CVE-2022-22532

In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the...

UBUNTU-CVE-2025-4123

A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...

NetScaler - Error "Registration of device failed" when adding license server.

After recently deploying and registering a NetScaler Console formerly ADM Agent and trying to add it as a license server on a NetScaler device you get the error "Registration of device failed Sending request to mgmtserver failed"...

CVE-2025-46568

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references t...

The vulnerability of the Windows Telephony Service in Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows Telephony Service in Windows operating systems is related to buffer overflow in the stack. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a request to the server...

The vulnerability of the Windows Telephony Service in Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows Telephony Service in Windows operating systems is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a request to the server...

CVE-2024-53868 Apache Traffic Server: Malformed chunked message body allows request smuggling

Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue...

Exploit for Missing Authentication for Critical Function in Oracle Peoplesoft_Enterprise

Description: - CVE-2023-22047 is unauthentication read file o...

GHSA-P2VC-M5FV-9W9M H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint

A vulnerability in the /3/ImportFiles endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, path, which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually...

UBUNTU-CVE-2024-6827

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...

CVE-2025-27774 Applio allows SSRF and file write in model_download.py

Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery SSRF and file write in modeldownload.py line 156 in 3.2.7. The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the...

OpenZiti Console 代码问题漏洞

OpenZiti Console is an OpenZiti open source web interface for the management of an OpenZiti network. A code issue vulnerability exists in OpenZiti Console versions prior to 3.7.1 that stems from unauthenticated access to an endpoint and could lead to server-side request forgery...

Server-side Request Forgery (SSRF)

Overview org.webjars.bower:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the allowAbsoluteUrls attribute being ignored in the call to the buildFullPath function from the HTTP adapter. A...

SUSE CVE-2024-38476

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2024-39573) affects Power HMC.

Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-39573 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by a flaw in the modrewrite. By sending a...

The vulnerability of the Windows Telephony Service in Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows Telephony Service in Windows operating systems is related to a potential overflow condition. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a request to the server...

The vulnerability of the Windows Telephony Service in Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows Telephony Service in Windows operating systems is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a request to the server...

CVE-2024-55892 Potential Open Redirect via Parsing Differences in TYPO3

TYPO3 is a free and open source Content Management Framework. Applications that use TYPO3\CMS\Core\Http\Uri to parse externally provided URLs e.g., via a query parameter and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the...

PT-2025-1157 · Microsoft · Windows Telephony Service +1

Name of the Vulnerable Software and Affected Versions: Windows Telephony Service affected versions not specified Description: The issue is related to an integer overflow in the Windows Telephony Service, which can be exploited by remote attackers to execute arbitrary code on the system by sending...

CVE-2024-51463

IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...