Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Security Intel Hub 593— Search: SSRF×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
Sonatype Nexus Repository 3.88.0 Security Update: CVE-2026-0601 XSS Fix & SSRF Mitigation
help.sonatype.com · 2026-01-20

### Critical Vulnerability Information #### Known Issues - **NuGet Search Issue**: In Sonatype Nexus Repository 3.88.0, NuGet client search requests may fail when the application runs on an embedded H…

Read more
lucy-xss-filter SSRF and Java Info Disclosure Vulnerability Analysis
github.com · 2026-01-20

### Critical Vulnerability Information #### Vulnerability Type - **SSRF (Server-Side Request Forgery)** - **Java Server-Side Java Console Information Disclosure** #### Vulnerability Trigger Conditions…

Read more
Saleor Security Configuration Guide: SSRF Protection, File Upload Restrictions, and XSS Sanitization
docs.saleor.io · 2026-01-27

## Critical Vulnerability Information - **HTTP Redirects and Timeouts** - Saleor disables HTTP redirects for outgoing connections by default and enforces strict timeout values (typically <20s). - This…

Read more
CVSS 7.1
SSRF Private Network Bypass via Numeric Address (GHSA-hgr9-frvw-5r76)
github.com · 2026-01-30

From the provided web screenshot, we can extract the following key information about the vulnerability: ### Vulnerability Summary - **Vulnerability Name**: SSRF (Server-Side Request Forgery) and priva…

Read more
CVSS 8.9
v1.1.3-alpha Security Fixes: Persistent XSS and SSRF Mitigation
github.com · 2026-02-21

## Critical Vulnerability Information ### v1.1.3-alpha (Pre-release) #### Security Fixes - **XSS Prevention**: Mitigated the primary persistent XSS risk in chat tool interfaces by eliminating unsafe r…

Read more
Premium intel
CVSS 8.8
Advanced Woo Labels Plugin Vulnerability Analysis (XSS/SSRF/RCE)
plugins.trac.wordpress.org · 2026-02-25

### Critical Vulnerability Information - **Plugin Name**: Advanced Woo Labels - **File**: `/includes/admin/class-awl-admin-ajax.php` - **Version**: 2.34 - **Last Modified**: Modified in changeset 3443…

Read more
CVSS 3.8
WordPress Plugin Bit Form SSRF Vulnerability (CVE-2024-13450) Advisory
www.wordfence.com · 2026-02-26

### Critical Vulnerability Information #### Vulnerability Summary - **CVE ID**: CVE-2024-13450 - **CVSS Score**: 3.8 (Low) - **Vulnerability Type**: Server-Side Request Forgery (SSRF) - **Publication …

Read more
CVSS 5.9
Patchstack WordPress Vulnerability Database Summary (RCE/SSRF/SQLi)
patchstack.com · 2026-04-02

## Patchstack Open Source Vulnerability Database ### Vulnerability Overview This page displays **39,658+** WordPress-related vulnerabilities, covering multiple vulnerability types: - **SSRF (Server-Si…

Read more
CVSS 7.7
Open WebUI v0.8.11 Security Patch Summary: SSRF, Bypass, Session Fixation
github.com · 2026-04-02

# Open WebUI v0.8.11 Security Vulnerability Fixes Summary ## Vulnerability Overview This release fixes multiple security vulnerabilities, primarily involving **model access control bypass**, **termina…

Read more
CVSS 7.3
ImEditor SSRF Vulnerability Analysis (CVSS 7.5) with POC
github.com · 2026-04-03

# ImEditor 服务端请求伪造 (SSRF) 漏洞总结 ### 漏洞概述 * **漏洞名称:** Server-Side Request Forgery (SSRF) Vulnerability in ImEditor #11 * **CVSS 评分:** 7.5 (High) * **描述:** ImEditor 的 `upload.php` 脚本存在服务端请求伪造漏洞。攻击者可通过构造恶…

Read more
Premium intel
CVSS 6.1
Roundcube Webmail Security Update: SSRF, XSS, Deserialization Fixes
roundcube.net · 2026-04-03

### 漏洞概述 Roundcube Webmail 发布安全更新(版本 1.7-rc5、1.6.14 和 1.5.14),修复了多个近期报告的安全漏洞。 ### 影响范围 - Roundcube Webmail 1.6 和 1.5 LTS 版本 - Roundcube Webmail 1.7 的候选版本(1.7-rc5) ### 修复方案 建议立即升级至以下版本以修复所有已知漏洞: - **1.…

Read more
CVSS 6.3
SSRF Vulnerability in google-search-api Library (CVSS 8.8)
github.com · 2026-04-04

This request asks me to summarize a webpage screenshot regarding a "Google Search Server-Side Request Forgery (SSRF) Vulnerability." **1. Vulnerability Overview:** * **Title:** Server-Side Request For…

Read more
CVSS 7.3
Unauthenticated SSRF in GPT Researcher WebSocket (CVSS 9.1) with POC
github.com · 2026-04-06

### Vulnerability Overview * **Vulnerability Name**: Unauthenticated WebSocket Source URL SSRF Vulnerability (Unauthenticated SSRF via WebSocket source_urls) * **Affected Product**: GPT Researcher * *…

Read more
CVSS 8.3
OpenHarness Path Traversal and SSRF Vulnerability Fix Analysis
github.com · 2026-04-18

# Vulnerability Summary ## Vulnerability Overview This commit fixes vulnerabilities related to Path Traversal and Web Guards in the OpenHarness project. The main issue lies in insufficient permission …

Read more
CVSS 8.6
Chamilo PensProcessor SSRF Fix: Strict Private IP Validation
github.com · 2026-04-18

# Vulnerability Summary ## Overview This vulnerability involves **insufficiently strict URL validation logic**, which may allow access to private/reserved address ranges (such as internal network addr…

Read more
CVSS 6.8
ProcessWire CMS Admin SSRF Vulnerability Analysis
gist.github.com · 2026-04-18

# ProcessWire CMS SSRF Vulnerability Summary ## Vulnerability Overview A **Server-Side Request Forgery (SSRF)** vulnerability exists in the admin panel of ProcessWire CMS (v3.0.255). The flaw is locat…

Read more
CVSS 4.3
CVE-2026-41687: SSRF CGNAT Bypass in wallios via is_cgnat_ip() Omission
github.com · 2026-05-07

# SSRF CGNAT Bypass in subscription/payments Logo URL — is_cgnat_ip() Not Used in Inline Checks (CWE-918) ## Vulnerability Overview - **Vulnerability Type**: CWE-918 Server-Side Request Forgery (SSRF)…

Read more
CVSS 8.5
n8n-mcp SSRF bypass via IPv4-mapped IPv6 addresses (CVE-2025-42449)
github.com · 2026-05-08

# Vulnerability Summary: IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync() ## Vulnerability Overview - **Vulnerability Name**: IPv4-mapped IPv6 addresses bypass SSRF protection in…

Read more
CVSS 5.4
WordPress nexus-blocks 1.1.1 SSRF via unvalidated URL import
plugins.trac.wordpress.org · 2026-05-22

### Vulnerability Overview The screenshot shows a code file from the WordPress plugin directory, specifically `nexus-blocks/tags/1.1.1/inc/template/template.php`. The file contains a potential securit…

Read more
CVSS 4.3
WordPress EditorCanvas Plugin Privilege Escalation & SSRF Mitigation Analysis
plugins.trac.wordpress.org · 2026-05-22

### Vulnerability Overview The screenshot shows a code file within a WordPress plugin directory, specifically `EditorCanvas.php`. The file contains a potential security vulnerability related to the pr…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.