CVE-2026-42858

Open edX Platform enables the authoring and delivery of online learning at any scale. The syncproviderdata endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL via the metadataurl POST parameter. This URL is passed directly to requests.get in...

PT-2026-24572

Name of the Vulnerable Software and Affected Versions AOS-CX Switches affected versions not specified Description A flaw exists in the web-based management interface that could allow a remote attacker who does not need to be authenticated to redirect users to a URL of the attacker’s choosing...

CVE-2021-47703

OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip'...

CVE-2025-13872

Blind Server-Side Request Forgery SSRF in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination...

CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)

...

DEBIAN-CVE-2024-47850

CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. The request is meant to probe the new printer but can be used to create DDoS...

OpenPrinting CUPS 安全漏洞

OpenPrinting CUPS is a standards-based open source printing system for Linux® and other Unix®-like operating systems from OpenPrinting, Inc. A security vulnerability exists in OpenPrinting CUPS versions prior to 2.5b1, which originates from an HTTP POST request to an arbitrary destination and por...

cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack

A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added...

cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack

A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added...

cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack

A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added...

PT-2023-4718 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue is related to a URL redirection vulnerability in the Netcat CMS system. This vulnerability can be exploited by a remote attacker to redirect users to an arbitrary URL address...

Ateme TITAN File 3.9 Job Callbacks Server-Side Request Forgery

Ateme TITAN File 3.9 Job Callbacks SSRF File Enumeration Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.9.12.4 3.9.11.0 3.9.9.2 3.9.8.0 Summary: TITAN File is a multi-codec/format video transcoding software, for mezzanine, STB and ABR VOD, PostProduction, Playout and...

CVE-2013-4764

Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission...

CVE-2017-7500

It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory ...

CVE-2017-5158

An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified...

Debian Security Advisory DSA 389-1 (ipmasq)

The remote host is missing an update to ipmasq announced via advisory DSA 389-1. OpenVAS Vulnerability Test $Id: deb3891.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 389-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...