AI Threat Alert
OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement
PraisonAI Vulnerable to Server-Side Request Forgery via Unvalidated webhook
OpenClaw: Strict browser SSRF bypass in Playwright redirect handling leaves private targets reachable
OpenClaw: Marketplace Plugin Download Follows Redirects Without SSRF Protection
OpenClaw: SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions (Incomplete
model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make arbitrary HTTP requests
Python package designed for quick prototyping. This vulnerability relates to **Server-Side Request Forgery (SSRF)** in the `/queue/join` endpoint. Gradio’s `async_save_url_to_cache` function allows attackers
Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module
mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery (SSRF) vulnerability exists in Mercator's CVE configuration panel (`/admin/config/parameters`). The `testProvider()` method in `ConfigurationController` passes
PraisonAI: Jobs API exposes agent-execution endpoints with no authentication
Open WebUI: SSRF Protection Bypass in Playwright Web Loader via HTTP Redirects
Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading
Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION
Open WebUI has a full SSRF Vulnerability in the RAG Web Search Feature
Server-Side Request Forgery (SSRF) vulnerability exists in MLflow versions prior to 3.9.0. The `_create_webhook()` function in `mlflow/server/handlers.py` accepts a user-controlled `url` parameter without validation, and the `_send
affected by path traversal, redirect-following SSRF, and telemetry payload exposure