Flowise Execute Flow function has an SSRF vulnerability

PraisonAI has Unrestricted Upload Size in WSGI Recipe Registry Server

vLLM: Server-Side Request Forgery (SSRF) in `download_bytes_from

prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. The vulnerability arises from improper validation of attacker-supplied filesystem paths. In certain code

gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) vulnerability. The reason is that within the save_url_to_cache function, there are no restrictions

exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others. This issue is due to improper validation of user-supplied input in the handling

SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the `/proxy` route. Attackers can exploit this vulnerability by manipulating the `self.replica_urls

OpenClaw: Agent gateway config mutations could change protected operator settings

OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second

OpenClaw: Browser press/type interaction routes missed complete navigation guard coverage

OpenClaw vulnerable to SSRF in src/agents/tools/web-fetch.ts

TaskWeaver has Protection Mechanism Failure and Server-Side Request Forgery (SSRF

Langflow is a tool for building and deploying AI-powered

Penetration Testing of Agentic AI: A Comparative Security Analysis Across Models and Frameworks

system and 13 distinct attack scenarios that span prompt injection, Server Side Request Forgery (SSRF), SQL injection, and tool misuse. Our 130 total test cases reveal significant security disparities: AutoGen