Ssrf

A Server-Side Request Forgery (SSRF) vulnerability exists in Hugo versions 0.162.0 through 0.163.0, where the 'security.http.urls' policy designed to deny requests to loopback, internal, and cloud-metadata IPv4 literals could be bypassed as the policy only matched dotted-decimal notation, allowing alternate IPv4 encodings (integer, hex, octal) to pass, enabling build-time server-side requests to internal services and cloud-metadata endpoints when untrusted or data-derived URLs are passed to 'resources.GetRemote'.

A remote, unauthenticated attacker can exploit an unpatched Server-Side Request Forgery (SSRF) vulnerability in Crawl4AI Docker API versions up to 0.8.9, specifically targeting the `/crawl/stream` endpoint, to read internal network services and cloud-metadata endpoints, potentially exposing sensitive information like IAM credentials.

A Server-Side Request Forgery (SSRF) vulnerability in PraisonAI's `praisonaiagents` package (versions prior to 1.6.61), specifically within the `searxng_search` and `search_web` tools, allows an attacker to exploit prompt injection by controlling the `searxng_url` parameter, enabling the server to make requests to arbitrary internal endpoints, read responses, perform network enumeration, and potentially expose cloud instance credentials.

Nodemailer versions up to 9.0.0 are vulnerable to arbitrary local file read and full-response Server-Side Request Forgery (SSRF) when handling untrusted input for the message-level `raw` option, bypassing intended security flags and allowing sensitive content to be exfiltrated via an attacker-controlled recipient.

SourceCodester SEO Meta Tag Extractor 1.0 is vulnerable to server-side request forgery (SSRF) via manipulation of the 'url' argument in the get_headers function of the /index.php file, potentially allowing a remote attacker to make requests to internal or external systems.

Koel is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of podcast episode enclosure URLs, allowing a remote attacker to inject a malicious URL into the enclosure field of a podcast RSS feed, leading to internal network reconnaissance and potential credential theft; this issue is tracked as CVE-2026-47260.

MoviePilot v2 is vulnerable to server-side request forgery (SSRF) in the image proxy endpoint, allowing authenticated attackers to request arbitrary URLs, enumerate internal services, and exfiltrate data from internal network resources by bypassing internal network protections.

Gotenberg's `IsPublicIP` function incorrectly classifies IPv6 6to4, NAT64, and deprecated site-local addresses as public IPs, enabling an unauthenticated attacker to reach internal destinations such as cloud metadata services.

Multiple vulnerabilities in Elastic Kibana allow for privilege escalation, remote denial of service, data breach, server-side request forgery (SSRF), and cross-site scripting (XSS).

CVE-2026-42965 describes a server-side request forgery (SSRF) vulnerability in the OpenShift Router where a user with EndpointSlice write access can expose instance credentials by creating a service that proxies requests to a cloud metadata endpoint.

A remote, authenticated attacker can exploit multiple vulnerabilities in OpenClaw to bypass security mechanisms, gain elevated privileges, disclose information, manipulate configurations, execute arbitrary commands or code, and attack internal systems via SSRF.

Multiple vulnerabilities in Symfony, including SSRF, XSS, and security policy bypass, can be exploited by an attacker to compromise the application.

A public exploit is available for EspoCRM 9.3.3, exploiting a Server-Side Request Forgery (SSRF) vulnerability (CVE-2026-33534) allowing authenticated attackers to potentially access internal resources.

A server-side request forgery (SSRF) vulnerability, identified as CVE-2026-9372, exists in ItzCrazyKns Vane up to version 1.12.1, allowing a remote attacker to manipulate the baseURL argument in the Model Provider API component and potentially conduct internal reconnaissance or access sensitive data.

Multiple vulnerabilities in Roundcube Webmail versions 1.6.x before 1.6.16 and 1.7.x before 1.7.1 could lead to remote code execution, data confidentiality breaches, data integrity breaches, SSRF, and SQL Injection.

Nezha Monitoring is vulnerable to a server-side request forgery (SSRF) vulnerability, where a low-privilege RoleMember user can call notification routes and send HTTP requests to a user-controlled URL, with the entire response body reflected back to the caller, potentially exposing intranet resources and causing denial of service.

