144 matches found
CVE-2025-58411
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources reference counting creating a potential use after free scenario. Improper resource management and reference counting on an internal resource caused scenario where potentia...
CVE-2025-10865
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free. Improper reference counting on an internal resource caused scenario where potential for use after free was present...
CVE-2025-58411
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources reference counting creating a potential use after free scenario. Improper resource management and reference counting on an internal resource caused scenario where potentia...
PT-2025-53754
Name of the Vulnerable Software and Affected Versions Hemmelig versions prior to 7.3.3 Description A Server-Side Request Forgery SSRF filter bypass exists in the webhook URL validation of the Secret Requests feature in Hemmelig, a messaging app with client-side encryption and self-destructing...
CVE-2021-47715 Hasura GraphQL 1.3.3 Server-Side Request Forgery via Remote Schema Injection
Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers to inject arbitrary remote schema URLs through the addremoteschema endpoint. Attackers can exploit the vulnerability by sending crafted POST requests to the /v1/query endpoint with malicious URL...
CVE-2025-68477
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, an...
Fetch MCP Server has a Server-Side Request Forgery (SSRF) vulnerability
fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...
Adobe Experience Manager (AEM) CRX Search Endpoint Exposure
The remote Adobe Experience Manager AEM CRX search endpoint is accessible. These endpoints provide potential attackers with access to search functionalities, which could be exploited to discover sensitive internal resources. No source data...
CVE-2025-64180 Manager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)
Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...
CVE-2025-64180
The vulnerability CVE-2025-64180 affects Manager-io/Manager Desktop and Server (versions 25.11.1.3085 and earlier). The issue stems from a TOCTOU race condition in the DNS validation mechanism, allowing an attacker to bypass network isolation and access internal resources, cloud metadata endpoint...
CVE-2025-60541
A Server-Side Request Forgery SSRF in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request...
CVE-2025-60541
A Server-Side Request Forgery SSRF in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request...
CVE-2025-60541
A Server-Side Request Forgery SSRF in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request...
Prompt Optimizer 安全漏洞
Prompt Optimizer is a prompt word optimizer by and Alchemy Time Personal Developer. A security vulnerability exists in Prompt Optimizer versions 1.3.0 through 1.4.2, which stems from a server-side request forgery in the /api/proxy component, which could allow an attacker to scan internal resource...
CVE-2025-60541
A Server-Side Request Forgery SSRF in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request...
CVE-2025-61784
LLaMA-Factory is a tuning library for large language models. Prior to version 0.9.4, a Server-Side Request Forgery SSRF vulnerability in the chat API allows any authenticated user to force the server to make arbitrary HTTP requests to internal and external networks. This can lead to the exposure ...
EUVD-2018-1856
Malware in sbrugna...
EUVD-2024-49313
Malicious code in bioql PyPI...
EUVD-2023-2052
Malicious code in bioql PyPI...
Server-side Request Forgery (SSRF)
Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. An attacker can access internal resources, exfiltrate sensitive information, or perform unauthorized actions by sending crafted...