ROS-20250822-21

A vulnerability in the PHP programming language interpreter is related to insufficient null byte checking in the implementation of the fsockopen function when handling hostnames. Exploitation of the vulnerability could allow an attacker acting remotely to perform SSRF attacks A vulnerability in t...

CVE-2025-5260

Server-Side Request Forgery SSRF vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Server Side Request Forgery. This issue affects Pik Online: before 3.1.5...

Linux Distros Unpatched Vulnerability : CVE-2024-42365

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Asterisk is an open source private branch exchange PBX and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk...

Linux Distros Unpatched Vulnerability : CVE-2018-14721

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the...

WP Crontrol Authenticated (Administrator+) plugin vulnerable to Blind Server-Side Request Forgery

Impact The WP Crontrol plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the wpremoterequest function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...

WordPress Captcha.eu plugin <= 1.0.61 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by ch4r0n in WordPress Plugin Captcha.eu versions = 1.0.61...

Linux Distros Unpatched Vulnerability : CVE-2022-4201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local...

CVE-2025-20148 Cisco Secure Firewall Management Center HTML Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An...

CVE-2025-55151

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality /api/v1/convert/file/pdf uses LibreOffice's unoconvert tool for conversion, and SSRF vulnerabilities exist during the conversion process...

F5 Networks BIG-IP : Apache HTTP Server vulnerability (K000152924) (deprecated)

The vendor no longer states that their product is vulnerable. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution K000152924. Disabled on 2026/01/29. Advisory states BIG-IP no longer vulnerable...

SUSE CVE-2025-52477

Octo-STS is a GitHub App that acts like a Security Token Service STS for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error lo...

org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority

A flaw was found in Jetty. The HttpURI class performs insufficient validation on the authority segment of a URI. The HttpURI and the browser may differ on the value of the host extracted from an invalid URI. This combination of Jetty and a vulnerable browser may be vulnerable to an open redirect...

UBUNTU-CVE-2025-52567

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploit. The previous security patches provided...

CVE-2025-8133

A vulnerability classified as critical has been found in yanyutao0402 ChanCMS up to 3.1.2. This affects the function getArticle of the file app/modules/api/service/gather.js. The manipulation of the argument targetUrl leads to server-side request forgery. It is possible to initiate the attack...

Apwide Golive 安全漏洞

Apwide Golive is a test environment management plugin from Apwide Golive, Switzerland. A security vulnerability exists in Apwide Golive version 10.2.0, which stems from an unauthenticated test webhook function that could lead to server-side request forgery...

The vulnerability in the web interface for managing software tools used to create reports for Cisco Unified Intelligence Center, as well as for multimedia and distributed contact centers like Cisco Unified Contact Center Enterprise, allows attackers to perform SRF attacks.

The vulnerability in the web interface for managing software tools used to create reports for Cisco Unified Intelligence Center, as well as for multimedia and distributed contact centers like Cisco Unified Contact Center Enterprise, stems from forged requests at the server side, resulting from...

Gitroom Postiz 代码问题漏洞

Gitroom Postiz is a social media scheduling tool from Gitroom open source. A code issue vulnerability exists in Gitroom Postiz versions 1.45.1 through 1.62.3, which stems from HTTP header injection and could lead to server-side request forgery...

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2014-3931link is external Multi-Router Looking Glass MRLG Buffer Overflow Vulnerability CVE-2016-10033link is external PHPMailer Command Injection Vulnerabilit...

PT-2025-67: XML external entity leads to Local File Read and Server-side request forgery in FastReport.NET

The vulnerability was identified in FastReport .NET, versions 2024.2.20. The discovered vulnerability, due to the ability to inject and expand external entities, can be exploited by an attacker to read arbitrary local files and perform server‑side request forgery SSRF with full response retrieval...

CVE-2025-45872

zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery SSRF via the downloadUrl parameter...