CVE-2025-32358

The CVE describes an SSRF flaw in Zammad 6.4.x prior to 6.4.2. Authenticated admin users can enable webhooks, which trigger POST requests; if a webhook endpoint replies with a redirect, Zammad follows it with an automatic GET, enabling potential access to internal resources (e.g., local network)....

CVE-2025-27777

CVE-2025-27777 affects Applio (voice conversion tool). Versions ≤ 3.2.7 contain a server‑side request forgery (SSRF) in model_download.py (line 195 in 3.2.7) that can be used to issue requests on behalf of the Applio server. The issue is described as a blind SSRF, with potential to probe internal...

BIT-TOMCAT-2022-29885 EncryptInterceptor does not provide complete protection on insecure networks

The documentation of Apache Tomcat 10.1.0 to 10.1.0, 10.0.0 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentialit...

Security Issues in FINS protocol

Overview FINS Factory Interface Network Service is a message communication protocol, which is designed to be used in closed FA Factory Automation networks, and is used in FA networks composed of Omron products. FINS commands enable to read/write information, conduct various operations and set the...

Weidmueller Industrial WLAN 信任管理问题漏洞

Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. Weidmueller Industrial WLAN devices Trust Management Issue vulnerability, which stems from the use of hard-coded keys in the service agent binary, can be exploited by an attacker to decrypt captured traffic from ...

The NSA Warns of TLS Inspection

The NSA has released a security advisory warning of the dangers of TLS inspection: Transport Layer Security Inspection TLSI, also known as TLS break and inspect, is a security process that allows enterprises to decrypt traffic, inspect the decrypted content for threats, and then re-encrypt the...

As 5G Rolls Out, Troubling New Security Flaws Emerge

Researchers have identified 11 new vulnerabilities in 5G—with time running out to fix them...

Five Weakest Links in Cybersecurity That Target the Supply Chain

Matan Or-El, co-founder and CEO at Panorays Third-party breaches have become an epidemic as cybercriminals target the weakest link. Organizations such as BestBuy, Sears, Delta and even NYU Medical Center are just a few that have felt the impact of cyberattacks through third-party vendors. The...

Citrix Server Detection

Citrix servers allow a Windows user to remotely obtain a graphical login and therefore act as a local user on the remote host. NOTE: by default the Citrix Server application utilizes a weak 40 bit obfuscation algorithm not even a true encryption. If the default settings have not been changed, the...