A remote attacker can exploit multiple vulnerabilities in PHP to disclose information, cause a denial-of-service condition, perform a Server-Side Request Forgery (SSRF) attack, or achieve unknown impacts.

A server-side request forgery (SSRF) vulnerability exists in `@angular/platform-server` due to improper processing of the request URL by the server-side rendering engine, allowing attackers to redirect relative HTTP requests to attacker-controlled servers, potentially exposing internal APIs or metadata services; patch CVE-2026-46417 immediately.

SillyTavern version 1.17.0 is vulnerable to server-side request forgery (SSRF) via the `/api/search/searxng` route, allowing authenticated low-privilege users to control the `baseUrl` parameter for outbound server-side fetches, potentially disclosing sensitive information from internal HTTP services or cloud metadata endpoints.

The auth-fetch-mcp package is vulnerable to server-side request forgery (SSRF) and disk exfiltration due to unvalidated URLs in the `download_media` and `auth_fetch` tools, allowing an attacker to fetch internal resources, cloud metadata, or loopback addresses, potentially leading to credential theft, internal service enumeration, and sensitive information disclosure.

The zrok Python SDK `ProxyShare` is vulnerable to server-side request forgery (SSRF) via CVE-2026-45568. When a user sends a request with an absolute URL in the path, the Flask handler passes that path to `urllib.parse.urljoin`, which replaces the configured target host with the user-supplied host, causing the proxy to send the request to an attacker-chosen URL.

Multiple functions in open-apis conduct substring-only matching to validate hostnames, allowing an attacker to perform Server-Side Request Forgery (SSRF) and capture authentication credentials by redirecting requests to an attacker-controlled endpoint.

HAXcms is vulnerable to Server-Side Request Forgery (SSRF) via the createSite endpoint, allowing an authenticated user to supply arbitrary URLs or local file paths, which are fetched server-side without validation and written to a web-accessible directory, enabling arbitrary file read, internal network access, and cloud credential exposure; this vulnerability is tracked as CVE-2026-46393.

Dozzle is vulnerable to a pre-authentication Server-Side Request Forgery (SSRF) vulnerability (CVE-2026-45298) in the default no-auth deployment that can expose internal resources.

The mcp-security framework fails to implement SSRF mitigations outlined in the Model Context Protocol, processing untrusted URLs for OAuth-related discovery and metadata without verification, affecting installations with Dynamic Client Registration (DCR) enabled and exposing them to potential Server-Side Request Forgery (SSRF) attacks, tracked as CVE-2026-45609.

Vulnerability CVE-2026-8768 describes a server-side request forgery (SSRF) flaw in the validateDownloadUrl function of the provider-utils component in Vercel AI versions up to 3.0.97, enabling remote attackers to potentially make internal requests.

A server-side request forgery (SSRF) vulnerability, identified as CVE-2026-8725, exists in CoreWorxLab CAAL up to version 1.6.0, allowing remote attackers to potentially trigger internal requests.

A public exploit has been released for CVE-2019-0227, a Server-Side Request Forgery vulnerability in Apache Axis 1.4 and earlier, allowing unauthenticated remote command execution when `enableRemoteAdmin` is true via deployment of a malicious webservice and webshell.

A public exploit, rwsploit, has been released targeting CVE-2012-3152 and CVE-2012-3153 in Oracle Reports Server versions below 11g, enabling unauthenticated file read, SSRF, and JSP shell upload.

Budibase is vulnerable to server-side request forgery (SSRF) via HTTP redirects in the REST datasource integration, allowing authenticated Builders to bypass IP blacklists and access internal services.

Multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE) can allow an attacker to perform arbitrary code execution, compromise data confidentiality, perform server-side request forgery (SSRF), and other security breaches.

Open WebUI versions 0.9.4 and earlier are vulnerable to Server-Side Request Forgery (SSRF) due to a parsing difference between the urlparse and requests libraries in the `validate_url` function, allowing attackers to bypass URL validation and make requests to internal IP addresses.

DeepSeek TUI is vulnerable to a Server-Side Request Forgery (SSRF) attack (CVE-2026-45310) because the `fetch_url` tool validates the initial URL against a restricted-IP blocklist but fails to re-validate redirect targets, allowing attackers to exfiltrate sensitive information from cloud-hosted instances by using a redirect to a restricted IP address.

