ROS-20250812-08

Apache HTTP Server vulnerability is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow an attacker acting remotely to launch an SSRF attack Vulnerability in the modules/proxy/modproxy.c component of the Apache HTTP Server web server is related t...

CVE-2025-55161 Stirling-PDF SSRF vulnerability on /api/v1/convert/markdown/pdf

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security...

CVE-2025-55161 Stirling-PDF SSRF vulnerability on /api/v1/convert/markdown/pdf

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security...

CVE-2025-55161

Stirling-PDF prior to v1.1.0 exposes a Server-Side Request Forgery (SSRF) flaw in /api/v1/convert/markdown/pdf. The Markdown-to-PDF conversion uses a sanitizer that can be bypassed, allowing unauthenticated attackers to force the server to request arbitrary URLs (potentially internal). The issue ...

CVE-2025-55150 Stirling-PDF SSRF vulnerability on /api/v1/convert/html/pdf

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization...

CVE-2025-55151

Stirling-PDF prior to version 1.1.0 is affected by a Server-Side Request Forgery (SSRF) in the /api/v1/convert/file/pdf path, where LibreOffice’s unoconvert tool is used during file-to-PDF conversion. The vulnerability arises in the conversion process and has been patched in version 1.1.0. Affect...

CVE-2025-25235 Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF in Omnissa Secure Email Gateway SEG in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks...

CVE-2025-25235 Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF in Omnissa Secure Email Gateway SEG in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks...

CVE-2025-8772

A vulnerability, which was classified as problematic, has been found in Vinades NukeViet up to 4.5.06. This issue affects some unknown processing of the file /admin/index.php?language=en=upload of the component Module Handler. The manipulation leads to server-side request forgery. The attack may ...

CVE-2025-25229

Omnissa Workspace ONE UEM contains a Server-Side Request Forgery SSRF Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially enabling enumeration of internal network resources...

CVE-2025-25229

Omnissa Workspace ONE UEM is affected by a Server-Side Request Forgery (SSRF) vulnerability (CVE-2025-25229). The issue could allow a user with privileges to access restricted internal information and enumerate internal network resources via API endpoints. The connected documents corroborate the ...

GO-2025-3843 Grafana Infinity Datasource Plugin SSRF Vulnerability in github.com/grafana/grafana-infinity-datasource

Grafana Infinity Datasource Plugin SSRF Vulnerability in github.com/grafana/grafana-infinity-datasource...

BIT-LIBPYTHON-2024-11168 Improper validation of IPv6 and IPvFuture addresses

The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser...

Server Side Request Forgery (SSRF)

ssrfcheck is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to an incomplete denylist that fails to classify the reserved multicast IP range 224.0.0.0/4 as invalid, which allows an attacker to craft requests targeting these multicast addresses...

Server-Side Request Forgery (SSRF)

webfinger.js is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient restriction on localhost access because the lookup function fails to block requests to local or internal network services, allowing attackers to craft requests targeting internal resources...

CVE-2025-4655

SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows template editor...

CVE-2025-4581

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows a pre-authentication blind SSRF vulnerability in the...

PT-2025-32587 · Omnissa · Omnissa Secure Email Gateway +1

Name of the Vulnerable Software and Affected Versions: Omnissa Secure Email Gateway SEG versions prior to 2.32 Windows Omnissa Secure Email Gateway SEG versions prior to 2503 UAG Description: This issue is a Server-Side Request Forgery SSRF that allows routing of network traffic, such as HTTP...

PT-2025-32560 · Omnissa · Workspace One Uem

Name of the Vulnerable Software and Affected Versions: Omnissa Workspace ONE UEM affected versions not specified Description: Omnissa Workspace ONE UEM contains a Server-Side Request Forgery SSRF vulnerability. A malicious actor with user privileges may be able to access restricted internal syste...

Stirling-PDF 代码问题漏洞

Stirling-PDF is a powerful, locally hosted, web-based PDF manipulation tool using Docker, open-sourced by Stirling Tools. A code issue vulnerability exists in Stirling-PDF versions prior to 1.1.0 that stems from a cleaner in the HTML to PDF function that can be bypassed, potentially leading to...