Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%
Buy Us a Coffee

Security Intel Hub 593— Search: SSRF×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 6.3
Toonflow v1.1.1 SSRF Vulnerability Leading to Internal Credential Leakage
github.com · 2026-04-27

# Vulnerability Summary: SSRF in Toonflow v1.1.1 Leads to Internal Credential Leakage ## 1. Vulnerability Overview * **Vulnerability Name**: Server-Side Request Forgery (SSRF) in Toonflow v1.1.1 * **V…

Read more
CVE-2024-35387: Glances IP Plugin SSRF Leads to Credential Leakage
github.com · 2026-04-21

# SSRF in Glances IP Plugin via public_api leads to credential leakage ## Vulnerability Overview * **Vulnerability Type**: Server-Side Request Forgery (SSRF) and Credential Leakage. * **Affected Compo…

Read more
CVSS 7.7
SSRF Fix: Enforcing Hostname and Port Matching for Same-Origin Requests
github.com · 2026-04-22

# Vulnerability Summary ## Overview - **Vulnerability Type**: SSRF (Server-Side Request Forgery) - **Description**: By improving the SSRF protection mechanism, it is enforced that same-origin requests…

Read more
CVSS 7.7
CVE-2025-4750 Koel SSRF via Podcast Enclosure URL with Exploit POC
github.com · 2026-06-13

### Vulnerability Overview **Vulnerability Name**: SSRF via Podcast Episode Enclosure URLs **CVE ID**: CVE-2025-4750 **CVSS v3 Base Score**: 7.7 / 10 **Affected Versions**: ` value extracted from RSS …

Read more
[3.12] gh-87451: Apply CVE-2021-4189 PASV fix to ftplib.ftpcp() (GH-1… · python/cpython@c887044 · GitHub
github.com · 2026-06-13

### Vulnerability Overview This vulnerability affects the `FTP.pasv()` function in Python's `ftplib` module. An attacker can use a malicious FTP server to redirect the target server's data connection …

Read more
CVSS 6.3
Hunyuan3D Arbitrary File Read and SSRF Vulnerabilities with PoC and Fixes
github.com · 2026-06-03

### Vulnerability Overview Two security vulnerabilities were identified in the Hunyuan3D integration: 1. **Arbitrary File Read**: The `generate_hunyuan3d_model` function accepts a local file path as t…

Read more
CVSS 8.2
open-webSearch fetchWebContent SSRF Vulnerability Analysis (CVE-style)
github.com · 2026-05-22

# Vulnerability Summary: open-webSearch `fetchWebContent` MCP Tool SSRF Vulnerability ## Vulnerability Overview A Server-Side Request Forgery (SSRF) vulnerability exists in the `fetchWebContent` MCP t…

Read more
CVSS 7.3
SourceCoder SEO Meta Tag Extractor 1.0 SSRF Vulnerability Advisory and Fix
hackmd.io · 2026-06-02

### Vulnerability Overview **Vulnerability Name**: SourceCoder SEO Meta Tag Extractor 1.0 - Server-Side Request Forgery via URL Parameter **Vulnerability Type**: Server-Side Request Forgery (SSRF) (CW…

Read more
CVSS 6.3
XXL-JOB <= 3.3.2 Low-Privilege SSRF Vulnerability Analysis
github.com · 2026-04-29

# XXL-JOB SSRF Vulnerability Summary (Issue #3935) ## Vulnerability Overview A Server-Side Request Forgery (SSRF) vulnerability exists in the `/jobinfo/trigger` endpoint of `xxl-job-admin`. * **Trigge…

Read more
CVSS 7.3
xhs-mcp SSRF and Path Traversal Vulnerability Analysis with POC
github.com · 2026-04-30

# SSRF and Path Traversal Vulnerability Summary (xhs-mcp) ## 1. Vulnerability Overview * **Vulnerable Component**: The `xhs_publish_content` tool in the `xhs-mcp` project. * **Vulnerability Types**: *…