DeepSeek TUI is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation against IPv6 addresses. When providing an IPv6 address in a URL as `http://[::1]`, the SSRF defenses are bypassed, potentially allowing access to local restricted resources, tracked as CVE-2026-45373.

Karakeep SDK is vulnerable to SSRF via the `metascraper-logo-favicon` plugin, which bypasses intended SSRF protections by making HTTP requests to URLs extracted from attacker-controlled HTML `<link rel="icon">` tags, allowing authenticated users to trigger server-side requests to arbitrary internal URLs.

ApostropheCMS is vulnerable to authenticated server-side request forgery (SSRF) via rich-text widget import; an attacker with edit access can trigger server-side requests to attacker-controlled URLs during widget validation, enabling internal port scanning and potential data exfiltration by re-hosting image-compatible responses.

The InfusedWoo Pro plugin for WordPress is vulnerable to arbitrary file read in versions up to 5.1.2, allowing unauthenticated attackers to make web requests to arbitrary locations, potentially querying and modifying information from internal services.

CVE-2026-0258 is a medium severity server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS that allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations, potentially leading to a denial of service (DoS).

The LangSmith SDK is vulnerable to untrusted manifest deserialization when pulling public prompts via `pull_prompt`, potentially leading to SSRF, prompt injection, or sensitive data exposure; CVE-2026-45134.

Nautobot's Webhook feature is vulnerable to server-side request forgery (SSRF), allowing users with `add` or `change` permissions to make requests to unauthorized hosts, which is fixed in versions 2.4.33 and 3.1.2 by introducing settings to restrict webhook functionality.

Adobe Commerce versions 2.4.9-beta1 and earlier are vulnerable to Server-Side Request Forgery (SSRF) via a maliciously crafted URL, potentially leading to security feature bypass and unauthorized read access.

Next.js applications using WebSocket upgrades are vulnerable to server-side request forgery (SSRF) through crafted WebSocket upgrade requests, allowing attackers to proxy requests to internal or external destinations, affecting self-hosted applications running versions npm/next (>= 13.4.13, < 15.5.16) and npm/next (>= 16.0.0, < 16.2.5).

GuardDog versions 1.0.0 through 2.9.0 are vulnerable to Server-Side Request Forgery (SSRF) and potential `GH_TOKEN` exfiltration due to a blind URL rewrite in remote project scanning; an attacker can influence the scanned repository URL to trigger SSRF and capture the `GH_TOKEN` used by GuardDog.

n8n-mcp versions before 2.50.1 are vulnerable to path traversal, redirect-following SSRF, and telemetry payload exposure, potentially leading to sensitive information disclosure and unauthorized access.

A server-side request forgery vulnerability in Azure Notification Service allows an authorized attacker to elevate privileges over a network, leading to privilege escalation.

The QuantumNous new-api is vulnerable to SSRF attacks. The SSRF protection implemented in versions v0.9.0.5 (CVE-2025-59146) and v0.9.6 (CVE-2025-62155) can be bypassed by using the address `0.0.0.0`. An attacker with a valid API token can send a request to `/v1/chat/completions`, `/v1/responses`, or `/v1/messages` with `0.0.0.0` as the image/file URL host, which bypasses the private-IP filter and allows the server to issue HTTP requests to localhost, enabling a blind SSRF and possibly a full-read SSRF in specific configurations.

Multiple vulnerabilities in Cisco Unity Connection allow an attacker to execute arbitrary code with administrator privileges or perform Server-Side Request Forgery (SSRF) attacks.

Gotenberg is vulnerable to Server-Side Request Forgery (SSRF) due to bypassable default deny-lists in the `downloadFrom` and `webhook` features, where case-sensitive regex matching allows attackers to use IPv6 loopback URLs to bypass the deny-list and access internal HTTP services.

Gotenberg is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient hardening in the LibreOffice conversion endpoint, allowing attackers to make outbound HTTP requests by embedding external URLs in uploaded documents, bypassing Gotenberg's SSRF filters, affecting versions up to 8.31.0, and potentially enabling access to internal services, data exfiltration, or port scanning.

