CVE-2026-11346

A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...

PT-2026-46932

A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...

IASS-ISP-ASN-Security-Scanner

💀 IASS — ISP ASN Security Scanner Automated reconnaissance &...

EUVD-2025-209451

A server-side request forgery ssrf vulnerability CWE-918 vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise 7.6.0...

CVE-2025-59809

A server-side request forgery ssrf vulnerability CWE-918 vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise 7.6.0...

CVE-2025-59809

A server-side request forgery ssrf vulnerability CWE-918 vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise 7.6.0...

CVE-2025-59809

A server-side request forgery ssrf vulnerability CWE-918 vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise 7.6.0...

Anytype Heart's gRPC API client challenge verification can be bypassed on localhost

Impact The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. Affected components: - Anytype Desktop all platforms ≤ v0.48.2 - Anytype-CLI headless deployments ≤ v0.1.9 Not affected: - Anytype mobile apps iOS...

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force in the challenge process. An attacker can gain unauthorized access to the local gRPC API by bypassing the 4-digit code authentication mechanism. This is only exploitable if the attacker has local user-level access to the...

gvfs 代码问题漏洞

GVfs is a virtual file system developed under the Gnome open-source project. GVfs has code vulnerabilities that stem from the unconditional trust placed in information within the passive mode response by clients. This vulnerability could allow malicious servers to detect open ports on the client’...

CVE-2020-24142

Server-side request forgery in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hos...

CVE-2025-64327 ThinkDashboard: Blind Server-Side Request Forgery (SSRF) vulnerability in /api/ping Endpoint

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery SSRF vulnerability, in its /api/ping?url= endpoint. This allows an attacker to make arbitrary requests to internal or external hosts. This...

CVE-2025-64327

CVE-2025-64327 affects ThinkDashboard (Go + JavaScript) and is caused by a blind SSRF in the /api/ping?url= endpoint in versions 0.6.7 and earlier. An attacker can cause the application to perform arbitrary requests to internal or external hosts, potentially revealing local network topology and o...

EUVD-2025-38186

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery SSRF vulnerability, in its /api/ping?url= endpoint. This allows an attacker to make arbitrary requests to internal or external hosts. This...

CVE-2025-60279

A server-side request forgery SSRF vulnerability in Illia Cloud illia-Builder before v4.8.5 allows authenticated users to send arbitrary requests to internal services via the API. An attacker can leverage this to enumerate open ports based on response discrepancies and interact with internal...

EUVD-2006-0350

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2023-26735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports...

Secator - The Pentester'S Swiss Knife

secator is a task and workflow runner used for security assessments. It supports dozens of well-known security tools and it is designed to improve productivity for pentesters and security researchers. Features Curated list of commands Unified input options Unified output schema CLI and library...

DEBIAN-CVE-2023-26735

blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured...

Linux Prometheus Blackbox Exporter 代码问题漏洞

Linux Prometheus Blackbox Exporter is a blackbox exporter from the Linux Foundation in the United States that allows blackbox probing of endpoints over HTTP, HTTPS, DNS, TCP and ICMP. A security vulnerability exists in Linux Prometheus Blackbox Exporter version v0.23.0 that stems from the inclusi...