Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
14 articles

#SSRF

All CosmicBytez Labs articles tagged #SSRF, across news, security advisories, how-to guides, and projects.

  • SecurityJul 11, 2026

    CVE-2026-55229: Gotenberg SSRF via LibreOffice Bypasses Built-in Protections

    A server-side request forgery vulnerability in Gotenberg's LibreOffice conversion endpoint allows crafted documents to silently probe internal network...

  • SecurityJul 4, 2026

    CVE-2026-22874: Gitea SSRF Filter Bypass Exposes Cloud Credentials

    Gitea versions through 1.26.2 use an incomplete IP filter that allows authenticated users to reach AWS Instance Metadata, Azure WireServer, and...

  • SecurityJul 3, 2026

    CVE-2026-45499: Azure OpenAI SSRF Enables Privilege Escalation — CVSS 9.9

    A critical server-side request forgery vulnerability in Azure OpenAI rated CVSS 9.9 allows an authorized attacker to escalate privileges over the network,...

  • NewsJun 24, 2026

    CVE-2026-20230: Cisco Unified CM WebDialer SSRF Now Exploited in the Wild

    Cisco Unified Communications Manager and SME are under active attack via CVE-2026-20230, a high-severity SSRF flaw in the WebDialer component that can...

  • SecurityMay 20, 2026

    scalar/astro Proxy Endpoint Unauthenticated SSRF

    A critical CVSS 9.8 Server-Side Request Forgery vulnerability in scalar/astro v0.1.13 allows unauthenticated attackers to force the backend server to make...

  • NewsApr 26, 2026

    LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

    A high-severity SSRF vulnerability in LMDeploy, a widely used open-source LLM deployment toolkit, was actively exploited in the wild less than 13 hours...

  • SecurityApr 26, 2026

    Typecho 1.3.0 Pingback SSRF via X-Pingback Manipulation

    A CVSS 7.3 server-side request forgery vulnerability in Typecho up to 1.3.0 allows attackers to manipulate the X-Pingback/link argument in Service.php to...

  • SecurityApr 24, 2026

    CVE-2026-32210: Microsoft Dynamics 365 Online SSRF Enables

    A critical server-side request forgery vulnerability in Microsoft Dynamics 365 (Online) allows an unauthenticated remote attacker to perform spoofing over...

  • SecurityApr 3, 2026

    CVE-2026-26135: Azure Custom Locations SSRF Enables

    A critical server-side request forgery vulnerability in Azure Custom Locations Resource Provider allows an authorized attacker to elevate privileges over...

  • SecurityApr 1, 2026

    CVE-2026-34162: FastGPT Unauthenticated HTTP Proxy Enables

    A maximum-severity vulnerability in FastGPT AI agent platform exposes an unauthenticated HTTP proxy testing endpoint that accepts arbitrary user-supplied...

  • SecurityMar 29, 2026

    CVE-2026-5016: elecV2P SSRF Vulnerability in URL Handler

    A server-side request forgery vulnerability in elecV2P up to version 3.8.3 allows remote attackers to manipulate the eAxios function via the /mock...

  • SecurityMar 28, 2026

    CVE-2025-12886: Oxygen Theme SSRF Allows Unauthenticated

    A Server-Side Request Forgery vulnerability in the Oxygen Theme plugin for WordPress (all versions up to 6.0.8) enables unauthenticated attackers to make...

  • SecurityMar 18, 2026

    CVE-2026-25534: Spinnaker SSRF via URL Validation Bypass

    A critical SSRF vulnerability (CVSS 9.1) in Spinnaker's clouddriver and orca components bypasses the previous CVE-2025-61916 URL validation patch through...

  • SecurityFeb 5, 2026

    Microsoft Exchange Server SSRF to RCE Chain Actively

    A server-side request forgery vulnerability in Exchange Server is being chained with deserialization flaws for unauthenticated remote code execution....