Read more
CVSS 6.3
JeecgBoot SSRF Vulnerability Analysis: /sys/common/uploadImgByHttp Endpoint
github.com · 2026-05-02

# Vulnerability Summary: Direct SSRF Vulnerability in JeecgBoot ## Vulnerability Overview A direct Server-Side Request Forgery (SSRF) vulnerability exists in the `/sys/common/uploadImgByHttp` interfac…

Read more
CVSS 5.0
SSRF in web_fetch due to unvalidated redirects, patch and PoC
github.com · 2026-06-02

### Vulnerability Overview This vulnerability involves a security issue in the `web_fetch` tool when handling redirects. Specifically, the initial URL is validated before fetching, but automatic redir…

Read more
Release v3.17.2 · baptisteArno/typebot.io · GitHub
github.com · 2026-06-18

### Vulnerability Overview - **Vulnerability Type**: SSRF (Server-Side Request Forgery) - **Vulnerability Description**: Block IPv6 unspecified SSRF targets ### Affected Scope - **Affected Version**: …

Read more
CVSS 6.3
SuperAGI WebScraperTool Full SSRF Vulnerability and POC
gist.github.com · 2026-04-20

# Vulnerability Summary: SuperAGI WebScraperTool SSRF Vulnerability ## Overview **Title**: Full SSRF via WebScraperTool allows authenticated users to access internal services and cloud metadata **Desc…

Read more
Jenkins Security Advisory: RCE and Path Traversal in Multiple Plugins (CVE-2026-48916-48925)
www.jenkins.io · 2026-05-28

### Jenkins Security Advisory 2026-05-27 #### Vulnerability Overview This advisory announces vulnerabilities in the following Jenkins components: 1. **Remote Code Execution (RCE) Vulnerability in LDAP…

Read more
Jenkins Plugin Advisory: LDAP Redirection Leads to RCE via Deserialization
www.jenkins.io · 2026-05-28

### Jenkins Security Advisory 2026-05-27 #### Vulnerability Overview This advisory announces vulnerabilities in the following Jenkins artifacts: - Active Directory Plugin - AppSpider Plugin - Bitbucke…

Read more
Jenkins Security Bulletin: Multiple Plugin Vulnerabilities including RCE, AFR, CSRF
www.jenkins.io · 2026-05-28

### Jenkins Security Advisory 2026-05-27 Vulnerability Summary #### Vulnerability Overview 1. **RCE vulnerability due to unvalidated LDAP redirection in the LDAP Plugin** - **CVE**: CVE-2026-48916 (SS…

Read more
Jenkins Security Advisory: Multiple Plugins RCE, Deserialization, SSRF, and File Read Vulnerabilities
www.jenkins.io · 2026-05-28

### Jenkins Security Advisory 2026-05-27 #### Vulnerability Overview 1. **RCE via Unverified LDAP Redirect in LDAP Plugin** - **CVE**: CVE-2026-48916 (SSRF), CVE-2026-48917 (Deserialization) - **Sever…

Read more
CVSS 6.3
Appsmith SSRF Vulnerability Fix via SMTP Parameter Control (GHSA-vvxf-f8q9-86gh)
github.com · 2026-06-03

### Vulnerability Overview - **Vulnerability Type**: SSRF (Server-Side Request Forgery) - **Vulnerability ID**: GHSA-vvxf-f8q9-86gh - **Description**: The `POST /api/v1/admin/send-test-email` endpoint…

Read more
CVSS 6.3
JeecgBoot SSRF in uploadImgByHttp Endpoint (Pre-Auth)
github.com · 2026-05-02

# [Security] Direct SSRF via uploadImgByHttp Endpoint in jeecgboot_jeecBoot #9555 ## Vulnerability Overview A direct Server-Side Request Forgery (SSRF) vulnerability exists in the `/sys/common/uploadI…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.