Summary
Paymenter has Blind Unauthenticated SSRF on the Paypal gateway module
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-GFQ7-5X4G-3XHF
@budibase/backend-core has potential SSRF DNS rebinding bypass in outbound fetch validation
- HIGHGHSA-4Q6H-8P4V-67VQ
Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata
- MEDIUMGHSA-C4V7-XG93-QF8G
Gogs has SSRF in webhook deliveries
- MEDIUMGHSA-C556-Q2MH-477V
OpenAM Authenticated Server-Side Request Forgery (SSRF) via `/sessionservice`
- HIGHGHSA-FFM6-VVPH-G5F5
OpenCTI has Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature
- MEDIUMGHSA-H5RG-8P7F-47G2
SurrealDB: SSRF via JWKS URL — Redirect Following in JWT Key Fetch