Linux Distros Unpatched Vulnerability : CVE-2025-68458

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack's HTTPS resolver HttpUriPlugin can be bypasse...

UBUNTU-CVE-2025-68458

Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin can be bypassed to fetch resources from hosts outside allowedUris by using crafted URLs that include userinfo username:password@host. If allowedUris...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the HttpUriPlugin component. An attacker can cause unauthorized outbound requests to internal or otherwise restricted endpoints and include untrusted content in build outputs by crafting URLs with...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the HttpUriPlugin component when HTTP redirects are followed without re-validating the allowed URIs. An attacker can cause unauthorized network requests to internal services and inclusion of untruste...

SSRF-to-RCE-Scanner

SSRF-to-RCE-Scanner IT is advanced Python-based security tool...

CVE-2026-1294

The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.2 due to missing authorization and URL validation on the image-proxy REST API endpoint. This makes it possible for unauthenticated attackers to make web...

Server-Side Request Forgery (SSRF)

Keycloak is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of client-configured backchannel notification endpoints in the CIBA feature, allowing attackers to trigger blind server-side requests to internal services or protected network resources...

EUVD-2026-5548

The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.2 due to missing authorization and URL validation on the image-proxy REST API endpoint. This makes it possible for unauthenticated attackers to make web...

CVE-2026-1294

The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.2 due to missing authorization and URL validation on the image-proxy REST API endpoint. This makes it possible for unauthenticated attackers to make web...

CVE-2026-1294 All In One Image Viewer Block <= 1.0.2 - Unauthenticated Server-Side Request Forgery via image-proxy Endpoint

The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.2 due to missing authorization and URL validation on the image-proxy REST API endpoint. This makes it possible for unauthenticated attackers to make web...

WordPress All In One Image Viewer Block plugin <= 1.0.2 - Unauthenticated Server-Side Request Forgery via image-proxy Endpoint vulnerability

Unauthenticated Server-Side Request Forgery via image-proxy Endpoint vulnerability discovered by WordFence in WordPress Plugin Image Map Block – Gutenberg block to create image map with hyperlink versions = 1.0.2...

EUVD-2026-5333

A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made...

Webpack 代码问题漏洞

Webpack is a module bundler developed by Webpack contributors. Its primary purpose is to bundle JavaScript files for use in browsers. However, it can also convert, bundle, or package almost any resource or asset. Versions of Webpack from 5.49.0 to 5.104.0 contained code vulnerabilities. These...

Webpack 代码问题漏洞

Webpack is a module bundler developed by Webpack contributors. Its primary purpose is to bundle JavaScript files for use in browsers. However, it can also convert, bundle, or package almost any resource or asset. Versions of Webpack from 5.49.0 to 5.104.1 contained code vulnerabilities. These...

CVE-2025-62615

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in RSSFeedBlock, the third-party library urllib.request.urlopen is used directly to access the URL, but the inpu...

CVE-2025-62616

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession.get is used directly to access the URL, b...

CVE-2025-62616

CVE-2025-62616 affects AutoGPT (AutoGPT platform) prior to autogpt-platform-beta-v0.6.34. In SendDiscordFileBlock, the code uses aiohttp.ClientSession().get directly on an input URL without filtering, yielding a Server-Side Request Forgery (SSRF) vulnerability. The vulnerability is documented as ...

CVE-2025-62616 AutoGPT has SSRF vulnerability in SendDiscordFileBlock

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession.get is used directly to access the URL, b...

CVE-2025-62616 AutoGPT has SSRF vulnerability in SendDiscordFileBlock

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession.get is used directly to access the URL, b...

CVE-2025-62616 AutoGPT has SSRF vulnerability in SendDiscordFileBlock

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession.get is used directly to access the URL, b...