CVE-2025-64709

Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery SSRF vulnerability in the Typebot webhook block HTTP Request component functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance...

CVE-2025-64709

Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery SSRF vulnerability in the Typebot webhook block HTTP Request component functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance...

CVE-2025-64709

Typebot (open-source chatbot builder) contains an SSRF flaw in the webhook block’s HTTP Request component affecting versions before 3.13.1. The issue lets authenticated users cause server-side HTTP requests, bypass IMDSv2 via custom header injection, and extract temporary AWS IAM credentials for ...

EUVD-2025-175361

Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery SSRF vulnerability in the Typebot webhook block HTTP Request component functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance...

CVE-2025-64709 Typebot May Expose AWS EKS Credentials via Server Side Request Forgery in Webhook Block

Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery SSRF vulnerability in the Typebot webhook block HTTP Request component functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance...

CVE-2025-64709 Typebot May Expose AWS EKS Credentials via Server Side Request Forgery in Webhook Block

Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery SSRF vulnerability in the Typebot webhook block HTTP Request component functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance...

EUVD-2021-16413

Malware in sbrugna...

EUVD-2024-26086

Malicious code in bioql PyPI...

EUVD-2023-29511

Malicious code in bioql PyPI...

CVE-2025-34233 Vasion Print (formerly PrinterLogic) Insecure Use of file_get_contents()

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a protection mechanism failure vulnerability within the filegetcontents function. When an administrator configures a printer’s hostname or...

CVE-2025-34233

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a protection mechanism failure vulnerability within the filegetcontents function. When an administrator configures a printer’s hostname or...

CVE-2020-36851

Rob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services,...

GHSA-R3JV-XFGX-GJ24 cors-anywhere vulnerable to server-side request forgery

Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets SSRF. Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services...

Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services AWS Instance Metadata Service IMDS. The vulnerability in question is CVE-2025-51591 CVSS score: 6.5,...

IMDS Abused: Hunting Rare Behaviors to Uncover Exploits

When common processes start asking the wrong questions...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the listCount function in the TestDefinitionDAO interface when the supportedDataTypeParam parameter is used to construct a SQL query. An attacker can extract sensitive information from the database by injecting crafted...

CVE-2021-29954

Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulnerability affects Hubs Cloud mozillareality/reticulum/1.0.1/20210428201255...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the listCount function in the WorkflowDAO interface. An attacker can extract sensitive information from the database by manipulating the workflowtype and status parameters to construct malicious SQL queries. Remediatio...

SUSE-SU-2025:20123-1 Security update for cloud-regionsrv-client

This update for cloud-regionsrv-client contains the following fixes: - Update to 10.3.11 bsc1234050 + Send registration code for the extensions, not only base product - Update to 10.3.9: bsc1234050 + Send registration code for the extensions, not only base product - Update to 10.3.8: bsc1233333 +...

Malicious code in ens-metadata-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2081a78185962d36398bd09a1f7f68d7724d64666f2c33343bf15011892e8a93 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...