PT-2025-40310

Name of the Vulnerable Software and Affected Versions Apache Kylin versions 4.0.0 through 5.0.2 Description An authentication bypass issue exists in Apache Kylin. This allows bypassing normal authentication mechanisms through an alternate path or channel. Recommendations Upgrade to version 5.0.3 ...

PT-2025-40274

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.1 Splunk Enterprise versions 9.2.8 through 9.4.4 Splunk Cloud Platform versions prior to 9.3.2411.109 Splunk Cloud Platform versions 9.2.2406.122 through 9.3.2408.119 Description An unauthenticated...

PT-2025-40312

Name of the Vulnerable Software and Affected Versions Apache Kylin versions 4.0.0 through 5.0.2 Description A Server-Side Request Forgery SSRF issue exists in Apache Kylin. The impact is limited if Kylin's system and project admin access is well protected. Recommendations Upgrade to version 5.0.3...

PT-2025-40311

Name of the Vulnerable Software and Affected Versions Apache Kylin versions 4.0.0 through 5.0.2 Description A flaw exists in Apache Kylin that could allow external parties to access files or directories. Proper protection of Kylin's system and project admin access is crucial to prevent...

Splunk Enterprise 9.2.0 < 9.2.8, 9.3.0 < 9.3.6, 9.4.0 < 9.4.4, 10.0.0 < 10.0.1 (SVD-2025-1006)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1006 advisory. - In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109,...

CVE-2025-34230

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a blind server-side request forgery SSRF vulnerability reachable via the /var/www/app/consolerelease/hp/logoffsinglesignon.php script that can...

CVE-2025-34229

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a blind server-side request forgery SSRF vulnerability reachable via the /var/www/app/consolerelease/hp/installApp.php script that can be...

CVE-2025-34231

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a blind and non-blind server-side request forgery SSRF vulnerability. The '/var/www/app/consolerelease/hp/badgeSetup.php' script is reachable...

CVE-2025-56520

Dify v1.6.0 was discovered to contain a Server-Side Request Forgery SSRF via the component controllers.console.remotefiles.RemoteFileUploadApi. A different vulnerability than CVE-2025-29720...

CVE-2025-56520

Dify v1.6.0 was discovered to contain a Server-Side Request Forgery SSRF via the component controllers.console.remotefiles.RemoteFileUploadApi. A different vulnerability than CVE-2025-29720...

CVE-2025-56520

Dify v1.6.0 was discovered to contain a Server-Side Request Forgery SSRF via the component controllers.console.remotefiles.RemoteFileUploadApi. A different vulnerability than CVE-2025-29720...

CVE-2025-56520

CVE-2025-56520 : Dify v1.6.0 contains a Server-Side Request Forgery (SSRF) in the controllers.console.remote_files.RemoteFileUploadApi due to improper validation. The Nuclei template and VulnCheck/Red Hat/NVD/CNNVD entries confirm an SSRF that allows the server to make arbitrary requests from its...

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in version 1.6.0 of dify, which stems from a server-side request forgery in the controllers.console.remotefiles.RemoteFileUploadApi component, which could lead to a server-side...

CVE-2025-34232

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a blind server-side request forgery SSRF vulnerability reachable via the /var/www/app/consolerelease/lexmark/dellCheck.php script that can be...

CVE-2025-34229

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a blind server-side request forgery SSRF vulnerability reachable via the /var/www/app/consolerelease/hp/installApp.php script that can be...

CVE-2025-34228

Vasion Print (formerly PrinterLogic) SSRF in VA/VA SaaS before 25.1.102 (Host) and before 25.1.1413 (Application). The issue arises from unauthenticated access to /var/www/app/console_release/lexmark/update.php, which builds URLs from user-controlled values and forwards requests via curl_exec() o...

CVE-2025-34228 Vasion Print (formerly PrinterLogic) SSRF via Lexmark update.php

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a server-side request forgery SSRF vulnerability. The /var/www/app/consolerelease/lexmark/update.php script is reachable from the internet...

CVE-2025-34228

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a server-side request forgery SSRF vulnerability. The /var/www/app/consolerelease/lexmark/update.php script is reachable from the internet...

CVE-2025-34229

Vulsion: Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.1.102 and Application prior to 25.1.1413 contain a blind SSRF via /var/www/app/console_release/hp/installApp.php. An unauthenticated attacker can cause the system to request internal host addresses (built as http://:...

CVE-2025-34230 Vasion Print (formerly PrinterLogic) Blind SSRF via HP log_off_single_sign_on.php

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a blind server-side request forgery SSRF vulnerability reachable via the /var/www/app/consolerelease/hp/logoffsinglesignon.php script that can...