5 matches found
VulnCheck KEV: CVE-2025-51591
A Server-Side Request Forgery SSRF in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilitie...
CVE-2025-51591
creationtimestamp| type| source ---|---|--- 2025-07-11 13:45:26+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114834900611046360 2025-09-24 05:15:00+00:00| seen| https://thehackernews.com/2025/09/hackers-exploit-pandoc-cve-2025-51591.html 2025-09-24 07:24:27+00:00| exploited|...
CVE-2025-51591
The CVE-2025-51591 SSRF flaw affects Pandoc, reportedly in v3.6.4, allowing an attacker to access the internal infrastructure via a crafted iframe injection. Public sources describe that Pandoc can retrieve and parse untrusted HTML content, enabling SSRF, with mitigations including using the --sa...
CVE-2025-51591
A Server-Side Request Forgery SSRF in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilitie...
CVE-2025-51591
A Server-Side Request Forgery SSRF in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilitie...