648 matches found
PT-2025-49022
Name of the Vulnerable Software and Affected Versions XunRuiCMS versions up to 4.7.1 Description A security flaw exists in XunRuiCMS, specifically within the Email Setting Handler component. The issue involves server-side request forgery, potentially allowing remote exploitation. The flaw is...
CVE-2025-13872
Blind Server-Side Request Forgery SSRF in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination...
EUVD-2025-200120
Portkey.ai Gateway: Server-Side Request Forgery SSRF in Custom Host...
orion-ops 安全漏洞
orion-ops is a one-stop automated operation and maintenance and automated deployment platform by Jiahang Li, an individual developer. A security vulnerability exists in orion-ops, which stems from the misuse of the parameters host/sshPort/username/password/authType in the file...
SUSE CVE-2025-59088
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...
RLSA-2025:21139 Important: python-kdcproxy security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
python-kdcproxy: Remote DoS via unbounded TCP upstream buffering
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...
python-kdcproxy: Remote DoS via unbounded TCP upstream buffering
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...
python-kdcproxy: Unauthenticated SSRF via Realm‑Controlled DNS SRV
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...
Kibana 8.12.x < 8.19.7 / 9.1.x < 9.1.7 / 9.2.x < 9.2.1 (ESA-2025-24)
The version of Kibana installed on the remote host is prior to 8.19.7, 9.1.7, or 9.2.1. It is, therefore, affected by a vulnerability as referenced in the ESA-2025-24 advisory. - Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by...
PT-2025-47326
Name of the Vulnerable Software and Affected Versions Local Agent DVR versions through 6.6.1.0 Description Local Agent DVR is affected by a directory traversal issue. An unauthenticated local attacker can exploit this to access sensitive information, conduct a server-side forgery request SSRF, or...
EUVD-2025-198022
Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a server-side forgery request SSRF, or execute OS commands...
BIT-KIBANA-2025-37734 Kibana Origin Validation Error
Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant...
RHEL 10 : python-kdcproxy (RHSA-2025:21141)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:21141 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
EUVD-2025-131921
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...
CVE-2025-59089
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...
python-kdcproxy: Unauthenticated SSRF via Realm‑Controlled DNS SRV
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...
Important: Red Hat Security Advisory: python-kdcproxy security update
An update for python-kdcproxy is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...
CVE-2025-37734
CVE-2025-37734 describes an Origin Validation Error in Kibana that can enable Server-Side Request Forgery when a forged Origin header is processed by the Observability AI Assistant. Publicly cited details indicate affected Kibana versions include 8.12.x prior to 8.19.7, 9.1.x prior to 9.1.7, and ...
Kibana 8.19.7, 9.1.7, and 9.2.1 Security Update (ESA-2025-24)
Kibana Origin Validation Error ESA-2025-24 Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant. Affected Versions: 8.12.0 up to and including 8.19.6 9.1.0 up to and including 9.1.6 9.2.0 Affected...