A public exploit is available for a Server-Side Request Forgery (SSRF) vulnerability in ThingsBoard IoT Platform 4.2.0, increasing the risk for unpatched systems.

PraisonAI versions 1.6.31 and earlier contain a Server-Side Request Forgery (SSRF) vulnerability due to inconsistent URL parsing between the application's validation logic and the underlying requests library, allowing attackers to bypass intended security checks and access internal resources.

OpenClaw before 2026.4.22 is vulnerable to server-side request forgery (SSRF) due to improper validation of outbound photo URLs in the Zalo plugin's sendPhoto function, allowing attackers to potentially access internal resources by providing malicious photo URLs to the Zalo Bot API.

OpenClaw before version 2026.4.10 contains an incomplete navigation guard vulnerability, allowing attackers to trigger navigation without proper SSRF policy enforcement by bypassing post-action security checks via browser interactions like pressKey and type submit flows, potentially leading to unauthorized Server-Side Request Forgery (SSRF).

A vulnerability in the dssrf npm package allows attackers to bypass SSRF protections by using specially crafted IPv6 addresses, despite documentation claiming IPv6 is disabled, which can lead to internal resource access or other malicious activities.

Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to execute arbitrary code or conduct server-side request forgery (SSRF) attacks.

ssrfcheck version 1.3.0 and earlier is vulnerable to server-side request forgery (SSRF) attacks because it fails to block private IP addresses encoded as IPv4-mapped IPv6 addresses due to WHATWG URL parsing.

Open-WebSearch has a Server-Side Request Forgery (SSRF) vulnerability in the `fetchWebContent` MCP tool due to improper validation of IPv6 literals and lack of DNS resolution, allowing attackers to fetch arbitrary private-network URLs and receive the response body.

The `ssrfcheck` npm package is vulnerable to SSRF bypass due to an incomplete denylist of IP addresses. The package fails to classify the reserved IP address space 224.0.0.0/4 (Multicast) as invalid, allowing potential SSRF attacks. All versions up to and including 1.1.1 are affected. A patch has been released in version 1.2.0.

The PixelYourSite Pro WordPress plugin is vulnerable to server-side request forgery (SSRF), allowing unauthenticated attackers to make arbitrary web requests from the server, potentially querying or modifying internal services.

The n8n-mcp SDK embedder path is vulnerable to server-side request forgery (SSRF) due to the synchronous URL validator in `SSRFProtection.validateUrlSync()` not checking for IPv6 addresses, allowing attackers to access cloud metadata endpoints, RFC1918 private networks, or localhost services by supplying a crafted `n8nApiUrl`.

OpenClaw before 2026.4.8 is vulnerable to server-side request forgery (SSRF) in QQ Bot media download paths, allowing attackers to bypass SSRF protections and access internal resources.

A server-side request forgery (SSRF) vulnerability in ChatGPTNextWeb NextChat up to version 2.16.1 allows remote attackers to manipulate the proxyHandler function, potentially leading to unauthorized internal resource access.

A server-side request forgery (SSRF) vulnerability exists in Typecho up to version 1.3.0, allowing remote attackers to manipulate the X-Pingback/link argument in the Service::sendPingHandle function to potentially make arbitrary HTTP requests.

WWBN AVideo versions 29.0 and below are vulnerable to Server-Side Request Forgery (SSRF) due to an incomplete fix in the LiveLinks proxy, potentially allowing attackers to redirect traffic to internal endpoints.

A server-side request forgery (SSRF) vulnerability exists in moxi624 Mogu Blog v2 up to version 5.2, specifically affecting the `LocalFileServiceImpl.uploadPictureByUrl` function, allowing remote attackers to potentially interact with internal resources.

Movary versions before 0.71.1 are vulnerable to server-side request forgery (SSRF) via the `/settings/jellyfin/server-url-verify` endpoint, allowing authenticated users to probe internal network resources.

Flowise is vulnerable to SSRF protection bypass via unprotected built-in HTTP modules in the custom function sandbox, allowing authenticated users to access internal network resources by exploiting the lack of SSRF protection on Node.js `http`, `https`, and `net` modules.

A Server-Side Request Forgery (SSRF) vulnerability in Webkul Krayin CRM v2.2.x allows attackers to scan internal resources by sending a crafted POST request to the /settings/webhooks/create endpoint.

