AutoGPT 代码问题漏洞

AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. There were code vulnerabilities in versions 0.1.0 to 0.6.51 of AutoGPT. These vulnerabilities stemmed from the SendEmailBlock function, which accepted parameters for the smtpserver and...

PT-2026-34813

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...

ProcessWire: server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature

ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...

CKAN MCP Server 代码问题漏洞

CKAN MCP Server is an open-source tool developed by onData, designed for natural language queries between AI assistants and open data platforms. Versions of CKAN MCP Server prior to 0.4.85 contained code vulnerabilities. These vulnerabilities stemmed from insufficient validation of the baseurl...

BMC FootPrints 代码问题漏洞

BMC FootPrints is an IT service management and ticket tracking system provided by the American company BMC. Versions of BMC FootPrints prior to 20.24.01.001 contained code vulnerabilities. These vulnerabilities stemmed from a flaw in the searchWeb API component, where blind server-side request...

undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

PT-2026-20836

Name of the Vulnerable Software and Affected Versions SoftVision webPDF versions prior to 10.0.2 Description The software contains a Server-Side Request Forgery SSRF issue. The PDF converter function does not validate requested resources in uploaded files, permitting protocols like http:// and...

CVE-2025-12543

Undertow core in WildFly/JBoss EAP is affected by CVE-2025-12543 due to improper validation of the Host header in HTTP requests. This can allow cache poisoning, internal network discovery, or user session hijacking. The CVSSv3.1 base score is 9.6 (CRITICAL) with network access, low attack complex...

PT-2026-1665

Name of the Vulnerable Software and Affected Versions Undertow versions affected versions not specified WildFly versions affected versions not specified JBoss EAP versions affected versions not specified Description A flaw exists in the Undertow HTTP server core, utilized by WildFly, JBoss EAP, a...

PT-2025-45351

Name of the Vulnerable Software and Affected Versions linshenkx prompt-optimizer versions 1.3.0 through 1.4.2 Description A Server-Side Request Forgery SSRF exists in the /api/proxy/ component. This allows attackers to scan internal resources by sending a specially crafted request. The api/proxy...

Introducing Our New Scanning Platform, CoalfireOne Scans

As you may be aware by now considering previous blog posts, ongoing walk-through webinars, and our press release, we released Coalfires brand new vulnerability scanning platform, CoalfireOne Scans, this morning. All of us here at the CoalfireOne Scanning Services Team are truly excited to see its...