Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 531— Search: SSRF×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 7.3
MCP-Chat-Studio SSRF Vulnerability (CVE-918) Analysis and POC
github.com · 2026-04-28

# MCP-Chat-Studio Server-Side Request Forgery (SSRF) Vulnerability Summary ## 1. Vulnerability Overview * **Vulnerability Name**: MCP-Chat-Studio Server-Side Request Forgery Vulnerability #4 * **Vulne…

Read more
CVSS 6.3
auto-favicon-mcp 1.0.1 SSRF Vulnerability Analysis
vuldb.com · 2026-04-28

# Vulnerability Summary: dh1011 auto-favicon 1.0.1 Server-Side Request Forgery ## Vulnerability Overview - **Vulnerability ID**: #802054 - **Vulnerability Type**: Server-Side Request Forgery (SSRF) - …

Read more
CVSS 6.3
auto-favicon SSRF Vulnerability Report (CVE-918)
github.com · 2026-04-28

# auto-favicon Server-Side Request Forgery Vulnerability Report ## Vulnerability Overview * **Vulnerability Type**: Server-Side Request Forgery (SSRF) * **CVE ID**: CVE-918 * **Affected Component**: `…

Read more
CVSS 7.3
dmitryglhf mcp-url-downloader SSRF Vulnerability Fix
vuldb.com · 2026-04-28

# Vulnerability Summary ## Overview - **Vulnerability ID**: #802062 - **Vulnerability Name**: dmitryglhf mcp-url-downloader 0.1.0 Server-Side Request Forgery - **Vulnerability Type**: Server-Side Requ…

Read more
CVSS 7.3
NextChat SSRF via x-base-url Header (CWE-918) with PoC
gist.github.com · 2026-04-28

### Vulnerability Overview **Title**: Server-Side Request Forgery (SSRF) via Open Proxy Fallback (`x-base-url` Header) **Description**: - **Vulnerability Type**: Server-Side Request Forgery (SSRF) - *…

Read more
CVSS 7.3
NextChat SSRF via Unvalidated x-base-url Header (Open Proxy Fallback)
github.com · 2026-04-28

# [Security] Server-Side Request Forgery (SSRF) via Open Proxy Fallback (x-base-url Header) #6742 ## Vulnerability Overview NextChat has a Server-Side Request Forgery (SSRF) vulnerability. When the re…

Read more
CVSS 7.3
NextChat <=2.16.1 SSRF/Path Traversal Vulnerability Analysis
vuldb.com · 2026-04-28

# Vulnerability Summary ## Overview - **Vulnerability ID**: #797646 - **Vulnerability Name**: nextchat /api/artifacts?id=../../../../user/tokens/verify" ```

Read more
CVSS 7.3
NextChat SSRF and Cloudflare API Token Leakage via Path Traversal
gist.github.com · 2026-04-28

### Vulnerability Overview **Title**: Server-Side Request Forgery (SSRF) and Cloudflare API Token Leakage via Path Traversal in Artifacts Endpoint **Description**: - **Vulnerability Type**: SSRF and C…

Read more
CVSS 7.3
NextChat SSRF Vulnerability Leads to Cloudflare API Token Leakage
github.com · 2026-04-28

# Vulnerability Summary: Server-Side Request Forgery (SSRF) and Cloudflare API Token Leakage ## Vulnerability Overview - **Vulnerability Type**: Server-Side Request Forgery (SSRF) and Cloudflare API T…

Read more
CVSS 7.3
TencentCloudBase CloudBase-MCP SSRF Vulnerability (CVE-819) Advisory
vuldb.com · 2026-04-28

# Vulnerability Summary: TencentCloudBase CloudBase-MCP 2.16.1 Server-Side Request Forgery ## Vulnerability Overview - **Vulnerability ID**: #802230 - **Vulnerability Type**: Server-Side Request Forge…

Read more
CVSS 7.3
CloudBase MCP SSRF Vulnerability (CVE-918) Analysis and POC
github.com · 2026-04-28

# Vulnerability Summary: Server-Side Request Forgery (SSRF) in CloudBase MCP Interactive URL Opener ## 1. Vulnerability Overview * **Vulnerability Name**: Server-Side Request Forgery (SSRF) in CloudBa…

Read more
CVSS 7.3
SSRF Vulnerability Fix Analysis in interactive-server
github.com · 2026-04-28

# Vulnerability Summary ## Overview - **Vulnerability Type**: Server-Side Request Forgery (SSRF) - **Vulnerability ID**: CWE-918 - **Affected Component**: `interactive-server.ts` - **Trigger Point**: …

Read more
CVSS 7.3
HyperChat AI Proxy Middleware SSRF Vulnerability (#142) with POC
github.com · 2026-04-28

### Vulnerability Overview **Vulnerability Name**: Server-Side Request Forgery (SSRF) Vulnerability in AI Proxy Middleware of HyperChat **Vulnerability ID**: #142 **Vulnerability Type**: SSRF (Server-…

Read more
CVSS 7.3
SSRF Fix Guide: Enhancing URL Validation in isUrlSafeToOpen Function
github.com · 2026-04-28

### Vulnerability Overview This vulnerability involves insufficient validation of URLs, potentially leading to Server-Side Request Forgery (SSRF) attacks. Attackers can construct malicious URLs to byp…

Read more
CVSS 6.3
Authenticated SSRF in O2OA via Unrestricted File URL Fetching
github.com · 2026-04-29

# Vulnerability Summary: O2OA Authentication SSRF Vulnerability ## Vulnerability Overview **Title**: Authenticated SSRF in `/x_file_assemble_control/jaxrs/file/upload/with/url` via unrestricted fileUr…

Read more
CVSS 6.3
XXL-JOB <= 3.3.2 Low-Privilege SSRF Vulnerability Analysis
github.com · 2026-04-29

# XXL-JOB SSRF Vulnerability Summary (Issue #3935) ## Vulnerability Overview A Server-Side Request Forgery (SSRF) vulnerability exists in the `/jobinfo/trigger` endpoint of `xxl-job-admin`. * **Trigge…

Read more
CVSS 6.3
XXL-JOB SSRF Vulnerability Analysis (PR #3937)
github.com · 2026-04-29

# Vulnerability Summary: XXL-JOB SSRF Vulnerability (PR #3937) ## Vulnerability Overview The `manual trigger` interface (`/jobinfo/trigger`) of XXL-JOB is vulnerable to Server-Side Request Forgery (SS…

Read more
CVSS 7.3
xhs-mcp SSRF and Path Traversal Vulnerability Analysis with POC
github.com · 2026-04-30

# SSRF and Path Traversal Vulnerability Summary (xhs-mcp) ## 1. Vulnerability Overview * **Vulnerable Component**: The `xhs_publish_content` tool in the `xhs-mcp` project. * **Vulnerability Types**: *…

Read more
CVSS 7.3
xhs-mcp 0.8.11 SSRF and Path Traversal Vulnerability Analysis
github.com · 2026-04-30

# SSRF and Path Traversal Vulnerability Summary (xhs-mcp) ## 1. Vulnerability Overview Two critical vulnerabilities were discovered in the `xhs_publish_content` feature of the `xhs-mcp` tool (version …

Read more
Halo Blog SSRF Vulnerability Analysis (Pre-Auth/2.22.14)
github.com · 2026-05-01

# Halo SSRF Vulnerability Summary ## Vulnerability Overview The `/apis/uc.api.storage.halo.run/v1alpha1/themes/-/install-from-uri` endpoint of the Halo blog system has a Server-Side Request Forgery (S…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.