Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 531— Search: SSRF×

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Clear
Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 7.7
OpenClaw SSRF Bypass Vulnerability Fix Analysis
github.com · 2026-05-07

# Vulnerability Summary ## Overview A security vulnerability exists in the OpenClaw browser automation framework, allowing attackers to bypass SSRF (Server-Side Request Forgery) policy restrictions. T…

Read more
Premium intel
CVSS 8.5
SSRF Bypass via IPv6 Validation Flaw in validateUrlSync
github.com · 2026-05-08

### Vulnerability Overview This vulnerability involves the `validateUrlSync` function, where flaws in the validation logic for IPv6 address mapping and private IPv6 addresses allow attackers to bypass…

Read more
CVSS 7.7
FreeScout SSRF Vulnerability: Redirect Destination Not Re-validated Allows Cloud Metadata Access
github.com · 2026-05-08

### Vulnerability Overview - **Vulnerability Name**: SSRF via Helper::sanitizeRemoteUrl: redirect destination not re-validated, allowing internal HTTP / cloud-metadata access - **Vulnerability Descrip…

Read more
CVSS 7.1
PromptHub Authenticated SSRF via IPv6 Filter Bypass in POST /api/skills/fetch-remote
github.com · 2026-05-08

# Vulnerability Summary: Authenticated SSRF via IPv6 filter bypass in `POST /api/skills/fetch-remote` ## Vulnerability Overview An authenticated Server-Side Request Forgery (SSRF) vulnerability exists…

Read more
Angular platform-server parseUrl SSRF Bypass Vulnerability Analysis
github.com · 2026-05-08

# Vulnerability Summary ## Overview In the `platform-server` module, the `parseUrl` function is used to parse incoming request URLs. According to the WHATWG URL specification, protocol-relative URLs (…

Read more
Langfuse SSRF Vulnerability: Missing Secret Key Validation on LLM Base URL Change
github.com · 2026-05-08

# Vulnerability Summary ## Overview The Langfuse platform fails to enforce the provision of a secret key when changing the LLM test base URL, allowing attackers to perform Server-Side Request Forgery …

Read more
CVSS 7.7
FastGPT SSRF Bypass Cloud Metadata Endpoint via URL Encoding
github.com · 2026-05-09

# Vulnerability Summary: Cloud Metadata Endpoint SSRF Protection Bypass ## Vulnerability Overview The `isInternalAddress()` function in FastGPT, located in `packages/service/common/system/utils.ts`, a…

Read more
CVSS 6.3
FastGPT DNS Rebinding TOCTOU Bypass Leading to SSRF Vulnerability Analysis
github.com · 2026-05-09

# Vulnerability Summary: FastGPT DNS Rebinding TOCTOU Bypass Leading to SSRF ## Overview The `isInternalAddress` function in FastGPT contains a **DNS Rebinding TOCTOU (Time-of-Check to Time-of-Use)** …

Read more
SSRF Filter Bypass via 0.0.0.0 in QuantumNous/new-api
github.com · 2026-05-09

# SSRF Filter Bypass via 0.0.0.0 ## Vulnerability Overview This vulnerability exists in the `QuantumNous/new-api` project. Although SSRF protections were introduced in v0.9.0 and hardened in v0.9.6, t…

Read more
Axios SSRF Vulnerability (CVE-2024-39338) Analysis and PoC
jeffhacks.com · 2024-08-10

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: Server-Side Request Forgery Vulnerability (CVE-2024-39338) 2. **Affected…

Read more
Journeyx jtime Unauthenticated XXE Vulnerability (SSRF/File Read)
korelogic.com · 2024-08-10

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Affected Vendor and Product**: - Vendor: Journeyx - Product: Journeyx (jtime) - Version: 11.5.…

Read more
CVSS 8.5
Microsoft Copilot Studio SSRF Information Disclosure Vulnerability (CVE-2024-38206)
msrc.microsoft.com · 2024-08-10

### Vulnerability Information #### Vulnerability Description - **CVE Number**: CVE-2024-38206 - **Vulnerability Type**: Information Disclosure - **Severity**: Critical - **Release Date**: August 6, 20…

Read more
SeaCMS v13.1 SSRF Vulnerability in admin_reslib.php
github.com · 2024-09-10

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Type**: SeaCMS v13.1 Server-Side Request Forger…

Read more
LiteLLM CVE-2024-6587 SSRF Vulnerability Leads to OpenAI API Key Leakage
huntr.com · 2024-09-15

From this webpage screenshot, the following key information about the vulnerability can be extracted: 1. **Vulnerability Description**: - Users can specify the `api_base` parameter to send requests to…

Read more
CVE-2024-7207 Envoy SSRF via HTTP Header Manipulation
bugzilla.redhat.com · 2024-09-21

### Bug 2300352 (CVE-2024-7207) - CVE-2024-7207 envoy: Server-side request forgery via HTTP header manipulation #### Key Information: - **Bug ID**: 2300352 - **CVE ID**: CVE-2024-7207 - **Product**: S…

Read more
CVSS 8.6
CVE-2024-46984: XXE leading to SSRF in de.gematik.refv.commons
github.com · 2024-09-21

### Key Information #### Vulnerability Description - **Name**: XXE vulnerability can lead to a Server Side Request Forgery attack - **Publisher**: alexey-tschudnowsky - **Publication Date**: Yesterday…

Read more
Premium intel
CVSS 9.0
lobe-chat /api/proxy SSRF Vulnerability (Critical)
github.com · 2024-09-24

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Title**: 【Critical】/api/proxy endpoint SSRF vulnerability in …

Read more
CVSS 9.0
SSRF Vulnerability Fix Patch Analysis
github.com · 2024-09-24

From this webpage screenshot, we can extract the following key information about the vulnerability: 1. **Code Changes**: - A list of 6 modified files is shown, including `package.json`, `src/app/api/p…

Read more
CVSS 5.3
Ada.cx Sentry Misconfiguration Blind SSRF
www.tenable.com · 2024-10-07

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: Ada.cx SSRF via Sentry Misconfiguration 2. **Severity Level**: Low 3. **…

Read more
Premium intel
CVSS 7.7
PHP Excel Library Absolute Path Traversal and SSRF Vulnerability Analysis
github.com · 2024-10-09

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Vulnerability Type**: Absolute Path Traversal and Server-Side…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.