7249 matches found
EUVD-2025-24993
Malicious code in bioql PyPI...
EUVD-2025-27410
Malicious code in bioql PyPI...
EUVD-2025-24167
Malicious code in bioql PyPI...
EUVD-2025-30371
Malicious code in bioql PyPI...
EUVD-2025-31632
Malicious code in bioql PyPI...
EUVD-2025-30268
Malicious code in bioql PyPI...
EUVD-2025-29777
Malicious code in bioql PyPI...
EUVD-2025-27249
Malicious code in bioql PyPI...
Server-Side Request Forgery (SSRF)
mautic/core is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to missing validation of webhook destinations, which allows an attacker with webhook permissions to send crafted requests and potentially access internal services, bypassing firewalls...
TCL 65C655 Smart TV 安全漏洞
TCL 65C655 Smart TV is a Smart TV from TCL Corporation of China. A security vulnerability exists in TCL 65C655 Smart TV version V8-R75PT01-LF1V269.001116, which originates when the UPnP MediaRenderer service accepts unauthenticated SetAVTransportURI SOAP requests, which could lead to a server-sid...
CVE-2025-55971
CVE-2025-55971 affects TCL 65C655 Smart TV firmware V8-R75PT01-LF1V269.001116 (Android TV, Kernel 5.4.242+). The issue is a blind, unauthenticated Server-Side Request Forgery via the UPnP MediaRenderer AVTransport:1 service. The device accepts unauthenticated SetAVTransportURI SOAP requests over ...
CVE-2025-20371
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery SSRF potentially letting an attacker perform REST API calls on...
CVE-2025-54087
CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack complexity is high, there are no attack requirements, and...
CVE-2025-54087 Server-side request forgery in Secure Access
CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack complexity is high, there are no attack requirements, and...
CVE-2025-54087 Server-side request forgery in Secure Access
CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack complexity is high, there are no attack requirements, and...
CVE-2025-54087
CVE-2025-54087 describes a server-side request forgery in Ivanti Secure Access prior to version 14.10. The vulnerability allows administrators to publish a crafted HTTP request originating from the Secure Access server, with attack complexity high, no required user interaction beyond administrati...
Server-side Request Forgery (SSRF)
Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. An attacker can access internal resources, exfiltrate sensitive information, or perform unauthorized actions by sending crafted...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. An attacker can access internal resources, exfiltrate sensitive information, or perform unauthorized actions by sending crafted requests to internal or protected endpoints. Note: This is only exploitabl...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. An attacker can access internal resources, exfiltrate sensitive information, or perform unauthorized actions by sending crafted requests to internal or protected endpoints. Note: This is only exploitabl...
CVE-2025-61735
Server-Side Request Forgery SSRF vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue...