CVE-2024-50337

Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28...

MiracleLinux 8 : grafana-6.3.6-2.el8 (AXSA:2020-596:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-596:01 advisory. grafana: SSRF incorrect access control vulnerability allows unauthenticated users to make grafana send HTTP requests to any URL CVE-2020-13379 Tenable has...

CVE-2025-59021

Backend users with access to the redirects module and write permission on the sysredirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs...

Kubernetes 代码问题漏洞

Kubernetes K8s is an open source system from the Cloud Native Computing Foundation for automating the deployment, scaling, and management of containerized applications. A security vulnerability exists in Kubernetes that stems from allowing the Aggregation API server to redirect client traffic to...

Flask-Security 输入验证错误漏洞

Flask-Security is a software application. Quickly add security features to Flask applications. Flask-Security suffers from an input validation error vulnerability that stems from mishandling user-supplied data, which could allow a remote attacker to redirect a victim to an arbitrary URL...