ROS-20260526-73-0014

Vulnerability in registry related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow a remote attacker to launch an ssrf attack...

ROS-20260216-73-0013

Vulnerability in kubernetes related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow an attacker acting remotely to launch an ssrf attack...

SUSE-SU-2026:20090-1 Security update for cpp-httplib

This update for cpp-httplib fixes the following issues: - CVE-2025-66570: IP spoofing, log poisoning, and authorization bypass via header shadowing due to acceptance and parsing of client-controlled injected HTTP headers in incoming requests bsc1254734. - CVE-2025-66577: access and error log...

EUVD-2025-205418

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user's browser. The...

ROS-20251223-7323

A vulnerability in the urllib.parse.urlsplit and urlparse functions of the Python programming language interpreter is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow an attacker acting remotely to affect data integrity...

The vulnerability of the Azure OpenAI cloud platform, related to insufficient validation of incoming requests, allows a hacker to escalate their privileges.

The vulnerability of the Azure OpenAI cloud platform is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

The vulnerability of the ColdFusion software platform, related to insufficient validation of incoming requests, allows attackers to read arbitrary files.

The vulnerability of the ColdFusion software platform is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to read arbitrary files...

The vulnerability of the Chamilo LMS system for electronic learning and content management lies in the insufficient verification of incoming requests used by the operating system. This allows attackers to execute arbitrary HTTP requests.

The vulnerability of the Chamilo LMS, a system for electronic teaching and content management, lies in the insufficient verification of incoming requests used by the operating system. Exploiting this vulnerability could allow a malicious actor to execute arbitrary HTTP requests remotely...

The vulnerability of the Solar appScreener platform, which stems from insufficient verification of incoming requests, allows a hacker to execute an SSRF attack.

The vulnerability of the Solar appScreener platform is related to insufficient verification of incoming requests. Exploiting this vulnerability could allow a remote attacker to execute an SSRF attack...

The vulnerability of the QRadar Advisor with Watson analytical security threat analysis tool lies in insufficient validation of incoming requests, allowing attackers to carry out SSRF attacks.

The vulnerability of the QRadar Advisor with Watson analytical security threat analysis tool is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

The vulnerability of the Kylin data processing platform, related to insufficient validation of incoming requests, allows a hacker to execute an SSRF attack.

The vulnerability of the Kylin data processing platform is related to insufficient validation of incoming requests during the processing of the final endpoint /kylin/api/xxx/diag. Exploiting this vulnerability allows a remote attacker to perform an SSRF attack...

The vulnerability of the SmartFabric OS10 network operating system, related to insufficient validation of incoming requests, allows a hacker to execute an SSRF attack.

The vulnerability of the SmartFabric OS10 network operating system is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a remote attacker to execute an SSRF attack...

The vulnerability of the Zimbra Collaboration Suite’s email management system, which stems from insufficient validation of incoming requests, allows attackers to carry out SRF attacks.

The vulnerability of the Zimbra Collaboration Suite’s email management system is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to carry out a SRF attack remotely...

The vulnerability of the Passwork password manager, related to insufficient validation of incoming requests, allows attackers to execute SSRF attacks.

The vulnerability of the Passwork password manager is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute an SSRF attack using specially crafted HTTP requests...

The vulnerability of the Zimbra Collaboration Suite’s email management system, which stems from insufficient validation of incoming requests, allows attackers to carry out SRF attacks.

The vulnerability of the Zimbra Collaboration Suite’s email management system is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to carry out a SRF attack remotely...

The vulnerability of the Azure Health Bot, a tool for creating and deploying intelligent chatbots in the healthcare sector, lies in the insufficient verification of incoming requests. This allows attackers to increase their privileges.

The vulnerability of the tool for creating and deploying intelligent chatbots in the healthcare domain, Azure Health Bot, is related to insufficient verification of incoming requests. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

ROS-20240812-15

Apache HTTP Server kernel vulnerability is related to ignoring outdated configuration of the of handlers by the "AddType" function. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information. remotely to disclose protected information Vulnerability...

The vulnerability of the SAML standard implementation in the Splunk Enterprise platform for operational analysis allows a perpetrator to carry out a brute-force attack.

The vulnerability of the SAML standard implementation in the Splunk Enterprise platform for operational analysis is related to inconsistencies in responses to incoming requests. Exploiting this vulnerability could allow a malicious actor to carry out a brute-force attack...

Improper Removal of Sensitive Information Before Storage or Transfer

Overview OpenTelemetry.Instrumentation.AspNetCore is an ASP.NET Core instrumentation for OpenTelemetry .NET Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer due to the logging of sensitive query parameters by default. This...

The vulnerability of the client framework for AI and Python Ray application scaling application programming interface allows a attacker to execute arbitrary commands.

The vulnerability of the Client framework for AI and Python Ray application development lies in insufficiently checking incoming requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using specially crafted requests...