Robuta

https://ssrf.dev/posts/2026/03/20/first-post-from-obsidian/ Obsidianやら何やらを組み合わせたブログをつくりました | ssrf.dev ssrf dev https://www.assetnote.io/resources/research/digging-for-ssrf-in-nextjs-apps Digging for SSRF in NextJS apps At Assetnote, we encounter sites running NextJS extremely often; in this blog post we will detail some common misconfigurations we find in NextJS websites,... diggingssrfnextjsapps https://ssrf.dev/about/ About me | ssrf.dev ssrf dev https://ctftime.org/task/32051 CTFtime.org / Hack for a Change 2026 March: UN SDG 3 / Clinical Gateway SSRF Capture The Flag, CTF teams, CTF ratings, CTF archive, CTF writeups change 2026un sdg3 clinicalctftimehack https://ssrf.dev/tags/claude-code/ tag: claude-code | ssrf.dev tag claudessrf devcode https://threatpost.com/ssrf-flaw-fintech-bank-accounts/179247/ SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts | Threatpost Apr 7, 2022 - Researchers discovered the vulnerability in an API already integrated into many bank systems, which could have defrauded millions of users by giving attackers... fintech platformbank accountsssrfflawallowed https://tarnkappe.info/artikel/it-sicherheit/microsoft-copilot-studio-datenleck-durch-ssrf-schwachstelle-moeglich-300506.html Microsoft Copilot Studio: Datenleck durch SSRF-Schwachstelle möglich Aug 22, 2024 - Die SSRF-Sicherheitslücke CVE-2024-38206 ermöglichte Copilot Studio den Zugriff auf interne Dienste in den Rechenzentren von Microsoft. microsoft copilot studiodatenleckdurchssrfschwachstelle https://www.sjoerdlangkemper.nl/2016/10/11/ssrf-in-ladesk-liveagent/ SSRF in LiveAgent The helpdesk software LiveAgent makes it possible to configure a SMTP server. Since it does not validate the SMTP server parameter and returns the response of... ssrfliveagent https://www.anquanke.com/post/id/312467 CVE-2025-9868 Nexus Repository 2 – 远程浏览器插件导致的未授权 SSRF 漏洞复现-安全KER - 安全资讯平台 cve 2025nexus repository9868ssrf https://ssrf.dev/tags/misc/ tag: misc | ssrf.dev ssrf devtagmisc https://seclists.org/oss-sec/2025/q4/242 oss-sec: CVE-2025-59775: Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF oss sec cveapache http server2025ntlmleakage https://securityonline.info/the-must-patch-release-wordpress-6-9-2-scrambles-to-fix-10-critical-flaws-from-xss-to-ssrf/ The 'Must-Patch' Release: WordPress 6.9.2 Scrambles to Fix 10 Critical Flaws from XSS to SSRF Mar 11, 2026 - Urgent: WordPress 6.9.2 patches 10 critical security flaws, including XSS, SSRF, and path traversal. Update your site immediately to prevent exploitation. wordpress 6 9patch release10 criticalmust2 https://www.aikido.dev/blog/astro-full-read-ssrf-via-host-header-injection Astro SSRF Vulnerability: Host Header Injection in SSR Error Pages (CVE-2026-25545) Feb 25, 2026 - Aikido Security's AI pentesting agent discovered a Server-Side Request Forgery vulnerability in Astro's SSR implementation. Learn how Host header injection in... host headererror pagescve 2026astrossrf https://patchstack.com/database/wordpress/plugin/ultimate-addons-for-gutenberg/vulnerability/wordpress-spectra-plugin-2-6-6-server-side-request-forgery-ssrf-vulnerability Server Side Request Forgery (SSRF) in WordPress Spectra Plugin - Patchstack Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues. server side requestwordpress spectra pluginforgery ssrfpatchstack https://ssrf.dev/tags/security/ tag: security | ssrf.dev tag securityssrf dev https://blog.flatt.tech/entry/github_ssrf_h1-512 GitHubの内部ネットワークにアクセス可能な脆弱性(SSRF)を報告した話 - GMO Flatt Security Blog Jul 31, 2023 - 今回解説する脆弱性は、当時プライベートベータ中だったGitHub Enterprise Importerと呼ばれる機能に存在しました。 この機能は以下の環境からGitHub Enterprise... gmo flatt securityssrfblog https://patchstack.com/database/wordpress/plugin/broken-link-checker/vulnerability/wordpress-broken-link-checker-plugin-2-4-2-admin-ssrf-vulnerability Server Side Request Forgery (SSRF) in WordPress Broken Link Checker Plugin - Patchstack Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues. server side requestchecker plugin patchstackforgery ssrfwordpress broken https://www.hackerone.com/blog/how-server-side-request-forgery-ssrf How To: Server-Side Request Forgery (SSRF) | HackerOne Server-Side Request Forgery, SSRF for short, is a vulnerability class that describes the behavior of a server making a request that’s under the attacker’s... server side requestforgery ssrfhackerone https://www.gecko.security/blog/cve-2025-54381 CVE-2025-54381: BentoML SSRF in File Upload Processing | Gecko Security Jul 29, 2025 - Server-side request forgery vulnerability in BentoML's file upload processing system allowing arbitrary HTTP requests from the server. cve 2025file uploadgecko securitybentomlssrf https://ssrf.dev/posts/2026/03/27/personal-gha-security-tips/ 個人的にGitHub Actionsまわりで気をつけていること | ssrf.dev ssrf dev https://github.com/mybb/mybb/security/advisories/GHSA-qfrj-65mv-h75h Incomplete disallowed remote addresses list SSRF · Advisory · mybb/mybb · GitHub GitHub is where people build software. More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects. incompletedisallowedremoteaddresseslist https://docs.n8n.io/hosting/securing/ssrf-protection/ SSRF protection | n8n Docs Protect your self-hosted n8n instance from Server-Side Request Forgery (SSRF) attacks. n8n docsssrfprotection https://dropbox.tech/security/bug-bounty-program-ssrf-attack Defending against SSRF attacks (with help from our bug bounty program) - Dropbox bug bounty programdefendingssrfattackshelp