CVE-2025-55150

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization...

CVE-2025-25229

Omnissa Workspace ONE UEM contains a Server-Side Request Forgery SSRF Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially enabling enumeration of internal network resources...

CVE-2025-50251

Server side request forgery SSRF vulnerability in makeplane plane 0.23.1 via the password recovery...

Server Side Request Forgery (SSRF)

bentoml is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the file upload handlers automatically downloading files from user-provided URLs without validating their targets, which allows an attacker to make the server send arbitrary HTTP requests to internal or...

Plane 安全漏洞

Plane is an open source, self-hosted project planning tool from Plane Open Source. A security vulnerability exists in Plane version 0.23.1, which stems from a server-side request forgery in the password recovery feature...

CVE-2025-50251

Server side request forgery SSRF vulnerability in makeplane plane 0.23.1 via the password recovery...

CVE-2025-53760

Server-side request forgery ssrf in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network...

CVE-2025-53760

CVE-2025-53760 is a Microsoft SharePoint elevation-of-privilege vulnerability described as an SSRF issue that can allow an authorized attacker to gain elevated privileges over a network. The CVSS v3.1 score is 7.1 (HIGH) with Network attack vector, low attack complexity, and privileges required: ...

[SECURITY] [DLA 4270-1] apache2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4270-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès August 12, 2025 https://wiki.debian.org/LTS -...

Microsoft SharePoint Elevation of Privilege Vulnerability

Server-side request forgery ssrf in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network...

CVE-2025-7622

During an internal security assessment, a Server-Side Request Forgery SSRF vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered...

CVE-2025-7622

During an internal security assessment, a Server-Side Request Forgery SSRF vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered...

CVE-2025-7622

During an internal security assessment, a Server-Side Request Forgery SSRF vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered...

Omnissa Workspace ONE UEM Path Traversal / Server-Side Request Forgery

Omnissa Workspace ONE UEM suffers from path traversal and server-side request forgery vulnerabilities...

PT-2025-32627 · Axis Communications · Axis Camera Station Pro

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: An internal security assessment revealed a Server-Side Request Forgery SSRF issue. An authenticated attacker could exploit this to access internal resources o...

(0Day) Schneider Electric EcoStruxure Power Monitoring Expert GetPagesAsImages Server-Side Request Forgery Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Power Monitoring Expert. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetPagesAsImages method. The issue...

PT-2025-32848 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft Office SharePoint affected versions not specified Description: The software contains a server-side request forgery ssrf issue. An authorized attacker can exploit this to elevate privileges over a network. Recommendations: At the...

AXIS Camera Station和AXIS Camera Station Pro 安全漏洞

AXIS Camera Station and AXIS Camera Station Pro are both a powerful and flexible video management and access control from Axis Sweden. A security vulnerability exists in AXIS Camera Station and AXIS Camera Station Pro that stems from server-side request forgery and could lead to access to interna...

PT-2025-32891 · Schneider Electric · Ecostruxure Power Monitoring Expert

Name of the Vulnerable Software and Affected Versions: Schneider Electric EcoStruxure Power Monitoring Expert affected versions not specified Description: This issue is a server-side request forgery SSRF information disclosure vulnerability within the GetPagesAsImages functionality of Schneider...

PT-2025-32892 · Schneider Electric · Ecostruxure Power Monitoring Expert +1

Name of the Vulnerable Software and Affected Versions: Schneider Electric EcoStruxure Power Monitoring Expert versions affected versions not specified Description: A Server-Side Request Forgery SSRF vulnerability exists that could cause unauthorized access to sensitive data when an attacker...