131 matches found
CVE-2025-37186
A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access VIA client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges...
CVE-2025-37186 Local Privilege Escalation Vulnerability in HPE Aruba Networking Virtual Intranet Access (VIA) Client for Linux
A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access VIA client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges...
HPE Aruba Networking Virtual Intranet Access 安全漏洞
HPE Aruba Networking Virtual Intranet Access is a client agent software from HPE America. A security vulnerability exists in HPE Aruba Networking Virtual Intranet Access that stems from a local elevation of privilege vulnerability that could lead to the execution of arbitrary code with root...
PT-2026-2464
A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access VIA client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges...
SUSE CVE-2025-62155
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applie...
WordPress 6Storage Rentals plugin server-side request forgery vulnerability
WordPress 6Storage Rentals plugin is a plugin designed for WordPress websites, designed to help webmasters easily manage the rental booking process for storage facilities. WordPress 6Storage Rentals plugin suffers from a server-side request forgery vulnerability, which stems from the server not...
BIT-ACTIVEMQ-2021-21342 A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...
CVE-2025-62155
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applie...
expat: internal entity expansion
expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...
CVE-2025-62155 QuantumNous New API Has SSRF Bypass
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applie...
CVE-2025-62155 QuantumNous New API Has SSRF Bypass
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applie...
CVE-2025-62155 QuantumNous New API Has SSRF Bypass
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applie...
CVE-2025-62155
The CVE-2025-62155 entry concerns QuantumNous/new-api. A SSRF vulnerability existed prior to version 0.9.6 where the fix only protected the first URL request; an attacker could bypass via a 302 redirect and reach internal/intranet resources. The issue has been addressed in version 0.9.6, accordin...
new-api is vulnerable to SSRF Bypass
Summary A recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applies security restrictions to the first URL request, a 302 redirect can bypass existing security measures and successful...
GHSA-9F46-W24H-69W4 new-api is vulnerable to SSRF Bypass
Summary A recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applies security restrictions to the first URL request, a 302 redirect can bypass existing security measures and successful...
EUVD-2017-18242
Malware in sbrugna...
EUVD-2018-6429
Malware in sbrugna...
EUVD-2019-6120
Malware in sbrugna...
EUVD-2015-5858
Malware in sbrugna...
EUVD-2024-32646
Malicious code in bioql PyPI...