Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 531— Search: SSRF×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
Axios SSRF Vulnerability: no_proxy Bypass via Hostname Normalization Flaw
github.com · 2026-04-10

### Vulnerability Summary **Vulnerability Overview** A Server-Side Request Forgery (SSRF) vulnerability exists in the Axios library. This vulnerability stems from a flaw in the hostname normalization …

Read more
CVSS 4.3
EspoCRM Authenticated SSRF via IPv4 Notation Bypass (CVE-2024-XXXX)
github.com · 2026-04-18

# Vulnerability Summary: Authenticated SSRF via Internal-Host Validation Bypass Using Alternative IPv4 Notation ## Overview There is an authenticated Server-Side Request Forgery (SSRF) vulnerability i…

Read more
CVSS 3.5
EspoCRM SSRF Vulnerability Fix and Bypass Analysis
github.com · 2026-04-18

# Vulnerability Summary ## Overview This vulnerability involves bypassing hostname resolution in `curl` requests. An attacker can construct specific URLs to bypass internal host checks and access inte…

Read more
CVSS 6.3
VoiceServer SSRF and Rate Limit Bypass Vulnerability Fix
github.com · 2026-04-18

# Vulnerability Summary ## Overview This vulnerability involves security issues related to **SSRF (Server-Side Request Forgery)** and **rate limit bypass**. Specifically, VoiceServer has the following…

Read more
CVSS 5.0
MaxKB Sandbox Network Hook Bypass Leading to SSRF
github.com · 2026-04-18

# SSRF via sandbox network hook bypass ## Vulnerability Overview The sandbox network protection in MaxKB can be bypassed by using `socket.sendto()` with the `MSG_FASTOPEN` flag. This allows authentica…

Read more
CVSS 7.3
AgentScope SSRF Vulnerability: Multimodal Content Processing Leads to Cloud Credential Exfiltration
gist.github.com · 2026-04-20

# Vulnerability Summary: AgentScope SSRF Vulnerability ## Overview **Title**: Full (Non-Blind) SSRF via Multimodal Content Block Formatter Enables Direct Data Exfiltration **Description**: AgentScope’…

Read more
CVSS 6.3
Blind SSRF Bypass in Dify <= v1.13.3 via OpenAI Plugin Schema Parser
gist.github.com · 2026-04-20

### Vulnerability Overview **Title**: Blind Server-Side Request Forgery (SSRF) Bypass via OpenAI Plugin Manifest Parsing **Description**: A blind Server-Side Request Forgery (SSRF) vulnerability exist…

Read more
Premium intel
CVSS 8.6
CVE-2026-33039: AVideo LiveLinks SSRF via DNS Rebinding Bypass
github.com · 2026-04-22

# CVE-2026-33039: SSRF Vulnerability in AVideo ## Vulnerability Overview The LiveLinks proxy plugin in AVideo has an incomplete SSRF fix. Although the `isSSRFsafeURL()` validation was added, a DNS TOC…

Read more
CVSS 8.6
AVideo/WVPN SSRF Bypass via DNS Rebinding and Fix Analysis
github.com · 2026-04-22

# Vulnerability Summary: Enhanced SSRF Protection ## Vulnerability Overview This commit fixes insufficient SSRF (Server-Side Request Forgery) protection in the WVPN/AVideo project. The main issue was …

Read more
CVSS 7.7
AVideo SSRF via Same-Domain Hostname Bypass (CVE-2024-41060)
github.com · 2026-04-22

### Vulnerability Overview - **Vulnerability Name**: SSRF via same-domain hostname with alternate port bypasses isSSRFsafeURL - **Vulnerability Type**: Server-Side Request Forgery (SSRF) - **Vulnerabi…

Read more
CVSS 7.1
Flowise SSRF Protection Bypass via TOCTOU and Default Insecure Config
github.com · 2026-04-24

### Vulnerability Overview - **Vulnerability Name**: SSRF Protection Bypass (TOCTOU & Default Insecure) - **Vulnerability Type**: Server-Side Request Forgery (SSRF) Protection Bypass - **Vulnerability…

Read more
CVSS 7.1
FlowiseAI SSRF Bypass via Unprotected Node.js Built-in Modules in Custom Function Sandbox
github.com · 2026-04-24

# SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox ## Vulnerability Overview A Server-Side Request Forgery (SSRF) protection bypass vulnerability exists in the C…

Read more
CVSS 6.8
no_proxy bypass via IP alias allows SSRF · Advisory · axios/axios · GitHub
github.com · 2026-04-25

# axios Security Vulnerability Summary ## Vulnerability Overview **Title**: no_proxy bypass via IP alias allows SSRF **CVE ID**: CVE-2026-42538 **Severity**: Moderate (CVSS v3 base metrics: 6.8 / 10) …

Read more
CVSS 6.5
HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass · Advisory · langchain-ai/langchain · GitHub
github.com · 2026-04-25

# HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass ## Vulnerability Overview The `HTMLHeaderTextSplitter.split_text_from_url()` method validates the initial URL but then uses `requests.…

Read more
CVSS 3.1
Image token counting SSRF protection can be bypassed via DNS rebinding · Advisory · langchain-ai/langchain · GitHub
github.com · 2026-04-25

# langchain-openai SSRF Vulnerability Summary ## Overview The `_url_to_size()` helper function in langchain-openai contains an SSRF (Server-Side Request Forgery) vulnerability when used to calculate i…

Read more
CVSS 7.3
Typecho <=1.3.0 SSRF Vulnerability Analysis: Weak Token Bypass and Gopher Protocol Exploitation
wang1rrr.github.io · 2026-04-26

# Typecho = $from; $i--) { if (sha1($secret . '.' . $i) == $token) { return true; } } return false; } ``` **Issue**: Uses `==` for loose comparison. In PHP, comparing a non-empty string `true` with a …

Read more
CVSS 7.3
MCP URL Downloader Redirect-Based SSRF Bypass Vulnerability Analysis
github.com · 2026-04-28

# MCP URL Downloader Redirect-Based SSRF Bypass Vulnerability Summary ## Vulnerability Overview * **Vulnerability Name**: mcp-url-downloader Redirect-Based SSRF Bypass Vulnerability #2 * **Vulnerabili…

Read more
Halo SSRF Vulnerability: Unvalidated URI in Plugin Install API Allows Internal Network Access
github.com · 2026-05-01

# Halo SSRF Vulnerability Summary ## Overview The `/apis/uc.api.storage.halo.run/v1alpha1/plugins/-/install-from-uri` endpoint in Halo has a Server-Side Request Forgery (SSRF) vulnerability. This flaw…

Read more
CVSS 4.3
MeTube Permissive CORS Policy Leads to RCE/SSRF (CVE)
github.com · 2026-05-01

# CVE Report: Cross-Origin Request Forgery via Permissive CORS Policy in alexta69/MeTube ## Vulnerability Overview * **Product Name**: MeTube (alexta69/metube) * **Affected Versions**: MeTube CORS PoC…

Read more
CVSS 4.3
NextChat Permissive CORS Policy Leading to SSRF and Sensitive Data Leakage
github.com · 2026-05-03

### Vulnerability Overview **Title:** Permissive CORS Wildcard Policy on All API Endpoints Enabling Cross-Origin Exploitation (CVE Report: Permissive CORS Wildcard Policy on All API Endpoints Enabling…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.