Server-Side Request Forgery

CVE-2026-33626: High-Severity SSRF Exploited in the Wild to Hijack AI Inference Engines

• Vulnerability Report

CVE-2026-33626: High-Severity SSRF Exploited in the Wild to Hijack AI Inference Engines

Do Son April 23, 2026 0

On April 21, 2026, a high-severity Server-Side Request Forgery (SSRF) vulnerability was disclosed in LMDeploy, a popular...

Read More Read more about CVE-2026-33626: High-Severity SSRF Exploited in the Wild to Hijack AI Inference Engines

Steering the Server: Critical 9.2 Severity SSRF Flaw in Angular SSR Allows Internal Network Probing

• Vulnerability Report

Steering the Server: Critical 9.2 Severity SSRF Flaw in Angular SSR Allows Internal Network Probing

Do Son March 2, 2026 0

Developers relying on Angular’s Server-Side Rendering (SSR) capabilities need to double-check their security configurations. A highly critical...

Read More Read more about Steering the Server: Critical 9.2 Severity SSRF Flaw in Angular SSR Allows Internal Network Probing

Zimbra Issues Emergency Patch for Critical SSRF Vulnerability in Chat Proxy Configuration

• Vulnerability Report

Zimbra Issues Emergency Patch for Critical SSRF Vulnerability in Chat Proxy Configuration

Do Son October 17, 2025 0

Zimbra has released an emergency security patch (version 10.1.12) to address a critical Server-Side Request Forgery (SSRF)...

Read More Read more about Zimbra Issues Emergency Patch for Critical SSRF Vulnerability in Chat Proxy Configuration

Critical BentoML SSRF (CVSS 9.9) Exposes AI Applications to Unauthenticated Network Recon & Cloud Credential Theft

• Vulnerability

Critical BentoML SSRF (CVSS 9.9) Exposes AI Applications to Unauthenticated Network Recon & Cloud Credential Theft

Do Son July 30, 2025 0

A severe server-side request forgery (SSRF) vulnerability has been disclosed in BentoML, a widely used Python framework...

Read More Read more about Critical BentoML SSRF (CVSS 9.9) Exposes AI Applications to Unauthenticated Network Recon & Cloud Credential Theft

Critical Manager.io Flaw (CVE-2025-54122, CVSS 10.0) Allows Unauthenticated SSRF & Cloud Takeover

• Vulnerability Report

Critical Manager.io Flaw (CVE-2025-54122, CVSS 10.0) Allows Unauthenticated SSRF & Cloud Takeover

Do Son July 23, 2025 0

A newly disclosed critical vulnerability in Manager.io, a free accounting software used by businesses across Australia and...

Read More Read more about Critical Manager.io Flaw (CVE-2025-54122, CVSS 10.0) Allows Unauthenticated SSRF & Cloud Takeover

Critical Vulnerabilities Found in Nimesa Backup and Recovery Software

• Vulnerability Report

Critical Vulnerabilities Found in Nimesa Backup and Recovery Software

Do Son July 8, 2025 0

JPCERT/CC has issued a warning about two serious vulnerabilities in the Nimesa Backup and Recovery solution, a...

Read More Read more about Critical Vulnerabilities Found in Nimesa Backup and Recovery Software

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

• Vulnerability Report

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

Do Son June 19, 2025 0

A Server-Side Request Forgery (SSRF) vulnerability has been discovered in the @opennextjs/cloudflare package, potentially allowing unauthenticated users...

Read More Read more about SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

Critical SSRF Vulnerability Patched in LNbits Lightning Wallet Server

• Vulnerability

Critical SSRF Vulnerability Patched in LNbits Lightning Wallet Server

Do Son April 10, 2025 0

LNbits, the modular and extendable Lightning Network wallet server, has patched a critical Server-Side Request Forgery (SSRF)...

