393 matches found
CVE-2026-23529 Arbitrary File Read in Google BigQuery Sink connector
Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations...
EUVD-2026-3124
Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations...
CVE-2023-50968
Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes th...
CVE-2022-0249
A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked...
CVE-2021-22179
A vulnerability was discovered in GitLab versions before 12.2. GitLab was vulnerable to a SSRF attack through the Outbound Requests feature...
CVE-2025-23221
Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security...
CVE-2024-41668
The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. When running a publicly exposed proxy endpoint without authentication, cBioPortal could allow someone to perform a Server Side Request Forgery SSRF attack. Logged in users...
CVE-2019-12852
An SSRF attack was possible on a JetBrains YouTrack server. The issue 1 of 2 was fixed in JetBrains YouTrack 2018.4.49168...
Security Bulletin: Multiple vulnerabilities found in IBM EntireX through the use of webMethods Integration Server.
Summary As IBM EntireX Adapter runs in the webMethods Integration Server and the webMethods Integration Server has been updated in order to address the vulnerabilities, the fix for webMethods Integration Server will need to be applied by IBM EntireX customers. Vulnerability Details...
Exploit for CVE-2025-66516
🚨 CVE-2025-66516 — Critical Apache Tika Vulnerability !G7o6Z...
GeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature
Description An XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap. However, this input is not sufficiently sanitized or restricted, allowing an attacker to define external entities within the XML...
python-kdcproxy security update
An update is available for python-kdcproxy. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...
Linux Distros Unpatched Vulnerability : CVE-2025-59088
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS...
USN-7830-1: FFmpeg vulnerabilities
It was discovered that FFmpeg incorrectly handled the return values of functions in its Firequalizer filter and in the HTTP Live Streaming HLS implementation, leading to a NULL pointer dereference. If a user was tricked into loading a crafted media file, a remote attacker could possibly use this...
CVE-2025-8594 Pz-LinkCard < 2.5.7 - Contributor+ SSRF
The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a parameter before making a request to it, which could allow users with a role as low as Contributor to perform SSRF attack...
PT-2025-41851
Name of the Vulnerable Software and Affected Versions Pz-LinkCard WordPress plugin versions prior to 2.5.7 Description The software does not properly validate a parameter before using it in a request, potentially allowing Server-Side Request Forgery SSRF attacks. Users with Contributor privileges...
EUVD-2016-10227
Malware in sbrugna...
EUVD-2019-4223
Malware in sbrugna...
EUVD-2021-1099
Malware in sbrugna...
EUVD-2018-10469
Malware in sbrugna...