A Server-Side Request Forgery (SSRF) vulnerability in Kyverno's CEL HTTP library allows users with namespace-scoped policy creation permissions to make arbitrary HTTP requests, enabling unauthorized access to internal services, cloud metadata endpoints, and data exfiltration.

SiYuan is vulnerable to zero-click NTLM hash theft on Windows and blind SSRF on all platforms due to insecure Mermaid.js configuration, where a malicious Mermaid diagram containing a protocol-relative URL can be injected into a note, causing the Electron client to fetch the URL, triggering SMB authentication on Windows and sending the victim's NTLMv2 hash to the attacker. On macOS and Linux, the request acts as a tracking pixel and blind SSRF.

Postiz, an AI social media scheduling tool, is vulnerable to Server-Side Request Forgery (SSRF) in versions prior to 2.21.5, allowing attackers to access internal resources.

A Server-Side Request Forgery (SSRF) vulnerability exists in Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3, allowing authenticated attackers to make arbitrary HTTP requests, scan internal ports, and access cloud instance metadata via the Social Wall feature.

PraisonAI versions prior to 4.5.128 are vulnerable to Server-Side Request Forgery (SSRF) due to a lack of URL validation on the webhook_url parameter in the /api/v1/runs endpoint, allowing unauthenticated attackers to send arbitrary POST requests from the server.

Axios is vulnerable to a NO_PROXY hostname normalization bypass leading to SSRF, where requests to loopback addresses like `localhost.` or `[::1]` bypass `NO_PROXY` rules, allowing attackers to force requests through a proxy and potentially exfiltrate sensitive data.

Plane project management tool versions before 1.3.0 are vulnerable to Server-Side Request Forgery (SSRF), allowing authenticated low-privilege attackers to read internal resources by exploiting the favicon fetch functionality.

The mcp-from-openapi library is vulnerable to Server-Side Request Forgery (SSRF) due to insecure handling of $ref pointers in OpenAPI specifications, allowing attackers to read local files, internal network resources, and cloud metadata endpoints by processing untrusted OpenAPI specifications.

CVE-2026-1343 allows an attacker to contact internal authentication endpoints protected by the Reverse Proxy in IBM Verify Identity Access Container and IBM Security Verify Access Container.

WWBN AVideo is vulnerable to Server-Side Request Forgery (SSRF) due to an incomplete fix for CVE-2026-27732, allowing authenticated uploaders to bypass SSRF protection by providing a `downloadURL` with a common media extension, leading to internal response exfiltration.

OpenObserve versions 0.70.3 and earlier are vulnerable to a server-side request forgery (SSRF) attack due to improper validation of IPv6 addresses in the validate_enrichment_url function, potentially allowing authenticated attackers to access internal services and retrieve sensitive cloud metadata.

The text-generation-webui application before version 4.3 is vulnerable to server-side request forgery (SSRF) due to insufficient validation of user-supplied URLs by the superbooga and superboogav2 RAG extensions, potentially leading to credential theft and internal network reconnaissance.

A server-side request forgery (SSRF) vulnerability exists in assafelovic gpt-researcher up to version 3.4.3, affecting the ws Endpoint component, allowing a remote attacker to manipulate the source_urls argument and potentially access internal resources or conduct further attacks.

A critical Server-Side Request Forgery (SSRF) vulnerability in Budibase's REST datasource connector allows attackers with Builder privileges to exfiltrate sensitive data from internal network services due to a missing default IP blacklist.

curl_cffi versions before 0.15.0 are vulnerable to server-side request forgery (SSRF) due to unrestricted redirects to internal IP ranges, potentially enabling access to sensitive internal resources and cloud metadata.

prompts.chat prior to commit 30a8f04 is vulnerable to server-side request forgery (SSRF) in Fal.ai media status polling, allowing authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs, leading to potential credential theft and internal network probing.

Ech0 is vulnerable to Server-Side Request Forgery (SSRF) due to an unauthenticated API endpoint (`/api/website/title`) that fetches website titles from user-controlled URLs, lacking proper validation and TLS verification, allowing attackers to access internal resources and potentially cause denial of service.

