Contact Privacy DMCA

Robuta
https://app-attack-matrix.com/techniques/Payload%20Execution/Request%20Forgery/subtechniques/SSRF/ Server-Side Request Forgery (SSRF) - Application Security Tactics & Techniques Matrix server siderequest forgeryapplication securityssrftactics https://newclawtimes.com/articles/openclaw-2026-4-9-memory-dreaming-security-hardening-android/ OpenClaw v2026.4.9 Ships REM Memory Backfill, SSRF Hardening, and Android Pairing Overhaul Apr 9, 2026 - OpenClaw v2026.4.9 adds REM memory backfill, SSRF security hardening, character-vibes QA evals, and Android pairing overhaul https://www.sentinelone.com/vulnerability-database/cve-2025-52477/ CVE-2025-52477: Octo-STS SSRF Vulnerability CVE-2025-52477 is an SSRF vulnerability in Octo-STS GitHub App. Learn about its impact, affected versions, and mitigation methods. cveoctostsssrfvulnerability https://attaxion.com/blog/ssrf-vs-csrf-difference/ Side-by-Side Comparison of SSRF vs. CSRF | Attaxion Nov 10, 2025 - Check out the difference between SSRF vs. CSRF vulnerabilities. We compared their targets, impact, and mitigation techniques in this post. by comparisonsidessrfvscsrf https://advisories.gitlab.com/composer/magento/community-edition/CVE-2019-7892/ Server-Side Request Forgery (SSRF) | GitLab Advisory Database (GLAD) CVE-2019-7892 Server-Side Request Forgery (SSRF): A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9,... server siderequest forgeryssrfgitlabadvisory https://s4e.io/tools/mindsdb-dns-rebinding-ssrf-protection-bypass-cve-2024-24759 MindsDB -DNS Rebinding SSRF Protection Bypass CVE-2024-24759 Scanner Detects 'SSRF' vulnerability in mindsdb that allows bypass of SSRF protection via DNS rebinding. Affects versions before 23.12.4.2. dns rebindingssrf protectionmindsdbbypasscve https://sast.online/news/2025/grafana-flaws-likely-targeted-in-broad-ssrf-exploitation-campaign Grafana Flaws Likely Targeted in Broad SSRF Exploitation Campaign - Online Static application... https://advisories.gitlab.com/composer/czim/file-handling/CVE-2024-47049/ czim/file-handling vulnerable to SSRF and directory traversal | GitLab Advisory Database (GLAD) CVE-2024-47049 czim/file-handling vulnerable to SSRF and directory traversal: The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP... https://advisories.gitlab.com/pypi/changedetection.io/CVE-2026-27696/ changedetection.io is Vulnerable to SSRF via Watch URLs | GitLab Advisory Database (GLAD) CVE-2026-27696 changedetection.io is Vulnerable to SSRF via Watch URLs: Changedetection.io is vulnerable to Server-Side Request Forgery (SSRF) because the URL... https://advisories.gitlab.com/npm/flowise/GHSA-2x8m-83vc-6wv4/ Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure) | GitLab Advisory Database (GLAD) ssrf protectionflowisebypasstoctou https://advisories.gitlab.com/maven/org.apache.kylin/kylin-ops-server/CVE-2025-61735/ Apache Kylin Server-Side Request Forgery (SSRF) Vulnerability | GitLab Advisory Database (GLAD) CVE-2025-61735 Apache Kylin Server-Side Request Forgery (SSRF) Vulnerability: Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue... apache kylinserver siderequest forgery https://barbeque-stuff.hostsite.info/blaze-outdoor-rated-stainless-steel-refrigerator-blz-ssrf-40dh-4-1-cu-ft/ Blaze Outdoor Rated Stainless Steel Refrigerator (BLZ-SSRF-40DH), 4.1 Cu Ft. Feb 27, 2018 - The Blaze 20-Inch Outdoor Rated Stainless Steel Refrigerator offers a convenient upgrade for your ultimate outdoor kitchen. Featuring heavy duty stainless steel https://advisories.gitlab.com/npm/openclaw/CVE-2026-43527/ OpenClaw: Browser SSRF policy default allowed private-network navigation | GitLab Advisory Database... CVE-2026-43527 OpenClaw: Browser SSRF policy default allowed private-network navigation: Browser SSRF policy default allowed private-network navigation. https://kalilinuxtutorials.com/ssr-fire/ SSR Fire : An Automated SSRF Finder. Give Domain Name And Server Mar 28, 2022 - SSR Fire is an automated SSRF finder. Just give the domain name and your server and chill! ;) It also has options to find XSS domain namessrfireautomated https://www.invicti.com/blog/web-security/server-side-request-forgery-vulnerability-ssrf What is server-side request forgery (SSRF)? What is server-side request forgery? SSRF allows attackers to send malicious requests to other systems. Learn how SSRF works and how to prevent it. what isserver siderequest forgeryssrf https://www.sentinelone.com/vulnerability-database/cve-2025-27501/ CVE-2025-27501: OpenZiti SSRF Vulnerability CVE-2025-27501 is a server-side request forgery vulnerability in OpenZiti. Learn about its impact, affected versions, and mitigation methods. cveopenzitissrfvulnerability https://advisories.gitlab.com/npm/@nguniversal/express-engine/CVE-2026-27739/ Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline | GitLab... CVE-2026-27739 Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline: A Server-Side Request Forgery (SSRF) vulnerability has... https://advisories.gitlab.com/npm/postiz/GHSA-vj2p-7pgw-g2wf/ Postiz App has a High-Severity SSRF Vulnerability via Next.js | GitLab Advisory Database (GLAD) GHSA-vj2p-7pgw-g2wf Postiz App has a High-Severity SSRF Vulnerability via Next.js: A successful SSRF attack allows an attacker to: Bypass firewalls to scan and... https://ms-infra.de/cve-2026-45400-open-webui-server-side-request-forgery-ssrf-bypass-in-validate_url/ CVE-2026-45400 - Open WebUI: Server-Side Request Forgery (SSRF) bypass in `validate_url` - Manuel... May 16, 2026 - CVE ID :CVE-2026-45400 Published : May 15, 2026, 9:16 p.m. | 51 minutes ago Description :Open WebUI is a self-hosted artificial intelligence platform designed https://www.miggo.io/vulnerability-database/cve/CVE-2022-45400 CVE-2022-45400: Jenkins JAPEX Plugin XXE SSRF | Miggo Jenkins JAPEX Plugin XXE in the 'Record Japex test report' post-build step processes crafted XML, extracting secrets and performing SSRF on the controller. cvejenkinsjapexpluginxxe https://japspirit.com/tag/ssrf-design/ SSRF DESIGN - JAP SPIRIT ssrfdesignjapspirit https://www.pentesttesting.com/ssrf-vulnerability-in-wordpress/ Fix SSRF Vulnerability in WordPress: 7 Effective Ways Sep 2, 2025 - Stop Server-Side Request Forgery SSRF Vulnerability in WordPress with 7 proven fixes, secure code examples, and hardening tips for plugins, themes, and servers. fixssrfvulnerabilitywordpresseffective https://portswigger.net/web-security/ssrf/lab-ssrf-with-whitelist-filter Lab: SSRF with whitelist-based input filter | Web Security Academy This lab has a stock check feature which fetches data from an internal system. To solve the lab, change the stock check URL to access the admin interface at ... input filterweb securitylabssrfwhitelist https://guard-api.com/guides/how-to-fix-ssrf-in-spiral/ Fix SSRF (Server Side Request Forgery) in Spiral | GuardAPI Security Guide server siderequest forgeryfixssrf https://advisories.gitlab.com/composer/magento/community-edition/CVE-2023-29291/ Magento Open Source allows Server-Side Request Forgery (SSRF) | GitLab Advisory Database (GLAD) CVE-2023-29291 Magento Open Source allows Server-Side Request Forgery (SSRF): Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3... magento open source https://zerodai.com/en/vulnerabilities/cve/cve-2024-10044 CVE-2024-10044 [CRITICAL]: A Server-Side Request Forgery (SSRF) vulnerability exists in the POST... Jul 29, 2025 - A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat,... https://advisories.gitlab.com/golang/github.com/centrifugal/centrifugo/v5/CVE-2026-32301/ Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL | GitLab... CVE-2026-32301 Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL: Centrifugo is vulnerable to Server-Side Request Forgery... https://advisories.gitlab.com/pypi/weblate/CVE-2026-34244/ Weblate: SSRF via Project-Level Machinery Configuration | GitLab Advisory Database (GLAD) CVE-2026-34244 Weblate: SSRF via Project-Level Machinery Configuration : A user with the project.edit permission (granted by the per-project "Administration"... project levelmachinery configurationweblatessrfvia https://www.miggo.io/vulnerability-database/cve/GHSA-97m3-52wr-xvv2 GHSA-97m3-52wr-xvv2: Dompdf SVG Font Phar RCE/SSRF | Miggo Dompdf path traversal in php-svg-lib's CSS font parsing triggers PHAR deserialization for RCE or SSRF via a malicious SVG font-family property processing. svg fontghsadompdf https://www.sentinelone.com/vulnerability-database/cve-2026-26135/ CVE-2026-26135: Azure Custom Locations SSRF Vulnerability CVE-2026-26135 is a server-side request forgery vulnerability in Azure Custom Locations Resource Provider. Learn about its impact, affected versions, and... cveazurecustomlocationsssrf https://14thfleet.com/forum/calendar-1-year-2025-month-11-day-26.html SSRF Main Forums - Calendar main forumsssrfcalendar https://www.miggo.io/vulnerability-database/cve/CVE-2025-52477 CVE-2025-52477: Octo STS OpenID Token SSRF Flaw | Miggo Octo STS unauthenticated SSRF from crafted OpenID Connect tokens triggers internal network requests, exposing sensitive data through reflected error logs. cveoctostsopenidtoken https://rosecurify.com/advisories/RO-26-001-mailpit-server-side-request-forgery-ssrf/ Mailpit - Server-Side Request Forgery (SSRF) ยท Rosecurify server siderequest forgerymailpitssrf https://www.miggo.io/vulnerability-database/cve/CVE-2023-46124 CVE-2023-46124: Fides Integration Upload SSRF | Miggo Fides SSRF in custom integration upload permits arbitrary requests to internal systems and data exfiltration via malicious YAML dataset configurations. cvefidesintegrationuploadssrf https://advisories.gitlab.com/pypi/open-webui/CVE-2024-7959/ Open WebUI has SSRF in /openai/models | GitLab Advisory Database (GLAD) CVE-2024-7959 Open WebUI has SSRF in /openai/models: The /openai/models endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request... open webuiopenai modelsssrf https://s4e.io/tools/axios-server-side-request-forgery-credential-disclosure-cve-2025-27152 CVE-2025-27152 Scanner - Server-Side Request Forgery (SSRF) and Credential Disclosure vulnerability... https://www.miggo.io/vulnerability-database/cve/CVE-2023-28675 CVE-2023-28675: Jenkins OctoPerf SSRF/CSRF Flaw | Miggo Jenkins OctoPerf Load Testing Plugin's missing permission checks and CSRF in HTTP endpoints permit attackers to forge unauthorized server connections. cvejenkinsssrfcsrfflaw https://www.apyguard.com/resources/guides/owasp-api7-ssrf OWASP API7: Server-Side Request Forgery (SSRF) | ApyGuard OWASP API7:2023 Server-Side Request Forgery in APIs: how SSRF works in microservice environments, common patterns, and detection and prevention techniques. server siderequest forgeryowaspssrf https://advisories.gitlab.com/golang/github.com/gravitational/teleport/GHSA-hw4x-mcx5-9q36/ Withdrawn Advisory: Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from... GHSA-hw4x-mcx5-9q36 Withdrawn Advisory: Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users: An authenticated... https://swisskyrepo.github.io/PayloadsAllTheThings/Server%20Side%20Request%20Forgery/SSRF-Advanced-Exploitation/ SSRF Advanced Exploitation - Payloads All The Things Payloads All The Things, a list of useful payloads and bypasses for Web Application Security all thessrfadvancedexploitationpayloads https://www.sentinelone.com/vulnerability-database/cve-2026-40516/ CVE-2026-40516: OpenHarness SSRF Vulnerability CVE-2026-40516 is a server-side request forgery vulnerability in OpenHarness. Learn about its impact, affected versions, and mitigation methods. cvessrfvulnerability https://ari.io/writing/cybersecurity/room-1-ssrf SSRF challenge Root-me is a fantastic site for practicing cybersecurity and exploits. Let's tackle room 1 ssrfchallenge https://www.cve.news/cve-2025-27784/ CVE-2025-27784 - Applio Arbitrary File Read Leads to SSRF Data Exfiltration Jan 15, 2026 - Published: June 2024 Author: [Your Name] Overview Applio is an open-source voice conversion toolkit, popular among hobbyists and professionals seeking to... https://advisories.gitlab.com/composer/admidio/admidio/CVE-2026-32812/ Admidio Vulnerable to SSRF and Local File Read via Unrestricted URL Fetch in SSO Metadata Endpoint... CVE-2026-32812 Admidio Vulnerable to SSRF and Local File Read via Unrestricted URL Fetch in SSO Metadata Endpoint: The SSO metadata fetch endpoint at... https://www.websecurityinsights.my.id/2025/10/cve-2025-55971-tcl-smart-tv-ssrf.html CVE-2025-55971 - TCL Smart TV SSRF Vulnerability Web Security Insights: Your ultimate guide to cyber security. Learn how to prevent hacking, protect your data, and keep yourself safe online. smart tvcvetclssrfvulnerability https://techdocs.f5.com/en-us/bigip-21-1-0/big-ip-asm-implementations/mitigating-ssrf/about-configuring-ssrf.html About configuring SSRF | BIG-IP Documentation May 19, 2026 - Usage information and technical documentation for BIG-IP and other related F5 products configuringssrfbigipdocumentation https://advisories.gitlab.com/npm/openclaw/CVE-2026-32019/ OpenClaw has incomplete IPv4 special-use SSRF blocking in web fetch guard | GitLab Advisory... CVE-2026-32019 OpenClaw has incomplete IPv4 special-use SSRF blocking in web fetch guard: isPrivateIpv4() in bundled SSRF guard code missed several IPv4...