SearXNG MCP Server: DNS-resolved Private Hostname SSRF in `web_url_read

Open WebUI Vulnerable to SSRF via OAuth Profile Picture URL in _process_picture_url (oauth.py

Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox

Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers

PraisonAI: Jobs webhook SSRF protection bypass via DNS rebinding

PraisonAI: Server-Side Request Forgery (SSRF) in SearxNG / search_web tools via attacker-controlled searxng_url parameter

praisonaiagents: SSRF guard validates literal IPs only and never resolves

Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url` (incomplete-fix sibling

auth-fetch-mcp: SSRF and disk exfiltration via unvalidated auth_fetch and download_media URLs

DeepSeek TUI has SSRF via HTTP Redirect Bypass in fetch_url Tool

customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection

Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains

budibase/backend-core has potential SSRF DNS rebinding bypass in outbound fetch validation

Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal

Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection

PraisonAI has an SSRF bypass

Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation

Open WebUI has a Server-Side Request Forgery (SSRF) bypass in `validate

powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery (SSRF) bypass exists in `RecursiveUrlLoader` in `@langchain/community`. The loader validates the initial URL but allows the underlying

Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web