CVE-2026-33060

CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to...

undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

GHSA-J382-5JJ3-VW4J Undertow HTTP server core doesn't properly validate the Host header in incoming HTTP requests

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests. As a result, requests containing malformed or malicious Host headers are processed withou...

Undertow HTTP server core doesn't properly validate the Host header in incoming HTTP requests

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests. As a result, requests containing malformed or malicious Host headers are processed withou...

DEBIAN-CVE-2025-12543

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

CVE-2025-12543

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

EUVD-2018-10289

Malware in sbrugna...

EUVD-2018-19245

Malware in sbrugna...

EUVD-2004-2369

Malware in sbrugna...

PT-2025-9317

Name of the Vulnerable Software and Affected Versions Advanced IP Scanner affected versions not specified Advanced Port Scanner affected versions not specified Description The issue involves the unauthorized exposure of confidential information when the applications initiate a network scan, sendi...

CVE-2022-23080

Directus CMS: CVE-2022-23080 affects Directus v9.0.0-beta.2 through 9.6.0, enabling SSRF in the media upload flow that lets a low-privilege user perform internal port scans. The connected advisories describe exploit scenarios (e.g., DNS rebinding attempts in file import) and confirm ongoing discu...

LuckyMouse Hackers Target Banks, Companies and Governments in 2020

An adversary known for its watering hole attacks against government entities has been linked to a slew of newly detected intrusions targeting various organizations in Central Asia and the Middle East. The malicious activity, collectively named "EmissarySoldier," has been attributed to a threat...

Ghost CMS Server-Side Request Forgery Vulnerability

Ghost CMS is an open source headless content management system CMS written in JavaScript. A server-side request forgery vulnerability exists in Ghost CMS versions prior to 3.10.0, which can be exploited by an attacker to scan local or external networks or interact with internal systems...

CVE-2018-18569

The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests with certain restrictions that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as an image" feature. Th...

Server side request forgery (ssrf)

The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests with certain restrictions that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as an image" feature. Th...

CVE-2018-18569

The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests with certain restrictions that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as an image" feature. Th...

CVE-2018-18569

The CVE-2018-18569 entry describes an SSRF vulnerability in Dundas BI server prior to 5.0.1.1010. By exploiting the viewUrl parameter of the “export the dashboard as an image” feature, an attacker can forge arbitrary requests and act on behalf of the attacker, potentially proxying requests to int...

Server side request forgery (ssrf)

A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans...

CVE-2018-7516

A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans...