GHSA-CWPP-325Q-2CVP Statamic Vulnerable to Server-Side Request Forgery via Glide

Impact When Glide image manipulation is used in insecure mode which is not the default, the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary URLs—either via the URL directly or via the watermark feature. That can allow access to internal...

EUVD-2025-25816

Malicious code in bioql PyPI...

CVE-2025-57644

Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input validation allows for arbitrary file write a...

CVE-2025-57818

Firecrawl turns entire websites into LLM-ready markdown or structured data. Prior to version 2.0.1, a server-side request forgery SSRF vulnerability was discovered in Firecrawl's webhook functionality. Authenticated users could configure a webhook to an internal URL and send POST requests with...

CVE-2025-57818 Firecrawl SSRF Vulnerability via malicious webhook

Firecrawl turns entire websites into LLM-ready markdown or structured data. Prior to version 2.0.1, a server-side request forgery SSRF vulnerability was discovered in Firecrawl's webhook functionality. Authenticated users could configure a webhook to an internal URL and send POST requests with...

PT-2024-13676 · Unknown · Kiuwan Local Analyzer +1

Name of the Vulnerable Software and Affected Versions: Kiuwan SAST version master.1808.p685.q13371 Description: The issue arises when the Kiuwan Local Analyzer uploads scan results to the Kiuwan SAST web application, which processes XML files containing external entities. This leads to an XML...

PT-2023-29904 · Unknown · Motors – Car Dealer

Name of the Vulnerable Software and Affected Versions: Motors – Car Dealer, Classifieds & Listing versions 1.4.6 and earlier Description: A Server-Side Request Forgery SSRF issue has been identified. This issue allows an attacker to forge requests from the server, potentially leading to...

Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product

SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems. The San Jose-based company said the attacks leveraged zero-day vulnerabilities in SonicWall secure remote access products suc...