CVE-2026-11346

A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...

CVE-2026-10052

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

CVE-2026-10052

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

Movary 安全漏洞

Movary is a film review program developed by Lee Peuker personally. Versions of Movary prior to 0.71.1 contained security vulnerabilities. These vulnerabilities stemmed from the /settings/jellyfin/server-url-verify endpoint, which allowed user-controlled URLs to initiate server-side HTTP requests...

Server-Side Request Forgery (SSRF)

local-deep-research is vulnerable to Server-Side Request ForgerySSRF. The vulnerability is due to the download service using raw requests.get without applying SSRF protections, which allows an attacker to submit malicious URLs to access internal services, cloud metadata endpoints, or perform...

CVE-2025-67743 Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service

Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service downloadservice.py makes HTTP requests using raw requests.get without utilizing the application's SSRF protection saferequests.py. This can allow...

CVE-2025-67743 Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service

Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service downloadservice.py makes HTTP requests using raw requests.get without utilizing the application's SSRF protection saferequests.py. This can allow...

CVE-2025-59088 Python-kdcproxy: unauthenticated ssrf via realm‑controlled dns srv

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...

CVE-2025-63551

A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...

PT-2025-116: Server‑Side Request Forgery (SSRF) in FreeScout

The vulnerability was identified in FreeScout , versions 1.8.182. The discovered vulnerability allows an attacker to issue requests to restricted‑access servers, enabling internal‑network reconnaissance and subsequent attacks. Vulnerability status: Confirmed by vendor Date of vulnerability...

DNN < 9.13.8 DotNetNuke.Core Server-Side Request Forgery (CVE-2025-32372)

According to its self-reported version, the instance of DNN formerly DotNetNuke running on the remote web server is prior to 9.13.8. It is, therefore, affected by a server-side request forgery vulnerability: - DNN formerly DotNetNuke is an open-source web content management platform CMS in the...

CVE-2025-32372

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including...

CVE-2025-32372

CVE-2025-32372 : DNN (DotNetNuke) exposes a bypass of CVE-2017-0929 enabling unauthenticated, semi‑blind SSRF via arbitrary GET requests to internal or external URLs. Public sources reference this as a server-side request forgery affecting DNN, with a fixed revision in 9.13.8; Nessus/NVD entries ...

CVE-2025-32372 Server-Side Request Forgery (SSRF) in DotNetNuke.Core

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including...

GHSA-3F7V-QX94-666M DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF)

A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks. Impact This vulnerability facilitates a semi-blind SSRF attack, allowing attacke...

DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF)

A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks. Impact This vulnerability facilitates a semi-blind SSRF attack, allowing attacke...

Automated Bots Growing Tool For Hackers

SAN FRANCISCO – The use of automated bots is becoming more prevalent for novice attackers as tools become more available, researchers found. A honeypot experiment, detailed by Cybereason at this year’s RSA Conference, showed the commoditization of using bots to perform low-level tasks. The honeyp...

99 Problems but Two-Factor Ain’t One

Two-factor authentication is a best practice for securing remote access, but it is also a Holy Grail for a motivated red team. Hiding under the guise of a legitimate user authenticated through multiple credentials is one of the best ways to remain undetected in an environment. Many companies rega...