Read More Read more about Critical SSRF Vulnerability Patched in LNbits Lightning Wallet Server

Veeam Releases Patch for High-Risk SSRF Vulnerability CVE-2025-23082 in Azure Backup Solution

• Vulnerability

Veeam Releases Patch for High-Risk SSRF Vulnerability CVE-2025-23082 in Azure Backup Solution

Do Son January 15, 2025 0

Veeam, a prominent player in data management and backup solutions, has recently disclosed a critical vulnerability in...

Read More Read more about Veeam Releases Patch for High-Risk SSRF Vulnerability CVE-2025-23082 in Azure Backup Solution

Critical SSRF Vulnerability (CVE-2024-53353) Found in Invoice Ninja

• Vulnerability

Critical SSRF Vulnerability (CVE-2024-53353) Found in Invoice Ninja

Do Son December 27, 2024 0

A newly identified Server-Side Request Forgery (SSRF) vulnerability in Invoice Ninja, a popular open-source invoicing and project...

Read More Read more about Critical SSRF Vulnerability (CVE-2024-53353) Found in Invoice Ninja

CVE-2024-55875 (CVSS 9.8): Critical XXE Vulnerability Found in http4k Toolkit

• Vulnerability

CVE-2024-55875 (CVSS 9.8): Critical XXE Vulnerability Found in http4k Toolkit

Do Son December 16, 2024 0

A critical XML External Entity (XXE) Injection vulnerability, identified as CVE-2024-55875, has been discovered in the http4k...

Read More Read more about CVE-2024-55875 (CVSS 9.8): Critical XXE Vulnerability Found in http4k Toolkit

Multiple Vulnerabilities in Apache HTTP Server Demand Immediate Action

• Vulnerability

Multiple Vulnerabilities in Apache HTTP Server Demand Immediate Action

Do Son July 1, 2024 0

The Apache Software Foundation has issued an urgent security advisory, disclosing multiple vulnerabilities in its widely used...

Read More Read more about Multiple Vulnerabilities in Apache HTTP Server Demand Immediate Action

CVE-2024-29415: Popular Node.js Package ‘node-ip’ Exposes Millions to Potential SSRF Attacks

• Vulnerability

CVE-2024-29415: Popular Node.js Package ‘node-ip’ Exposes Millions to Potential SSRF Attacks

Do Son June 3, 2024 0

A significant security vulnerability has been uncovered in the widely-used node-ip npm package, which is designed to...

Read More Read more about CVE-2024-29415: Popular Node.js Package ‘node-ip’ Exposes Millions to Potential SSRF Attacks

CVE-2024-34350 & CVE-2024-34351: Two Vulnerabilities Patched in Popular Next.js Framework

• Vulnerability

CVE-2024-34350 & CVE-2024-34351: Two Vulnerabilities Patched in Popular Next.js Framework

Do Son May 9, 2024 0

Next.js, a leading framework for building full-stack web applications, is widely adopted by some of the world’s...

Read More Read more about CVE-2024-34350 & CVE-2024-34351: Two Vulnerabilities Patched in Popular Next.js Framework

CVE-2024-29190: SSRF Vulnerability Found in Popular Mobile App Testing Tool, MobSF

• Vulnerability

CVE-2024-29190: SSRF Vulnerability Found in Popular Mobile App Testing Tool, MobSF

Do Son March 24, 2024 0

Security researchers have uncovered a serious vulnerability in the Mobile Security Framework (MobSF). MobSF is a widely...

Read More Read more about CVE-2024-29190: SSRF Vulnerability Found in Popular Mobile App Testing Tool, MobSF

Teleport’s Security Breach: Centralized System Faces Critical Vulnerabilities

• Vulnerability

Teleport’s Security Breach: Centralized System Faces Critical Vulnerabilities

Do Son January 4, 2024 0

Teleport, a renowned platform offering centralized authentication and auditing for servers and cloud applications, has recently found...

Read More Read more about Teleport’s Security Breach: Centralized System Faces Critical Vulnerabilities