251 matches found
CVE-2025-71258 BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Blind SSRF in searchWeb
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the searchWeb API component that allows authenticated attackers to cause the server to initiate arbitrary outbound requests. Attackers can exploit improper URL validation to...
VulnEye---Lightweight-Vulnerability-Scanner
VulnEye - Lightweight Vulnerability Scanner VulnEye is a modu...
CVE-2026-26005
ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 45, in Clip Bucket V5, The Remote Play allows creating video entries that reference external video URLs without uploading the video files to the server. However, by specifying an internal network host in the video URL, an SS...
CVE-2026-26005 ClipBucket v5 enables internal network scans via an SSRF vulnerability
ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 45, in Clip Bucket V5, The Remote Play allows creating video entries that reference external video URLs without uploading the video files to the server. However, by specifying an internal network host in the video URL, an SS...
CVE-2026-26005 ClipBucket v5 enables internal network scans via an SSRF vulnerability
ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 45, in Clip Bucket V5, The Remote Play allows creating video entries that reference external video URLs without uploading the video files to the server. However, by specifying an internal network host in the video URL, an SS...
CVE-2026-25870
DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
⚡ Pentest Automation !Versionhttps://img.shields.io/badg...
CVE-2025-58441
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact o...
CVE-2025-58441 Knowage is vulnerable to blind server-side request forgery (SSRF)
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact o...
CVE-2025-12543
A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...
Knowage 代码问题漏洞
Knowage is an open source suite for modern business analytics on legacy resources and big data systems from Knowage, Italy. A code issue vulnerability exists in Knowage versions prior to 8.1.37, which stems from the presence of blind server-side request forgery that could lead an attacker to scan...
SecurityAnalystTasks
SecurityAnalystTasks This repository contains hands-on cyberse...
Evil-M5Project WiFi Exploration Tool
This is the latest archive as of 2025/01/02 of the Evil-M5Project, an innovative tool developed for ethical testing and exploration of WiFi networks. It harnesses the power of the M5Core2 device to scan, monitor, and interact with WiFi networks in a controlled environment. This project is designe...
VScanX
VScanX - Ethical Vulnerability Scanner !Versionhttps://img...
Reporttool
Reporttool A versatile report and attack tool that can carry o...
EUVD-2025-197664
Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques...
Exploit for CVE-2025-12654
AnyDesk Exploit AnyDesk, remote access software, has faced se...
CVE-2025-59051
The FreePBX Endpoint Manager module includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery. In Endpoint Manager 16 before 16.0.92 and 17 before 17.0.6, insufficiently sanitized user-supplied input allows authenticated OS command...
CVE-2025-59051
The FreePBX Endpoint Manager module includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery. In Endpoint Manager 16 before 16.0.92 and 17 before 17.0.6, insufficiently sanitized user-supplied input allows authenticated OS command...
CVE-2025-59051
The FreePBX Endpoint Manager module includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery. In Endpoint Manager 16 before 16.0.92 and 17 before 17.0.6, insufficiently sanitized user-supplied input allows authenticated OS command...