AI Threat Alert
OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement
PraisonAI Vulnerable to Server-Side Request Forgery via Unvalidated webhook
OpenClaw: Strict browser SSRF bypass in Playwright redirect handling leaves private targets reachable
OpenClaw: Marketplace Plugin Download Follows Redirects Without SSRF Protection
OpenClaw: SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions (Incomplete
model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make arbitrary HTTP requests
Python package designed for quick prototyping. This vulnerability relates to **Server-Side Request Forgery (SSRF)** in the `/queue/join` endpoint. Gradio’s `async_save_url_to_cache` function allows attackers
Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module
affected by path traversal, redirect-following SSRF, and telemetry payload exposure
Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading
used by get_num_tokens_from_messages for image token counting) validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS resolution. This
attacker-controlled server could redirect to internal, localhost, or cloud metadata endpoints, bypassing SSRF protections. The resp
core security wrappers (secureAxiosRequest and secureFetch) intended to prevent Server-Side Request Forgery (SSRF) contain multiple logic flaws. These flaws allow attackers to bypass the allow/deny lists via DNS Rebinding
customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force