OESA-2025-2169 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP respons...

OESA-2025-2168 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP respons...

Security Bulletin: There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Asset Management application (CVE-2025-27817,CVE-2025-27818)

Summary There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Asset Management application CVE-2025-27817,CVE-2025-27818 Vulnerability Details CVEID:CVE-2025-27817 DESCRIPTION: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apach...

VulnCheck KEV: CVE-2023-46229

LangChain before 0.0.317 allows SSRF via documentloaders/recursiveurlloader.py because crawling can proceed from an external server to an internal server...

WordPress plugin Ebook Store 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

TencentOS Server 4: grafana (TSSA-2025:0603)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0603 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Enhancing GraphQL Security by Detecting Malicious Queries Using Large Language Models, Sentence Transformers, and Convolutional Neural Networks

GraphQL's flexibility, while beneficial for efficient data fetching, introduces unique security vulnerabilities that traditional API security mechanisms often fail to address. Malicious GraphQL queries can exploit the language's dynamic nature, leading to denial-of-service attacks, data...

CVE-2025-7622

During an internal security assessment, a Server-Side Request Forgery SSRF vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered...

CVE-2025-55150 Stirling-PDF SSRF vulnerability on /api/v1/convert/html/pdf

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the FreeMarker template processing when following redirects. An attacker can make unauthorized network requests by submitting crafted URLs. Note: Exploiting this vulnerability requires template edito...

Medium: php8.1

Issue Overview: fsockopen doesn't regard hostname as well, hostname is terminated at the null byte. This can cause Server Side Request Forgery in general case. CVE-2025-1220 Missing error checking could result in SQL injection and missing error handling could lead to crashes due to null pointer...

Security update for apache2

This update for apache2 fixes the following issues: CVE-2024-42516: Fixed HTTP response splitting. bsc1246477 CVE-2024-43204: Fixed a SSRF when modproxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. bsc1246305 CVE-2024-47252: Fixed insufficient...

Security update for apache2

This update for apache2 fixes the following issues: CVE-2024-42516: Fixed HTTP response splitting. bsc1246477 CVE-2024-43204: Fixed a SSRF when modproxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. bsc1246305 CVE-2024-47252: Fixed insufficient...

SUSE-SU-2025:02682-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2024-42516: Fixed HTTP response splitting. bsc1246477 - CVE-2024-43204: Fixed a SSRF when modproxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. bsc1246305 - CVE-2024-47252: Fixed insufficie...

[SECURITY] [DLA 4254-1] php7.4 security update

Debian LTS Advisory DLA-4254-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin July 27, 2025 https://wiki.debian.org/LTS Package : php7.4 Version : 7.4.33-1+deb11u9 CVE ID : CVE-2025-1220 CVE-2025-1735 CVE-2025-6491 Multiple security issues were found in PHP, a...

Apache HTTP Server: SSRF with mod_headers setting Content-Type header

...

GHSA-VGQ5-3255-V292 Apache Kafka Client Arbitrary File Read and Server Side Request Forgery Vulnerability

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...

SUSE CVE-2025-27817

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...

The vulnerability of the determineInclusionAndExtract method in the HPE StoreOnce VSA virtual storage system allows a attacker to perform an SSRF attack.

The vulnerability of the determineInclusionAndExtract method in the HPE StoreOnce VSA virtual storage system is related to insufficient validation of incoming requests. Exploiting this vulnerability may allow a malicious actor to execute an SSRF attack remotely...

CVE-2023-38343

An XXE XML external entity injection vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery...