Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
Squidex has Blind SSRF via file:// Protocol in Restore API leading to Local File Interaction
Squidex vulnerable to Server-Side Request Forgery (SSRF) via URL-based asset upload (/api/apps/{app}/assets)
SSRF via Jint Scripting Engine HTTP Functions Due to Missing SSRF Protection on "Jint" HttpClient
Squidex has SSRF via Backup Restore Endpoint — Admin-Controlled URL Download Allows Internal and External Requests
WeKan < 8.35 SSRF via Webhook URL
Craft CMS has a host header injection leading to SSRF via resource-js endpoint
Craft CMS has Server-Side Request Forgery (SSRF) with Asset Uploads Mutations
AVideo's SSRF via same-domain hostname with alternate port bypasses isSSRFSafeURL
AVideo has an incomplete fix for CVE-2026-33039 (SSRF)
Server-Side Request Forgery in GitHub Enterprise Server allowed extraction of sensitive environment variables via timing side-channel attack
Bagisto Downloadable Link copy server-side request forgery
FreeScout vulnerable to SSRF via IMAP/SMTP Connection Test Endpoints
Glances IP Plugin has SSRF via public_api that leads to credential leakage
OpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Plugin Download
OpenClaw < 2026.3.31 - Server-Side Request Forgery via Marketplace Plugin Download Redirect
LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading
Vexa Webhook Feature has a SSRF Vulnerability
Vvveb < 1.0.8.1 SSRF via oEmbedProxy
Qibo CMS headers server-side request forgery
moxi624 Mogu Blog v2 Picture Storage Service LocalFileServiceImpl.java LocalFileServiceImpl.uploadPictureByUrl server-side request forgery
Showing 1 - 20 of 1,000+ results