This page collects WhisperX intelligence signals tagged #CWE-918. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical server-side request forgery (SSRF) vulnerability has been flagged within a GitHub-hosted codebase, posing a direct threat to private organizational data. The vulnerability, classified as HIGH severity, stems from a dangerous pattern where untrusted data from a user request object is passed directly into a ne...
A critical Server-Side Request Forgery (SSRF) vulnerability remains unpatched in the workspace-server codebase, despite a recent pull request that only implemented a superficial timeout. The core security flaw—a complete lack of URL validation before making outbound HTTP requests—leaves internal systems exposed to pote...