Multiple vulnerabilities in multiple BROTHER products

Overview Multiple BROTHER products provided by BROTHER INDUSTRIES, LTD. contain multiple vulnerabilities listed below. Exposure of sensitive system information to an unauthorized control sphere CWE-497 - CVE-2024-51977 Use of weak credentials CWE-1391 - CVE-2024-51978 Stack-based buffer overflow...

octo-sts 代码问题漏洞

octo-sts is a Chainguard's GitHub security token service open-sourced by octo-sts. A code issue vulnerability exists in octo-sts versions prior to v0.5.3, which stems from an unauthenticated server-side request forgery vulnerability...

CVE-2025-25012

URL redirection to an untrusted site 'Open Redirect' in Kibana can lead to sending a user to an arbitrary site and server-side request forgery via a specially crafted URL...

CVE-2024-51981

An unauthenticated attacker may perform a blind server side request forgery SSRF, due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control al...

CVE-2024-51980

An unauthenticated attacker may perform a limited server side request forgery SSRF, forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service HTTP TCP port 80 SOAP request. The...

SSRF in MLflow via user-controlled gateway_path parameter

Description A Server-Side Request Forgery SSRF vulnerability exists in the gatewayproxyhandler function of MLflow. This function accepts a user-controlled gatewaypath parameter and concatenates it directly with a targeturi, allowing an attacker to control the full outbound HTTP request path from...

EAP: wildfly-elytron has a SSRF security issue

A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery SSRF vulnerabili...

Elastic Kibana 输入验证错误漏洞

Elastic Kibana is an available data visualization dashboard software from Elastic, Inc. Elastic Kibana suffers from an input validation error vulnerability that stems from vulnerability to open redirection and server-side request forgery attacks...

Brother Industries Multiple driver installers for Windows 安全漏洞

Brother Industries Multiple driver installers for Windows is a driver software from Brother Industries, Japan. A security vulnerability exists in Brother Industries Multiple driver installers for Windows that originates from an unauthenticated attacker being able to perform blind server-side...

Brother Industries多款产品 代码问题漏洞

Brother Industries HL-L8360CDW and others are products of Brother Industries, Japan.Brother Industries HL-L8360CDW is a multifunction printer.Brother Industries debut web server is a web server. Brother Industries Web Based Management is a web management software. A security vulnerability exists ...

The vulnerability of the Apache Druid analytical database lies in the redirection of URLs to an unreliable website. This allows attackers to redirect users to arbitrary URL addresses, execute XSS attacks, or perform SSRF attacks.

The vulnerability of the Apache Druid analytical database is related to the redirection of URLs to an unreliable website. Exploiting this vulnerability allows a malicious actor to redirect users to arbitrary URL addresses, perform XSS attacks, or carry out SSRF attacks...

CVE-2025-49852

ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a server-side request forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers...

Control iD iDSecure On-premises 代码问题漏洞

Control iD iDSecure On-premises is an access control software from Control iD, a Brazilian company, used to manage personnel and vehicle access. A code issue vulnerability exists in Control iD iDSecure On-premises version 4.7.48.0 and prior versions, which stems from server-side request forgery a...

Server-side Request Forgery (SSRF)

Overview langchain is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the RequestsToolkit module. An attacker can access internal network resources, perform port scans, retrieve sensitive metadata fro...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the RequestsToolkit module. An attacker can access internal network resources, perform port scans, retrieve sensitive metadata from cloud environments, and interact with local services by crafting...

PYSEC-2025-70

A Server-Side Request Forgery SSRF vulnerability exists in the RequestsToolkit component of the langchain-community package specifically, langchaincommunity.agenttoolkits.openapi.toolkit.RequestsToolkit in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does n...

CVE-2025-6517

A vulnerability was found in Dromara MaxKey up to 4.1.7 and classified as critical. This issue affects the function Add of the file maxkey-webs\maxkey-web-mgt\src\main\java\org\dromara\maxkey\web\apps\contorller\SAML20DetailsController.java of the component Meta URL Handler. The manipulation of t...

Dromara MaxKey 代码问题漏洞

Dromara MaxKey is an IAM-IDaas identity management and authentication product from Dromara open source. A code issue vulnerability exists in Dromara MaxKey version 4.1.7 and earlier, which stems from a misbehavior of the parameter post, leading to server-side request forgery...

LangChain 代码问题漏洞

LangChain is a LangChain open source framework for developing applications powered by the Large Language Model LLM. A code issue vulnerability exists in LangChain version 0.0.27, which stems from an unrestricted request address in the RequestsToolkit component that could lead to server-side reque...

WordPress plugin WPThumb 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...