CVE-2025-32372

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including...

CVE-2025-32372 Server-Side Request Forgery (SSRF) in DotNetNuke.Core

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including...

CVE-2025-32358

The CVE describes an SSRF flaw in Zammad 6.4.x prior to 6.4.2. Authenticated admin users can enable webhooks, which trigger POST requests; if a webhook endpoint replies with a redirect, Zammad follows it with an automatic GET, enabling potential access to internal resources (e.g., local network)....

ROS-20250402-07

A vulnerability in the Consul and Consul Enterprise service configuration tool is related to insufficient validation of user input. of user input. Exploitation of the vulnerability could allow an attacker acting remotely to launch an SSRF attack. remotely to launch an SSRF attack Vulnerability in...

Security Bulletin: There is a vulnerability in jetty-http-9.4.53.v20231009.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-6763)

Summary There is a vulnerability in jetty-http-9.4.53.v20231009.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes...

CVE-2025-0454

A Server-Side Request Forgery SSRF vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. The vulnerability arises due to a hostname confusion between the urlparse function from the urllib.parse library and the requests library. A malicious...

EulerOS 2.0 SP12 : python3 (EulerOS-SA-2025-1304)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This...

EulerOS 2.0 SP12 : python3 (EulerOS-SA-2025-1303)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This...

Security Bulletin: Vulnerability in UriComponentsBuilder affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerability in UriComponentsBuilder has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information...

Linux Distros Unpatched Vulnerability : CVE-2022-35583

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP...

The vulnerability of Veeam Backup’s backup for virtual machines deployed in Microsoft Azure allows a attacker to perform an SSRF attack.

The vulnerability of Veeam Backup’s backup for virtual machines deployed in Microsoft Azure cloud environments is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

CVE-2025-25303

The MouseTooltipTranslator Chrome extension allows mouseover translation of any language at once. The MouseTooltipTranslator browser extension is vulnerable to SSRF attacks. The pdf.mjs script uses the URL parameter from the current URL as the file to download and display to the extension user...

CVE-2024-20404

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affect...

K000149612: Apache OFBiz vulnerability CVE-2023-50968

Security Advisory Description Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to...

Security Bulletin: IBM Data Product Hub uses Node.js axios & elliptic modules which are vulnerable (CVE-2024-39338, CVE-2024-42459, CVE-2024-42460, CVE-2024-42461)

Summary IBM Data Product Hub has dependencies on Node.js axios & elliptic modules which are vulnerable CVE-2024-39338, CVE-2024-42459, CVE-2024-42460, CVE-2024-42461. This bulletin contains information regarding the vulnerabilities and their fixture. Vulnerability Details CVEID:CVE-2024-42461...

Advisory ROSA-SA-2025-2605

software: libuv 1.44.2 OS: ROSA-CHROME packageevrstring: libuv-1.44.2-2 CVE-ID: CVE-2024-24806 BDU-ID: 2024-02979 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the uvgetaddrinfo function src/unix/getaddrinfo.c, src/win/getaddrinfo.c of the libuv asynchronous I/O library is related to insufficient...

CVE-2025-23221

Summary: CVE-2025-23221 affects Fedify’s Webfinger handling, enabling an attacker to abuse lookupWebFinger to trigger an endless redirect loop and potential Blind SSRF, leading to Denial of Service. Multiple sources (Red Hat, NVD/NVD-like entries, OSV, GHSA advisories, Veracode) describe the issu...

PT-2025-3679 · WordPress · The Greenshift

Name of the Vulnerable Software and Affected Versions: The Greenshift – animation and page builder blocks plugin for WordPress versions prior to 9.0.1 Description: The issue is related to Authenticated Server-Side Request Forgery and Stored Cross Site Scripting due to a missing capability check i...

CVE-2024-10903

The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisite installation...

CVE-2024-10903

CVE-2024-10903 concerns the WordPress plugin Broken Link Checker (before 2.4.2). The issue arises because the plugin does not validate the target URLs before requesting them, enabling potential SSRF from an admin user, including in multisite setups. Public sources in the connected docs confirm th...