Server-side Request Forgery (SSRF)

Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. The NoPrivateNetworkHttpClient is designed to be a security boundary that blocks requests to private/interna...

RHEL 6 : openstack-neutron (RHSA-2014:0899)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0899 advisory. The openstack-neutron packages provide Openstack Networking neutron, the virtual network service. OpenStack Networking neutron is a pluggabl...

CVE-2023-50715

Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains a patch for this issue. When starting the Home Assistant...

dotCMS 代码问题漏洞

dotCMS is a content management system CMS from the United States dotCMS. The system supports modules such as RSS feeds, blogs, and forums, and is easy to extend and build. A security vulnerability exists in dotCMS version 5.x-22.06, which stems from TempFileAPI allowing a user to create a tempora...

AWS Pen-Testing Laboratory - Pentesting Lab With A Kali Linux Instance Accessible Via Ssh And Wireguard VPN And With Vulnerable Instances In A Private Subnet

PenTesting laboratory deployed as IaC with Terraform on AWS. It deploys a Kali Linux instance accessible via ssh & wireguard VPN. Vulnerable instances in a private subnet. NOTE: Ids only defined for region "eu-west-1" For other regions, kali ami id must be specified and metasploitable3 id after...

How to Provide Secure Access to AWS Workloads

In the last two posts, we covered the security fundamentals to migrate to the Cloud and the 10 best practices to secure workloads. In this third post, we will talk about securing access to your AWS workloads. To Live Happy, Live Hidden In a traditional model, you need to somehow open your cloud...

Moderate: Red Hat Security Advisory: openstack-neutron security, bug fix, and enhancement update

Updated openstack-neutron packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability...

DEBIAN-CVE-2014-4167

The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service IPv4 address attachment outage by attaching an IPv6 private subnet to a L3 router...

Cisco Unified Computing System Fabric Interconnect Devices Arbitrary Command Execution Vulnerability

A vulnerability in the initial setup script of Cisco Unified Computing System fabric interconnect FI devices could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to unfiltered input in the cluster initial...

CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient

More info at https://symfony.com/cve-2026-48736...