SUSE CVE-2025-50181

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attemptin...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the com.powsybl.commons.xml.XmlReader class. An attacker can access sensitive files or internal resources by submitting specially crafted XML input. Note: This is only exploitable if untrusted users...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the com.powsybl.commons.xml.XmlReader class. An attacker can access sensitive files or internal resources by submitting specially crafted XML input. Note: This is only exploitable if untrusted users...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the com.powsybl.commons.xml.XmlReader class. An attacker can access sensitive files or internal resources by submitting specially crafted XML input. Note: This is only exploitable if untrusted users...

GHSA-QPJ9-QCWX-8JV2 PowSyBl Core XML Reader allows XXE and SSRF

Impact What kind of vulnerability is it? Who is impacted? In certain places, powsybl-core XML parsing is vulnerable to an XXE attack and in on place also to an SSRF attack. This allows an attacker to elevate their privileges to read files that they do not have permissions to, including sensitive...

AZL-64170 CVE-2025-50181 affecting package python-urllib3 for versions less than 1.26.19-2

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attemptin...

CVE-2025-30679

A Server-side Request Forgery SSRF vulnerability in Trend Micro Apex Central on-premise modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations...

CVE-2025-30680

A Server-side Request Forgery SSRF vulnerability in Trend Micro Apex Central SaaS could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. Please note: this vulnerability only affects the SaaS instance of Apex Central - customers that...

WordPress plugin ProfileGrid 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

Trend Micro Apex Central 代码问题漏洞

Trend Micro Apex Central is a web-based console from Trend Micro, Inc. A security vulnerability exists in Trend Micro Apex Central that stems from the vulnerability of the modOSCE component to a server-side request forgery attack, which could lead to information disclosure...

Intera InHire 代码问题漏洞

Intera InHire is a mobile application from Intera. A code issue vulnerability exists in Intera InHire 20250530 and prior versions, which stems from an incorrect manipulation of parameter 29chcotoo9 resulting in a server-side request forgery...

OpenNext opennextjs/cloudflare 安全漏洞

OpenNext opennextjs/cloudflare is an OpenNext open source Next.js adapter. A security vulnerability exists in OpenNext opennextjs/cloudflare that stems from a server-side request forgery issue that could result in loading arbitrary remote content...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.42 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

Server-side Request Forgery (SSRF)

Overview org.apache.kafka:kafka-clients is a streaming platform that can publish and subscribe to streams of records, store streams of records in a fault-tolerant durable way, and process streams of records as they occur. Affected versions of this package are vulnerable to Server-side Request...

Fortinet FortiClientEMS 代码问题漏洞

Fortinet FortiClientEMS is part of Fortinet's Endpoint Management solution from Fortinet, a U.S. company, and is designed to help organizations effectively manage endpoint devices in their networks and provide monitoring and control of endpoint security. A code issue vulnerability exists in...

Keyoti SearchUnit 安全漏洞

Keyoti SearchUnit is a web search engine from Keyoti Canada. A security vulnerability exists in Keyoti SearchUnit versions prior to 9.0.0, which stems from a server-side request forgery issue that could result in configuration and log files being read or written...

GeoServer 代码问题漏洞

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A code issue vulnerability exists in GeoServer, which originates from a server-side request forgery that can be achieved through the Demo request endpoint when the...

SAP Business Objects Business Intelligence Platform 代码问题漏洞

SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The product features report generation, analytics, and data visualization. A code issue vulnerability exists in SAP Business Objects Business...

WordPress plugin Car Repair Services 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...

WordPress plugin Nexa Blocks 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...