EUVD-2025-124976

Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant...

CVE-2025-37734 Kibana Origin Validation Error

Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant...

PT-2025-46587

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An origin validation error in Kibana may allow for Server-Side Request Forgery SSRF through a manipulated Origin HTTP header. This manipulation occurs during processing by the Observability AI...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via DNS discovery. An attacker can access internal network resources and exfiltrate data by sending crafted requests for realms that trigger DNS queries to attacker-controlled zones. Workaround This...

PT-2025-46675

Name of the Vulnerable Software and Affected Versions kdcproxy affected versions not specified Description kdcproxy is susceptible to a server-side request forgery condition. When kdcproxy processes a request for a realm lacking defined server addresses in its configuration, it defaults to queryi...

kdcproxy 安全漏洞

kdcproxy is a Python library open-sourced by latchset. A security vulnerability exists in kdcproxy that stems from a default query of DNS SRV records, which could lead to a server-side request forgery attack...

ALSA-2025:21142 Important: python-kdcproxy security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

RHEL 9 : python-kdcproxy (RHSA-2025:21138)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:21138 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

ALSA-2025:21139 Important: python-kdcproxy security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

CVE-2025-11696

CVE-2025-11696 affects Rockwell Automation Studio 5000 Simulation Interface via the API. Connected sources confirm two local vulnerabilities: (1) a local SSRF that lets any Windows user trigger outbound SMB requests to capture NTLM hashes, and (2) a local code execution issue (via path traversal)...

PT-2025-46339

A local server-side request forgery SSRF security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webhook URLs which are not validated. An attacker can access internal services, private networks, or cloud metadata endpoints by configuring malicious webhook URLs. PoC ssh localhost webhook crea...

CVE-2025-64522 Soft Serve is vulnerable to SSRF through its Webhooks

Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.11.1 have a SSRF vulnerability where webhook URLs are not validated, allowing repository administrators to create webhooks targeting internal services, private networks, and cloud metadata endpoints. Version 0.11.1...

Soft Serve 代码问题漏洞

Soft Serve is a self-hostable command line Git server from Charm Open Source. A code issue vulnerability exists in Soft Serve versions prior to 0.11.1, which stems from an unvalidated webhook URL and could lead to a server-side request forgery attack...

PT-2025-46215

Name of the Vulnerable Software and Affected Versions Soft Serve versions prior to 0.11.1 Description Soft Serve, a self-hostable Git server, contains a Server-Side Request Forgery SSRF issue. The application does not validate webhook URLs, which allows repository administrators to create webhook...

Exploit for Server-Side Request Forgery in Resf Rocky_Linux

Note: Intended only for educational and controlled testing purp...

CVE-2025-64430

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File...

CVE-2025-64327

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery SSRF vulnerability, in its /api/ping?url= endpoint. This allows an attacker to make arbitrary requests to internal or external hosts. This...

CVE-2025-64430 Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File...

EUVD-2025-37936

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File...