Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 531— Search: SSRF×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
Halo Blog SSRF Vulnerability Analysis with POC
github.com · 2026-05-01

# Halo SSRF Vulnerability Summary ## Vulnerability Overview The `/apis/uc.api.storage.halo.run/v1alpha1/themes/{name}/upgrade-from-uri` endpoint of the Halo blog system has a Server-Side Request Forge…

Read more
Halo SSRF Vulnerability: /apis/uc.api.storage.halo.run/v1alpha1/plugins/{name}/upgrade-from-uri
github.com · 2026-05-01

# Halo SSRF Vulnerability Summary ## Vulnerability Overview The `/apis/uc.api.storage.halo.run/v1alpha1/plugins/{name}/upgrade-from-uri` endpoint in Halo is vulnerable to Server-Side Request Forgery (…

Read more
CVSS 6.5
Gitroom SSRF Vulnerability Fix: DNS Rebinding Protection via Custom Dispatcher
github.com · 2026-05-09

# Vulnerability Summary ## Vulnerability Overview This commit fixes a **SSRF (Server-Side Request Forgery) vulnerability**. Attackers can exploit this by constructing malicious URLs, causing the serve…

Read more
CVSS 7.7
openclaw CDP WebSocket SSRF Vulnerability Fix
github.com · 2026-05-07

### Vulnerability Overview This vulnerability involves hardening the direct CDP (Chrome DevTools Protocol) WebSocket validation in the `openclaw` project. The specific issue is that the CDP WebSocket …

Read more
CVSS 6.3
Second-Order SSRF in JeecgBoot Announcement Download
github.com · 2026-05-02

# [Security] Second-Order SSRF in jeecgboot_JeecgBoot #9553 ## Vulnerability Overview A second-order Server-Side Request Forgery (SSRF) vulnerability exists in the announcement file download functiona…

Read more
CVSS 5.8
qgbot SSRF Vulnerability Fix and Defense Code Analysis
github.com · 2026-05-07

# Vulnerability Summary ## Vulnerability Overview This vulnerability involves a lack of SSRF (Server-Side Request Forgery) protection for directly uploaded URL paths in the `upload2C2Media` and `uploa…

Read more
fix(browser): preserve explicit strict SSRF config · openclaw/openclaw@1dabfef · GitHub
github.com · 2026-05-05

# Vulnerability Summary ## Overview This commit addresses a configuration issue regarding the strictness of the SSRF (Server-Side Request Forgery) policy in the browser configuration. Specifically, it…

Read more
CVSS 6.3
Second-Order SSRF in JeecBoot Announcement Download
github.com · 2026-05-02

# [Security] Second-Order SSRF in jeecboot_JeecBoot #9553 ## Vulnerability Overview A **second-order Server-Side Request Forgery (SSRF)** vulnerability exists in the announcement file download feature…

Read more
REPORT.md · GitHub
gist.github.com · 2026-05-04

### Prefect SSRF Bypass via DNS Rebinding in validate_restricted_url #### Vulnerability Overview The `validate_restricted_url` function in Prefect contains a Server-Side Request Forgery (SSRF) vulnera…

Read more
CVSS 7.7
Fix for SSRBypass via Delayed JS Redirect in Playwright Tools
github.com · 2026-05-07

### Vulnerability Overview This vulnerability involves the implementation of a three-stage interaction navigation guard in the browser to prevent bypassing delayed JS redirection via `pressKey` and `t…

Read more
Jenkins Security Advisory: Multiple Plugin Vulnerabilities (CVE-2019-10331/10337)
jenkins.io · 2025-11-09

### Jenkins Security Advisory 2019-06-11 #### Security Advisories - **CloudBees CD Plugin** - **jx-resources Plugin** - **Token Macro Plugin** ### Descriptions #### XML External Entity processing vuln…

Read more
Incomplete fix for CVE-2026-32812: SSRF in admidio · Advisory · Admidio/admidio · GitHub
github.com · 2026-05-07

# Vulnerability Summary: CVE-2026-32812 (SSRF in admidio) ## Vulnerability Overview The `fetch_metadata.php` file in Admidio contains an incomplete SSRF fix. Although the code resolves the IP address …

Read more
CVSS 6.3
JeecgBoot SSRF Vulnerability Analysis: /sys/common/uploadImgByHttp Endpoint
github.com · 2026-05-02

# Vulnerability Summary: Direct SSRF Vulnerability in JeecgBoot ## Vulnerability Overview A direct Server-Side Request Forgery (SSRF) vulnerability exists in the `/sys/common/uploadImgByHttp` interfac…

Read more
CVSS 6.3
JeecgBoot SSRF in uploadImgByHttp Endpoint (Pre-Auth)
github.com · 2026-05-02

# [Security] Direct SSRF via uploadImgByHttp Endpoint in jeecgboot_jeecBoot #9555 ## Vulnerability Overview A direct Server-Side Request Forgery (SSRF) vulnerability exists in the `/sys/common/uploadI…

Read more
CVSS 6.3
Lemmy SSRF via Webmention (GHSA-3jvj-v6w2-h948)
github.com · 2026-05-09

# SSRF Vulnerability Summary: /api/v3/post via Webmention Dispatch ## Vulnerability Overview - **Vulnerability Name**: SSRF (Server-Side Request Forgery) - **Vulnerability ID**: GHSA-3jvj-v6w2-h948 - …

Read more
Premium intel
CVSS 9.6
Azure Custom Locations RP Elevation of Privilege Vulnerability (CVE-2026-26135)
msrc.microsoft.com · 2026-04-03

# Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability **漏洞概述** * **CVE编号**: CVE-2026-26135 * **发布日期**: 2026年4月2日 * **漏洞类型**: 权限提升 (Elevation of Privilege) * **弱点类型**: 服务…

Read more
SpringBlade blade-report XXE Vulnerability Analysis
github.com · 2026-05-01

# SpringBlade XXE Vulnerability Summary ## Vulnerability Overview The `blade-report` module of SpringBlade (integrated with UReport2) contains an XML External Entity (XXE) injection vulnerability. Att…

Read more
CVSS 5.0
CVE-2018-918: Toonflow-app RCE via Zip Slip and SSRF in Update Mechanism
github.com · 2026-04-27

# Vulnerability Summary: Remote Code Execution (CVE-2018-918) ## Vulnerability Overview * **Vulnerability Name**: Remote Code Execution via Malicious Update Package (Zip Slip + SSRF) * **Vulnerability…

Read more
CVSS 5.4
SolarWinds Observability & Third-party CVEs: Open Redirect, XSS, Jetty Info Disc, Logback ELI/SSRF
documentation.solarwinds.com · 2025-11-18

### Critical Vulnerability Information #### SolarWinds CVEs | CVE-ID | Vulnerability Title | Description | Severity | Credit | |--------|--------------------|-------------|----------|--------| | CVE-2…

Read more
CVSS 6.3
Second-Order SSRF in JeecBoot OpenApi Service
github.com · 2026-05-02

# [Security] Second-Order SSRF via OpenApi Service in jeecboot_jeecBoot #9554 ## Vulnerability Overview This is a **Second-Order Server-Side Request Forgery (Second-Order SSRF)** vulnerability existin…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.