A server-side request forgery (SSRF) vulnerability, identified as CVE-2026-33107, exists in Azure Databricks, allowing an unauthorized attacker to elevate privileges over a network.

A server-side request forgery (SSRF) vulnerability exists in huimeicloud hm_editor up to version 2.2.3, allowing remote attackers to manipulate the 'url' argument in the client.get function of src/mcp-server.js to potentially access internal resources.

The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery (SSRF) in versions up to 5.6.2, allowing unauthenticated attackers to make arbitrary web requests and potentially query or modify internal services.

PraisonAI versions 4.5.89 and earlier are vulnerable to SSRF via the `api_base` parameter in the `passthrough()` function, allowing attackers to make requests to internal services or external hosts, potentially leading to IAM credential theft on cloud infrastructure or access to internal services within the VPC.

Payload CMS versions before 3.79.1 are vulnerable to Server-Side Request Forgery (SSRF) allowing authenticated users with upload access to trigger outbound HTTP requests to arbitrary URLs.

A server-side request forgery vulnerability exists in elecV2 elecV2P up to 3.8.3, affecting the eAxios function within the /mock URL handler, allowing remote attackers to manipulate the req argument and potentially conduct internal reconnaissance or other malicious activities.

LibreChat versions prior to 0.8.3 are vulnerable to Server-Side Request Forgery (SSRF), allowing authenticated users to bypass IP address validation and make the server issue HTTP requests to internal network resources.

A server-side request forgery (SSRF) vulnerability exists in the `clerkFrontendApiProxy` function of the `@clerk/backend` package, allowing an unauthenticated attacker to send the application's `Clerk-Secret-Key` to an attacker-controlled server.

The Oxygen Theme for WordPress is vulnerable to Server-Side Request Forgery (SSRF) in versions up to 6.0.8, allowing unauthenticated attackers to make arbitrary web requests via the laborator_calc_route AJAX action.

LinkAce versions prior to 2.5.3 are vulnerable to server-side request forgery (SSRF), allowing an authenticated user to trigger server-side requests to internal services by referencing internal hostnames.

A high-severity SSRF vulnerability exists in the Postiz application via Next.js, allowing attackers to bypass firewalls, scan internal networks, access sensitive cloud metadata (AWS IMDS), potentially leak instance credentials, and pivot within the internal network.

A server-side request forgery (SSRF) vulnerability (CVE-2026-4953) exists in mingSoft MCMS version 5.5.0, allowing remote attackers to manipulate the 'catchimage' argument in the catchImage function to potentially access or interact with internal resources.

Spring AI's spring-ai-bedrock-converse library is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied media URLs in multimodal messages, allowing attackers to trigger HTTP requests to internal or external destinations.

An anonymous remote attacker can exploit multiple vulnerabilities in cPanel/WHM to bypass security measures, perform XSS and SSRF attacks, disclose information, and potentially execute code.

A remote attacker can exploit multiple vulnerabilities in Apache CXF to disclose information and perform Server-Side Request Forgery (SSRF) attacks.

A server-side request forgery (SSRF) vulnerability exists in the DefaultFuction Jeson-Customer-Relationship-Management-System's API Module, specifically affecting the /api/System.php file, allowing remote attackers to manipulate the 'url' argument and potentially access internal resources.

AVideo versions up to 26.0 are vulnerable to an unauthenticated server-side request forgery (SSRF) vulnerability in the `plugin/Live/test.php` endpoint, allowing attackers to make the server send arbitrary HTTP requests, potentially exposing internal resources and cloud metadata.

A server-side request forgery (SSRF) vulnerability in Monetr's Lunch Flow integration allows authenticated users on self-hosted instances to send HTTP GET requests to arbitrary URLs, potentially exposing sensitive information.

PhpSpreadsheet is vulnerable to Server-Side Request Forgery (SSRF) and Remote Code Execution (RCE) due to improper validation of filenames in the IOFactory::load function, exploitable via PHP wrappers like `phar://` and `ftp://`.

Versions of i18next-http-middleware before 3.9.3 are vulnerable to prototype pollution, path traversal, and server-side request forgery (SSRF) due to improper validation of user-controlled language and namespace parameters, potentially leading to denial of service or remote code execution.

