BIT-MLFLOW-2026-2393 Server-Side Request Forgery (SSRF) in mlflow/mlflow

A Server-Side Request Forgery SSRF vulnerability exists in MLflow versions prior to 3.9.0. The createwebhook function in mlflow/server/handlers.py accepts a user-controlled url parameter without validation, and the sendwebhookrequest function in mlflow/webhooks/delivery.py sends HTTP POST request...

HTTP Request Smuggling

Next.js is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of Transfer-Encoding: chunked and Content-Length headers during proxy rewrites, which allows an attacker to craft malicious DELETE/OPTIONS requests and smuggle unauthorized requests to unintended backen...

CVE-2026-27591

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their...

Linux Distros Unpatched Vulnerability : CVE-2022-45060

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce...

Server-side Request Forgery (SSRF)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the verifyconnection function, by manipulating the backend requests to arbitrary systems. Remediation Upgrade open-webui to version 0.6.34 or higher. References - GitH...

CVE-2025-20075

Server-side request forgery SSRF vulnerability exists in FileMegane versions above 3.0.0.0 prior to 3.4.0.0. Executing arbitrary backend Web API requests could potentially lead to rebooting the services...

JIP InfoBridge FileMegane 代码问题漏洞

JIP InfoBridge FileMegane is an application from JIP InfoBridge Japan. A code issue vulnerability exists in JIP InfoBridge FileMegane versions prior to 3.0.0.0 through 3.4.0.0, which stems from server-side request forgery SSRF and could allow execution of arbitrary back-end Web API requests,...

Multiple vulnerabilities in FileMegane

Overview FileMegane provided by JIP InfoBridge Co., Ltd. contains multiple vulnerabilities listed below. Server-Side Request Forgery SSRF CWE-918 - CVE-2025-20075 Authentication Bypass by Spoofing CWE-290 - CVE-2025-25055 Masamu Asato of GMO Cybersecurity by Ierae, Inc. reported these...

VulnCheck KEV: CVE-2023-41265

Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software...

PT-2023-6923

Name of the Vulnerable Software and Affected Versions Qlik Sense Enterprise for Windows versions prior to August 2023 Patch 2 Description The issue is related to improper validation of HTTP headers, allowing a remote attacker to elevate their privilege by tunneling HTTP requests and execute HTTP...

Metabase 安全漏洞

Metabase is an open source data analytics platform from the US-based Metabase, Inc. Metabase suffers from a security vulnerability that stems from the fact that when requesting data for a question in an embedded dashboard, it is possible to circumvent locked parameters by constructing a malicious...

TYPO3 跨站请求伪造漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. URL redirect is a URL redirection extension plugin used in it. TYPO3 is vulnerable to cross-site request forgery, which stems from a software feature that allows users to create and share...