appsec.fyi · Sources

radar.offseq.com

7 curated AppSec resources from radar.offseq.com across 2 topics on appsec.fyi.

radar.offseq.com

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-22.

SSRF 6 CSRF 1
Date Added Resource Excerpt
2026-04-22 2026CVE-2026-40925: CSRF in WWBN AVideo Configuration EndpointCSRFWriteup of CVE-2026-40925 detailing a Cross-Site Request Forgery (CSRF) vulnerability in WWBN AVideo versions 29.0 and prior. The configuration update endpoint fails to implement proper CSRF protections, allowing an attacker to overwrite critical site settings like SMTP credentials and encoder URLs via a malicious POST request from an administrator's browser, facilitated by the platform's `session.cookie_samesite=None` setting. A fix is noted in commit f9492f5e6123dff0292d5bb3164fde7665dc36b4.
2026-04-10 2026CVE-2026-35572: SSRF in ChurchCRMSSRFWriteup of CVE-2026-35572, a Server-Side Request Forgery (SSRF) vulnerability in ChurchCRM versions prior to 6.5.3. This flaw allows attackers to inject crafted URLs into the Referer header, forcing the server to make outbound HTTP/HTTPS requests to attacker-controlled hosts. Exploitation can lead to information disclosure or interaction with internal network resources. The vulnerability is fixed in ChurchCRM version 6.5.3.
2026-04-10 2026CVE-2026-34936: SSRF in PraisonAISSRFWriteup detailing CVE-2026-34936, a Server-Side Request Forgery (SSRF) vulnerability in MervinPraison's PraisonAI multi-agent teams system. Versions prior to 4.5.90 are affected due to the `passthrough()` and `apassthrough()` functions accepting uncontrolled `api_base` parameters, which are then passed to `httpx.Client.request()` without proper validation. This allows attackers to compel the server to make requests to arbitrary internal or external hosts, potentially leading to information disclosure from protected network resources. The issue was patched in version 4.5.90.
2026-04-10 2026CVE-2026-39368: SSRF in WWBN AVideoSSRFWriteup of CVE-2026-39368, a CWE-918 Server-Side Request Forgery (SSRF) vulnerability in WWBN AVideo versions 26.0 and prior. Authenticated streamers can exploit this flaw by controlling the `restreamerURL` parameter, allowing them to trigger server-side requests to internal or loopback HTTP services. This vulnerability has a CVSS 3.1 score of 6.5, with a high confidentiality impact due to potential unauthorized access to internal resources. No vendor advisory or patch is currently available.
2026-04-10 2026CVE-2026-33182: SSRF in Saloon PHP LibrarySSRFWriteup of CVE-2026-33182, a Server-Side Request Forgery (SSRF) vulnerability in the Saloon PHP library. Prior to version 4.0.0, Saloon would use an absolute URL provided as a request endpoint directly, ignoring the base URL. This allowed attackers to force the server to send requests, including authentication headers and tokens, to attacker-controlled hosts. The vulnerability, also related to CWE-522 credential exposure, is fixed in version 4.0.0 by rejecting absolute URLs by default.
2026-04-10 2026CVE-2026-34981: SSRF in whisperX-FastAPISSRFWriteup of CVE-2026-34981, a Server-Side Request Forgery (SSRF) vulnerability in whisperX-FastAPI. Versions 0.3.1 through 0.5.x are affected in `FileService.download_from_url()` due to unvalidated URL inputs, allowing attackers to append `.mp3` to internal URLs to bypass extension checks. The unauthenticated `/speech-to-text-url` endpoint facilitates exploitation, potentially leading to unauthorized information disclosure. The vulnerability is fixed in version 0.6.0.
2026-03-02 2026CVE-2026-28295: Server-Side Request Forgery (SSRF) in Red Hat Red Hat Enterprise Linux 10 - Live Threat Intelligence - Threat Radar | OffSeq.comSSRFWriteup on CVE-2026-28295, a Server-Side Request Forgery (SSRF) vulnerability in the FTP GVfs backend of Red Hat Enterprise Linux 10. A malicious FTP server can exploit this by providing arbitrary IP addresses and ports in its passive mode (PASV) response, causing the client to connect to unintended internal or external endpoints. This allows attackers to probe for open ports and discover internal network resources. The vulnerability requires user interaction to connect to the malicious server and primarily results in information disclosure for network reconnaissance.