GHSA-MRMQ-3Q62-6CC8 BentoML SSRF Vulnerability in File Upload Processing

Description There's an SSRF in the file upload processing system that allows remote attackers to make arbitrary HTTP requests from the server without authentication. The vulnerability exists in the serialization/deserialization handlers for multipart form data and JSON requests, which automatical...

CVE-2025-2825

CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability in the S3 authorization header processing that allows authentication bypass. Remote and unauthenticated HTTP requests to CrushFTP with known usernames can be used to impersonate a user and conduct...

CVE-2025-2825

...

CVE-2025-2825

CVE-2025-2825 is tied to a CrushFTP authentication bypass vulnerability. Affected products: CrushFTP Server versions 10.x before 10.8.4 and 11.x before 11.3.1. Exploitation could allow account takeover due to bypassed authorization in the login/auth flow. Remediation (if the record applies): upgr...

Code injection

The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file...

CVE-2020-16152

The CVE-2020-16152 entry refers to Aerohive/Extreme Networks HiveOS NetConfig, where the NetConfig UI is vulnerable to local file inclusion (LFI) paired with log-poisoning to achieve unauthenticated remote code execution as root. Affected are HiveOS IQ Engine and NetConfig interfaces through 10.0...

CVE-2020-16152

The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file...

Cisco Wireless LAN Controller Denial of Service Vulnerability (CNVD-2016-02517)

The Cisco WLC is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. A denial of service vulnerability in the Bonjour Task Manager for Cisco Wireless LAN Controller WLC Software allows remote attackers ...

MiniShare 1.3.2 - Remote Denial of Service

MiniShare 1.3.2 - Remote Denial of Service source: https://www.securityfocus.com/bid/10417/info Minishare is affected by a remote denial of service vulnerability. This issue is due to a failure of the application to handle improperly formed HTTP requests. This issue will allow an attacker to caus...