https://chs.us/en-uscarl.sampson@gmail.com (Carl Sampson)carl.sampson@gmail.com (Carl Sampson)Thu, 02 Apr 2026 22:40:44 -0400https://chs.us/2026/02/ssrf-changedetection-cve-2026-27696/Fri, 27 Feb 2026 00:00:00 +0000carl.sampson@gmail.com (Carl Sampson)https://chs.us/2026/02/ssrf-changedetection-cve-2026-27696/CVE-2026-27696: A high-severity SSRF in changedetection.io that bypasses URL allowlist validation to access cloud metadata services. CVSS 8.6.SecuritySsrfCveApplication-Securityhttps://chs.us/2025/05/ssrf-attack-vectors/Mon, 12 May 2025 22:28:45 +0000carl.sampson@gmail.com (Carl Sampson)https://chs.us/2025/05/ssrf-attack-vectors/A comprehensive look at SSRF attack vectors — how attackers exploit server-side request forgery to access internal resources, cloud metadata, and more.SecuritySsrfApplication-Securityhttps://chs.us/2025/04/ssrf-defense/Mon, 28 Apr 2025 20:21:08 +0000carl.sampson@gmail.com (Carl Sampson)https://chs.us/2025/04/ssrf-defense/Practical SSRF defense strategies: input validation, URL allowlisting, network segmentation, and tools for preventing server-side request forgery.SecuritySsrfApplication-Security