RHEL 7 : python-kdcproxy (RHSA-2025:22982)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22982 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

ZITADEL 代码问题漏洞

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the container and serverless era, open sourced by ZITADEL Switzerland. A code issue vulnerability exists in ZITADEL versions 4.7.0 and earlier, which stems from improper handling of the...

OpenBMCS 代码问题漏洞

OpenBMCS is a building management and control system from OpenBMCS Australia. A code issue vulnerability exists in OpenBMCS version 2.4 that stems from a server-side request forgery issue with the ip parameter, which could lead to internal network enumeration and session hijacking...

PT-2025-50030

Server-Side Request Forgery SSRF vulnerability in ThemesInflow Hercules Core hercules-core allows Server Side Request Forgery.This issue affects Hercules Core : from n/a through = 7.4...

CVE-2025-65513

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...

PT-2025-50273

Name of the Vulnerable Software and Affected Versions fetch-mcp versions 1.0.2 and earlier Description The software is susceptible to a Server-Side Request Forgery SSRF issue. This allows attackers to circumvent private IP validation and gain access to internal network resources. Recommendations...

CVE-2025-65513

CVE-2025-65513 affects fetch-mcp v1.0.2 and earlier. The vulnerability is Server-Side Request Forgery (SSRF) that allows bypassing private IP validation to reach internal network resources. Reported root cause involves the is_ip_private logic in fetch-mcp server code (notably in the MCP fetch-ser...

ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login

Summary Zitadel is vulnerable to an unauthenticated, full-read SSRF vulnerability. An unauthenticated remote attacker can force Zitadel into making HTTP requests to arbitrary domains, including internal addresses. The server then returns the upstream response to the attacker, enabling data...

CVE-2025-12832

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2025-12832

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2025-12832

IBM InfoSphere Information Server (versions 11.7.0.0–11.7.1.6) is affected by CVE-2025-12832, a server-side request forgery (SSRF) vulnerability. An authenticated attacker could cause the system to issue unauthorized requests, potentially enabling network enumeration or facilitating additional at...

CVE-2025-12832 IBM InfoSphere Information Server Server-Side Request Forgery

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

PT-2025-49530

Name of the Vulnerable Software and Affected Versions Infinera MTC-9 affected versions not specified Description The software contains a Server-Side Request Forgery SSRF issue. This allows remote, unauthenticated users to access other network resources by leveraging HTTPS requests through the...

Important: python-kdcproxy

Issue Overview: If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could...

IBM InfoSphere Information Server 代码问题漏洞

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A code issue vulnerability exists in IBM InfoSphere Information Server versions 11.7.0.0 through...

Infinera MTC-9 安全漏洞

Infinera MTC-9 is a modular controller from Infinera USA. A security vulnerability exists in the Infinera MTC-9 that originates from server-side request forgery and could lead to access to other network resources...

Qnap QTS and QuTS hero Server-Side Request Forgery(CVE-2024-53696)

A server-side request forgery SSRF vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data. We have already fixed the vulnerability in the following versions: QuLog Center...

Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF

...

SUSE CVE-2025-59775

Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...

CVE-2025-14116 xerrors Yuxi-Know embed.py OtherEmbedding.aencode server-side request forgery

A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument healthurl results in server-side request forgery. The attack can be initiated remotely. The explo...