6 matches found
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the notifier functionality. An attacker can enumerate internal services by supplying arbitrary URLs, causing the application to send HTTP POST requests and observing UI behavior differences based on...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the notifier functionality. An attacker can enumerate internal services by supplying arbitrary URLs, causing the application to send HTTP POST requests and observing UI behavior differences based on...
CVE-2025-9522
Blind Server-Side Request Forgery SSRF in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information...
CVE-2025-55139
SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with admin privileges to enumerate internal...
CVE-2025-55139
SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with admin privileges to enumerate internal...
CVE-2025-22215
The CVE-2025-22215 SSRF vulnerability affects VMware Aria Automation. A malicious actor with "Organization Member" access can abuse server-side requests to enumerate internal services on the host/network. The advisory (VMSA-2025-0001) notes a CVSSv3 base score of 4.3 (Moderate) and lists fixed ve...