vLLM code issues and vulnerabilities

vLLM is an open-source solution designed for LLM-based models, featuring high throughput and memory-efficient reasoning and service engines. Prior to vLLM 0.14.1, there were code-related vulnerabilities. These vulnerabilities stemmed from differences in the interpretation of backslashes by variou...

Squidex code-related vulnerabilities

Squidex is an open-source content management system developed by Squidex. Versions of Squidex 7.21.0 and earlier had code vulnerabilities. These vulnerabilities stemmed from insufficient validation of URL parameters in Webhook configurations, or lack of restrictions on the target IP address, whic...

Burp Suite 2025.12.4 Extension Advanced ReDoS Detector

This Burp Suite Java extension integrates an advanced timing-based ReDoS detection engine into Burp's Active Scanner. It automatically tests HTTP parameters using crafted payloads to identify exponential regex backtracking vulnerabilities. The extension performs warm-up requests, collects baselin...

CVE-2026-24400

AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method initializes...

DEBIAN-CVE-2026-24400

AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method initializes...

EUVD-2026-4724

AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method initializes...

CVE-2025-9522

Blind Server-Side Request Forgery SSRF in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information...

CVE-2025-9522

Blind Server-Side Request Forgery SSRF in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information...

CVE-2025-9522

Technical details about CVE-2025-9522 are not publicly provided in the supplied documents; no affected versions or remediation are disclosed. Monitor for updates.

CVE-2025-9522

Blind Server-Side Request Forgery SSRF in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information...

WordPress Frontis Blocks plugin <= 1.1.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter vulnerability

Unauthenticated Server-Side Request Forgery via 'url' Parameter vulnerability discovered by WordFence in WordPress Plugin Frontis Blocks versions = 1.1.6...

PT-2026-4810

Name of the Vulnerable Software and Affected Versions Omada Controllers affected versions not specified Description A flaw exists in Omada Controllers related to the webhook functionality, allowing for Blind Server-Side Request Forgery SSRF. This issue enables crafted requests to be sent to...

AssertJ code issue vulnerabilities

AssertJ is an open-source unit testing tool developed by AssertJ. In versions 1.4.0 to 3.27.7 of AssertJ, there were code vulnerabilities. These vulnerabilities stemmed from an XML external entity vulnerability in XmlStringPrettyFormatter, which could allow for the reading of arbitrary local file...

Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf (CVE-2025-12543)

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests. As a result, requests containing malformed or malicious Host headers are processed withou...

CVE-2026-0807

The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the 'url' parameter in the 'templateproxy' function. This makes it possible for unauthenticated attackers to make web reques...

CVE-2026-24548

Server-Side Request Forgery SSRF vulnerability in princeahmed Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through = 2.0.91...

[SECURITY] [DLA 4447-1] php7.4 security update

Debian LTS Advisory DLA-4447-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin January 24, 2026 https://wiki.debian.org/LTS Package : php7.4 Version : 7.4.33-1+deb11u10 CVE ID : CVE-2025-14178 Debian Bug : 1123574 Multiple security issues were found in PHP, a...

CVE-2026-0807

The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the 'url' parameter in the 'templateproxy' function. This makes it possible for unauthenticated attackers to make web reques...

CVE-2026-0807

The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the 'url' parameter in the 'templateproxy' function. This makes it possible for unauthenticated attackers to make web reques...

CVE-2026-0807 Frontis Blocks <= 1.1.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter

The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the 'url' parameter in the 'templateproxy' function. This makes it possible for unauthenticated attackers to make web reques...