Astra Linux - уязвимость в linux, linux-5.10

A flaw in the processing of received ICMP errors such as ICMP fragments and ICMP redirections within the Linux kernel’s functionality was identified. This flaw allows an off-path remote user to quickly scan open UDP ports. This vulnerability enables a remote user to bypass the UDP source port...

CVE-2026-40566

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery SSRF vulnerability in the IMAP/SMTP connection test functionality of FreeScout's MailboxesController. Three AJAX actions fetchtest line 731, sendtest line 682, and imapfolder...

USN-8114-1: GVfs vulnerabilities

It was discovered that the GVfs FTP backend incorrectly handled IP addresses and ports returned by passive mode responses. A malicious remote server could possibly use this issue to help scan for open ports. CVE-2026-28295 It was discovered that the GVfs FTP backend incorrectly handled crafted fi...

CVE-2026-33126

Frigate is a network video recorder (NVR) for IP cameras. A vulnerability exists in the /ffprobe endpoint where, prior to version 0.16.3, it accepts arbitrary user-controlled URLs without proper validation, enabling Server-Side Request Forgery (SSRF). An attacker could use the Frigate server to i...

CVE-2025-45691

A flaw was found in Ragas. Improper validation of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs leads to Server-Side Request Forgery SSRF. This vulnerability allows attackers to perform arbitrary file reads, conduct internal port scans and access cloud metadata...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001372)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001372 advisory. A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass...

EUVD-2019-17184

Malware in sbrugna...

EUVD-2017-18242

Malware in sbrugna...

EUVD-2002-1484

Malware in sbrugna...

EUVD-2004-1625

Malware in sbrugna...

EUVD-2022-5940

Malicious code in bioql PyPI...

EUVD-2022-3368

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-20322

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in the processing of received ICMP errors ICMP fragment needed and ICMP redirect in the Linux kernel functionality was found to allow the ability to...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the RequestsToolkit module. An attacker can access internal network resources, perform port scans, retrieve sensitive metadata from cloud environments, and interact with local services by crafting...

GHSA-H5GC-RM8J-5GPR LangChain Community SSRF vulnerability exists in RequestsToolkit component

A Server-Side Request Forgery SSRF vulnerability exists in the RequestsToolkit component of the langchain-community package specifically, langchaincommunity.agenttoolkits.openapi.toolkit.RequestsToolkit in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does n...

CVE-2002-2052

Cisco 2611 router running IOS 12.16.5, possibly an interim release, allows remote attackers to cause a denial of service via port scans such as 1 scanning all ports on a single host and 2 scanning a network of hosts for a single open port through the router. NOTE: the vendor could not reproduce...

Linux Distros Unpatched Vulnerability : CVE-2017-7200

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network...

CVE-2024-48107

SparkShop =1.1.7 is vulnerable to server-side request forgery SSRF. This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server...

LangChain < 0.2.9 SSRF

The remote host contains a langchain version that is prior to 0.2.9. It is, therefore, affected by a Server-Side Request Forgery vulnerability in the Web Research Retriever component in langchain-community langchain-community.retrievers.webresearch.WebResearchRetriever. The vulnerability arises...

The vulnerability of the GLPI system’s request and incident handling process, related to improper neutralization of special elements used in SQL commands, allows attackers to compromise the integrity of the system.

The vulnerability of the GLPI request and incident handling system lies in the lack of proper validation of input requests within the plugin controller, and the use of low-level plugin APIs for access. Exploitation of this vulnerability could allow a malicious actor to scan server ports or...