Omnissa Secure Email Gateway 安全漏洞

Omnissa Secure Email Gateway is a security gateway for protecting email infrastructure from Omnissa USA. A security vulnerability exists in Omnissa Secure Email Gateway versions prior to 2.32, which stems from server-side request forgery and could lead to internal network traffic routing...

Omnissa Workspace ONE UEM 安全漏洞

Omnissa Workspace ONE UEM is an endpoint management platform from Omnissa USA. A security vulnerability exists in Omnissa Workspace ONE UEM that stems from server-side request forgery and could lead to internal network resource enumeration...

PT-2025-32590

Name of the Vulnerable Software and Affected Versions: Stirling-PDF versions prior to 1.1.0 Description: Stirling-PDF is a locally hosted web application used for PDF file operations. Prior to version 1.1.0, the application is susceptible to Server-Side Request Forgery SSRF when converting HTML t...

PT-2025-32591 · Unknown +1 · Stirling-Pdf +1

Name of the Vulnerable Software and Affected Versions: Stirling-PDF versions prior to 1.1.0 Description: Stirling-PDF is a locally hosted web application used for PDF file operations. The “convert file to pdf” functionality, accessible via the /api/v1/convert/file/pdf API endpoint, is susceptible...

PT-2025-32596

Name of the Vulnerable Software and Affected Versions: Stirling-PDF versions prior to 1.1.0 Description: Stirling-PDF is a locally hosted web application used for PDF file operations. Prior to version 1.1.0, the application is susceptible to Server-Side Request Forgery SSRF when utilizing the...

Stirling-PDF 代码问题漏洞

Stirling-PDF is Stirling Tools open source a powerful, locally hosted, web-based PDF manipulation tool using Docker. A code issue vulnerability exists in Stirling-PDF versions prior to 1.1.0, which stems from a server-side request forgery vulnerability in LibreOffice's unoconvert tool in the...

CVE-2025-8355

In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery SSRF...

CVE-2025-8772

A vulnerability, which was classified as problematic, has been found in Vinades NukeViet up to 4.5.06. This issue affects some unknown processing of the file /admin/index.php?language=en&nv=upload of the component Module Handler. The manipulation leads to server-side request forgery. The attack m...

CVE-2025-8772

A vulnerability, which was classified as problematic, has been found in Vinades NukeViet up to 4.5.06. This issue affects some unknown processing of the file /admin/index.php?language=en&nv=upload of the component Module Handler. The manipulation leads to server-side request forgery. The attack m...

CVE-2025-8772 Vinades NukeViet Module index.php server-side request forgery

A vulnerability, which was classified as problematic, has been found in Vinades NukeViet up to 4.5.06. This issue affects some unknown processing of the file /admin/index.php?language=en&nv=upload of the component Module Handler. The manipulation leads to server-side request forgery. The attack m...

CVE-2025-8772 Vinades NukeViet Module index.php server-side request forgery

A vulnerability, which was classified as problematic, has been found in Vinades NukeViet up to 4.5.06. This issue affects some unknown processing of the file /admin/index.php?language=en&nv=upload of the component Module Handler. The manipulation leads to server-side request forgery. The attack m...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper validation of user-supplied URLs in the portal-settings-authentication-opensso-web component. An unauthenticated attacker can cause the server to initiate arbitrary HTTP requests to internal...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the FreeMarker template processing when following redirects. An attacker can make unauthorized network requests by submitting crafted URLs. Note: Exploiting this vulnerability requires template edito...

Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, and 7.4 GA through update 92 allow a pre-authentication blind SSRF vulnerability in the...

GHSA-6V93-FRF9-2RP8 Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, and 7.4 GA through update 92 allow a pre-authentication blind SSRF vulnerability in the...

CVE-2025-4581

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows a pre-authentication blind SSRF vulnerability in the...

CVE-2025-4655

SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows template editor...

PT-2025-32427

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2025.Q1.0 through 2025.Q1.4 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q2.0 through 2024.Q2....

PT-2025-32453 · Unknown · Vinades Nukeviet

Name of the Vulnerable Software and Affected Versions: Vinades NukeViet versions up to 4.5.06 Description: A problematic vulnerability has been identified in Vinades NukeViet. The issue is related to unknown processing of the file /admin/index.php?language=en&nv=upload within the Module Handler...

Linux Distros Unpatched Vulnerability : CVE-2025-51591

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Server-Side Request Forgery SSRF in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted ifram...