRF) - **Affe…

Read more
Squidex SSRF Vulnerability Analysis with PoC and Fix
github.com · 2026-04-23

# Squidex SSRF Vulnerability Summary ## Vulnerability Overview - **Vulnerability Type**: Server-Side Request Forgery (SSRF) - **Vulnerable Path**: `/api/apps/{app}/assets` - **Vulnerability Descriptio…

Read more
Squidex SSRF via Jint Scripting Engine HTTP Functions
github.com · 2026-04-23

# SSRF via Jint Scripting Engine HTTP Functions Due to Missing SSRF Protection on "Jint" HttpClient ## Vulnerability Overview There is a Server-Side Request Forgery (SSRF) vulnerability in Squidex. Th…

Read more
CVSS 5.5
Squidex Restore API Blind SSRF Vulnerability (CVE-2024-4177) Analysis and PoC
github.com · 2026-04-23

# Vulnerability Summary: Squidex Restore API Blind SSRF Vulnerability ## Overview * **Vulnerability Name**: Blind Server-Side Request Forgery (SSRF) in Restore API * **Vulnerability Type**: SSRF (Serv…

Read more
CVSS 8.5
Wekan SSRF Vulnerability Fix: URL Protocol and Private IP Validation
github.com · 2026-04-23

# Vulnerability Summary ## Overview This commit fixes an **SSRF (Server-Side Request Forgery)** vulnerability in the Wekan platform. An attacker can craft a malicious Webhook URL to cause the server t…

Read more
FlowiseAI APIChain SSRF Vulnerability (CVE-2024-41271) Analysis and PoC
github.com · 2026-04-24

# FlowiseAI <= 2.2.1 APIChain Prompt Injection SSRF Vulnerability Summary ## Vulnerability Overview The POST/GET API Chain component of FlowiseAI contains a Server-Side Request Forgery (SSRF) vulnerab…

Read more
CVSS 5.3
OpenClaw Plivo Voice Callback SSRF Fix
github.com · 2026-04-24

### Vulnerability Overview - **Vulnerability Name**: `fix(voice-call): pin plivo callback origins` - **Vulnerability Description**: In the file `extensions/voice-call/src/providers/plivo.ts`, there is…

Read more
CVSS 8.1
Kyverno apiCall SSRF Leading to ServiceAccount Token Leakage
github.com · 2026-04-24

# Kyverno ServiceAccount Token Leak Vulnerability Summary ## Vulnerability Overview Kyverno’s `apiCall` feature automatically attaches the admission controller’s ServiceAccount (SA) token to outbound …

Read more
CVSS 2.2
SSRF via redirect following in Cloudflare image-binding-transform endpoint (incomplete fix for GHSA-qpr4) · Advisory · w
github.com · 2026-04-25

# SSRF via redirect following in Cloudflare image-binding-transform endpoint (incomplete fix for GHSA-qpr4) ## Vulnerability Overview At line 28 of the file `packages/integrations/cloudflare/src/utils…

Read more
CVSS 6.3
WAHA Media Conversion Endpoint Authenticated SSRF Vulnerability Analysis
github.com · 2026-04-25

# WAHA Authentication SSRF Vulnerability Summary ## Vulnerability Overview The WAHA media conversion endpoint accepts user-supplied file URLs and fetches them server-side. The input URL is passed via …

Read more
CVSS 4.7
Pagekit CMS 1.0.18 SSRF Vulnerability Analysis
www.yuque.com · 2026-04-26

# Pagekit CMS 1.0.18 SSRF Vulnerability Summary ## Vulnerability Overview * **Vulnerability Type**: Server-Side Request Forgery (SSRF) * **Affected Software**: Pagekit CMS 1.0.18 (and earlier versions…

Read more
CVSS 6.3
AiraHub2 SSRF Vulnerability Analysis (CVE-918) with PoC
github.com · 2026-04-26

# AiraHub2 Server-Side Request Forgery (SSRF) Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: AiraHub2 Server-Side Request Forgery via agent and hub URL parameters * **Vulner…

Read more
CVSS 7.3
Typecho <= 1.3.0 Unauthenticated SSRF in Pingback Service
vuldb.com · 2026-04-26

# Vulnerability Summary: SSRF Vulnerability in Typecho 1.3.0 and Earlier Versions ## Vulnerability Overview In Typecho 1.3.0 and earlier versions, the `/actions/service?do=ping` endpoint is vulnerable…

Read more
CVSS 7.3
BuildingAI Unauthenticated SSRF Vulnerability Analysis (CVE-2026-110)
github.com · 2026-04-27

# BuildingAI Unauthenticated SSRF Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: BuildingAI Unauthenticated SSRF Vulnerability in Remote Upload #110 * **Vulnerability Type**…

Read more
CVSS 6.3
Toonflow v1.1.1 SSRF Vulnerability Leading to Credential Leakage
github.com · 2026-04-27

# Vulnerability Summary: SSRF Vulnerability in Toonflow v1.1.1 ## 1. Vulnerability Overview * **Vulnerability Name**: Server-Side Request Forgery (SSRF) in Toonflow v1.1.1 leading to internal credenti…

Read more
CVSS 6.3
Toonflow v1.1.1 SSRF Vulnerability Leading to Internal Credential Leakage
github.com · 2026-04-27

# Vulnerability Summary: SSRF in Toonflow v1.1.1 Leads to Internal Credential Leakage ## 1. Vulnerability Overview * **Vulnerability Name**: Server-Side Request Forgery (SSRF) in Toonflow v1.1.1 * **V…

Read more
CVSS 7.3
SSRF Vulnerability in GlutamateMCPservers puppeteer_navigate Tool
github.com · 2026-04-27

# Vulnerability Summary: GlutamateMCPservers Server-Side Request Forgery (SSRF) ## 1. Vulnerability Overview * **Vulnerability Type**: Server-Side Request Forgery (SSRF) - CWE-918 * **Affected Compone…

Read more
CVSS 7.3
SSRF Vulnerability in GlutamateMCPServers @glutamateapp/puppeteer via puppeteer_navigate
github.com · 2026-04-27

# Vulnerability Summary: Server-Side Request Forgery (SSRF) Vulnerability in GlutamateMCPServers ## 1. Vulnerability Overview * **Vulnerability Type**: Server-Side Request Forgery (SSRF) - CWE-918 * *…

Read more
CVSS 7.3
SSRF Vulnerability in mcp-data-vis: Analysis, PoC, and Fix
github.com · 2026-04-28

# Server-Side Request Forgery (SSRF) Vulnerability Summary for mcp-data-vis ## Vulnerability Overview * **Vulnerability Type**: Server-Side Request Forgery (SSRF) * **CWE ID**: CWE-918 * **Affected Co…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.