Unity Linux 20.1070e Security Update: batik (UTSA-2026-017770)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017770 advisory. Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an...

Unity Linux 20.1070e Security Update: batik (UTSA-2026-017788)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017788 advisory. Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the xlink:href attributes. By using a specially-crafted argument, a...

Astra Linux - уязвимость в batik

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

CVE-2026-33340

LoLLMs WEBUI (lollms-webui) contains a critical SSRF in the /api/proxy endpoint (POST) that allows unauthenticated attackers to force the server to perform arbitrary GET requests. Root cause: server-side request execution via an unauthenticated endpoint; impact includes access to internal service...

LoLLMs WEBUI 安全漏洞

LoLLMs WEBUI is a large-scale model web user interface developed by Saifeddine ALOUI, which supports integration of multiple models and modalities. LoLLMs WEBUI has a security vulnerability. This vulnerability stems from the/api/proxy endpoint, which allows unverified users to force the server to...

CVE-2026-24775

OpenProject is an open-source, web-based project management software. In the new editor for collaborative documents based on BlockNote, OpenProject maintainers added a custom extension in OpenProject version 17.0.0 that allows to mention OpenProject work packages in the document. To show work...

EUVD-2025-4082

Malicious code in bioql PyPI...

Server-side Request Forgery (SSRF)

Overview webfinger.js is an A client library to query WebFinger records Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the WebFinger class. An attacker can cause the server to send arbitrary GET requests to internal or external hosts, including localhost...

CVE-2025-32372

CVE-2025-32372 : DNN (DotNetNuke) exposes a bypass of CVE-2017-0929 enabling unauthenticated, semi‑blind SSRF via arbitrary GET requests to internal or external URLs. Public sources reference this as a server-side request forgery affecting DNN, with a fixed revision in 9.13.8; Nessus/NVD entries ...

CVE-2025-32372 Server-Side Request Forgery (SSRF) in DotNetNuke.Core

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including...

Linux Distros Unpatched Vulnerability : CVE-2020-11987

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argumen...

CVE-2025-25194

Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypubfederation, a framework for ActivityPub federation in Rust. This vulnerability, which is present in versions 0.6.2 and prior of activitypubfederation and versions 0.19...

CVE-2025-25194 Server-Side Request Forgery (SSRF) in activitypub_federation

Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypubfederation, a framework for ActivityPub federation in Rust. This vulnerability, which is present in versions 0.6.2 and prior of activitypubfederation and versions 0.19...

GHSA-7723-35V7-QCXW Server-Side Request Forgery (SSRF) in activitypub_federation

Summary This vulnerability allows a user to bypass any predefined hardcoded URL path or security anti-Localhost mechanism and perform an arbitrary GET request to any Host, Port and URL using a Webfinger Request. Details The Webfinger endpoint takes a remote domain for checking accounts as a...

Server-Side Request Forgery (SSRF) in activitypub_federation

Summary This vulnerability allows a user to bypass any predefined hardcoded URL path or security anti-Localhost mechanism and perform an arbitrary GET request to any Host, Port and URL using a Webfinger Request. Details The Webfinger endpoint takes a remote domain for checking accounts as a...

Server-Side Request Forgery (SSRF) in activitypub_federation

This vulnerability allows a user to bypass any predefined hardcoded URL path or security anti-Localhost mechanism and perform an arbitrary GET request to any Host, Port and URL using a Webfinger Request...

PT-2025-6115 · Lemmy +1 · Lemmy +1

Name of the Vulnerable Software and Affected Versions: Lemmy versions 0.19.8 and prior activitypub federation versions 0.6.2 and prior Description: The vulnerability allows a user to bypass any predefined hardcoded URL path or security anti-Localhost mechanism and perform an arbitrary GET request...

CVE-2023-44384

Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the discoursejiraverboselog site setting. A moderator user cou...

SUSE CVE-2011-4138

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitra...

SUSE CVE-2019-17566

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...