pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration

Summary PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery SSRF attacks. An authenticated attacker can exploit this to access internal network services and exfiltrate cloud provider metadata. On DigitalOcean droplets, this exposes sensitive...

CVE-2025-8085

The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...

PT-2024-4663 · Mcafee · Mcafee Security: Antivirus Vpn For Android

Name of the Vulnerable Software and Affected Versions: McAfee Security: Antivirus VPN for Android versions prior to 8.3.0 Description: The issue is related to improper deep link validation, which could allow an attacker to launch an arbitrary URL within the app. This could potentially lead to...

CVE-2020-5329

Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links...