A server-side request forgery (SSRF) vulnerability exists in BigSweetPotatoStudio HyperChat up to version 2.0.0-alpha.63, allowing a remote attacker to manipulate the 'baseurl' argument in the 'fetch' function of the AI Proxy Middleware component to make arbitrary HTTP requests.

An unauthenticated Server-Side Request Forgery (SSRF) vulnerability in MagicMirror² allows remote attackers to force the server to perform arbitrary HTTP requests, exfiltrate environment variables, and potentially compromise cloud instances or internal networks.

The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery (SSRF) allowing authenticated attackers with Contributor-level access or higher to make arbitrary requests and retrieve sensitive information from internal services.

Nginx-UI version 2.3.4 and earlier is vulnerable to Server-Side Request Forgery (SSRF) allowing authenticated users to access internal services by manipulating cluster node configurations.

A server-side request forgery (SSRF) vulnerability exists in AlejandroArciniegas' mcp-data-vis due to improper handling of HTTP requests, potentially allowing remote attackers to make arbitrary requests through the vulnerable server.

pygeoapi versions 0.23.0 to 0.23.2 contain an unauthenticated server-side request forgery (SSRF) vulnerability where OGC API process execution requests can use the subscriber object to make requests to internal HTTP services, which is resolved in version 0.23.3 by disabling internal requests by default.

An authenticated server-side request forgery (SSRF) vulnerability affects the webhook trigger tools and the n8n API client in n8n-mcp versions 2.18.7 to before 2.50.2, allowing attackers to make HTTP requests from the n8n-mcp host to internal services and cloud metadata endpoints, potentially leading to credential theft and internal service enumeration.

A server-side request forgery vulnerability exists in JoeCastrom mcp-chat-studio up to version 1.5.0 in the LLM Models API component, allowing remote attackers to manipulate the req.query.base_url argument and potentially conduct further attacks.

FireFighter versions before 0.0.54 are vulnerable to an unauthenticated server-side request forgery (SSRF) vulnerability in the `/api/v2/firefighter/raid/jira_bot` endpoint, allowing attackers to potentially steal IAM credentials in cloud environments.

edx-enterprise versions 7.0.2 through 7.0.4 are vulnerable to server-side request forgery (SSRF) via a SAML metadata URL in the `sync_provider_data` endpoint, allowing an authenticated Enterprise Admin to trigger arbitrary HTTP requests from the server.

ChatGPTNextWeb NextChat versions up to 2.16.1 are vulnerable to server-side request forgery (SSRF) due to improper input validation in the storeUrl function, allowing remote attackers to potentially access internal resources or conduct other malicious activities.

AVideo is vulnerable to Server-Side Request Forgery (SSRF) due to improper validation of user-supplied URLs that does not prevent HTTP redirects, and DNS rebinding due to discarded resolved IP addresses.

WeKan before 8.35 is vulnerable to server-side request forgery (SSRF), allowing attackers with integration modification privileges to set webhook URLs to internal network addresses, leading to unauthorized HTTP POST requests and potential comment manipulation.

A server-side request forgery vulnerability exists in TencentCloudBase CloudBase-MCP up to version 2.17.0, allowing remote attackers to manipulate the `req.body.url` argument in the `openUrl` function of `mcp/src/interactive-server.ts` to conduct SSRF attacks.

A vulnerability in RustFS allows a non-admin user to overwrite a shared admin-defined notification target, leading to event interception and audit evasion due to missing admin-action authorization on notification target admin API endpoints.

A server-side request forgery (SSRF) vulnerability exists in BidingCC BuildingAI up to version 26.0.1, allowing remote attackers to manipulate the `url` argument in the `uploadRemoteFile` function of `file-storage.service.ts` to conduct SSRF attacks.

A server-side request forgery (SSRF) vulnerability exists in Algovate xhs-mcp 0.8.11 within the xhs_publish_content function, allowing a remote attacker to manipulate the media_paths argument and potentially access internal resources.

Ech0 is vulnerable to Server-Side Request Forgery (SSRF) via the `fetchPeerConnectInfo` function, which uses `httpUtil.SendRequest` without SSRF protection, allowing authenticated users to make the server request arbitrary URLs, including internal/cloud metadata endpoints.