135 matches found
CVE-2026-56275
Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud...
CVE-2025-37186
A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access VIA client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges...
CVE-2025-37186 Local Privilege Escalation Vulnerability in HPE Aruba Networking Virtual Intranet Access (VIA) Client for Linux
A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access VIA client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges...
HPE Aruba Networking Virtual Intranet Access 安全漏洞
HPE Aruba Networking Virtual Intranet Access is a client agent software from HPE America. A security vulnerability exists in HPE Aruba Networking Virtual Intranet Access that stems from a local elevation of privilege vulnerability that could lead to the execution of arbitrary code with root...
PT-2026-2464
A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access VIA client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges...
SUSE CVE-2025-62155
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applie...
WordPress 6Storage Rentals plugin server-side request forgery vulnerability
WordPress 6Storage Rentals plugin is a plugin designed for WordPress websites, designed to help webmasters easily manage the rental booking process for storage facilities. WordPress 6Storage Rentals plugin suffers from a server-side request forgery vulnerability, which stems from the server not...
BIT-ACTIVEMQ-2021-21342 A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...
CVE-2025-62155
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applie...
expat: internal entity expansion
expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...
CVE-2025-62155
The CVE-2025-62155 entry concerns QuantumNous/new-api. A SSRF vulnerability existed prior to version 0.9.6 where the fix only protected the first URL request; an attacker could bypass via a 302 redirect and reach internal/intranet resources. The issue has been addressed in version 0.9.6, accordin...
CVE-2025-62155 QuantumNous New API Has SSRF Bypass
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applie...
CVE-2025-62155 QuantumNous New API Has SSRF Bypass
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applie...
CVE-2025-62155 QuantumNous New API Has SSRF Bypass
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applie...
new-api is vulnerable to SSRF Bypass
Summary A recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applies security restrictions to the first URL request, a 302 redirect can bypass existing security measures and successful...
GHSA-9F46-W24H-69W4 new-api is vulnerable to SSRF Bypass
Summary A recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applies security restrictions to the first URL request, a 302 redirect can bypass existing security measures and successful...
EUVD-2015-5858
Malware in sbrugna...
EUVD-2018-6429
Malware in sbrugna...
EUVD-2019-6120
Malware in sbrugna...
EUVD-2017-18242
Malware in sbrugna...