64 matches found
VulnLinux-Exploitation
Lab 01: Vulnerable Linux Reconnaissance + Enumeration + Remote...
WSO2 - Server Side Request Forgery
WSO2 products contain SSRF and reflected XSS vulnerabilities in the deprecated Try-It feature accessible only to administrative users, caused by improper URL validation and direct content reflection, letting attackers trick admins into executing arbitrary JavaScript and querying internal services...
Penetration-Testing-Exploitation-of-Vulnerable-Linux-Systems
Penetration-Testing-Exploitation-of-Vulnerable-Linux-Systems K...
CVE-2026-27600
HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. No validation or restriction is applied to the supplied host, IP address, or port. Although...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the notifier functionality. An attacker can enumerate internal services by supplying arbitrary URLs, causing the application to send HTTP POST requests and observing UI behavior differences based on...
CVE-2026-27600
HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. No validation or restriction is applied to the supplied host, IP address, or port. Although...
CVE-2026-27600
HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. No validation or restriction is applied to the supplied host, IP address, or port. Although...
EUVD-2026-9335
HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. No validation or restriction is applied to the supplied host, IP address, or port. Although...
CVE-2026-27600
CVE-2026-27600 : In HomeBox, prior to version 0.24.0-rc.1, the notifier allows authenticated users to specify arbitrary URLs for HTTP POST requests without validating host/IP/port. This can yield a behavioral side-channel that enables internal service enumeration, as the UI behavior varies with t...
CVE-2022-42894
A vulnerability has been identified in syngo Dynamics All versions VA40G HF01. An unauthenticated Server-Side Request Forgery SSRF vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for the leaking of NTLM credentials as well as loca...
OreaHax-Framework
OreaHax-Framework ╔════════════════════════════════════...
CVE-2023-53893
Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter that allows attackers to bypass network restrictions. Attackers can exploit the unvalidated parameter to initiate file, service, and network enumeration by forcing the...
CVE-2025-5350
SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try-It feature, which was accessible only to administrative users. This feature accepted user-supplied URLs without proper validation, leading to server-side request forgery SSRF. Additionally, the...
bluescan
BlueScan - Bluetooth Security Scanner A comprehensive Bluetoo...
EUVD-2021-18703
Malware in sbrugna...
EUVD-2022-45952
Malicious code in bioql PyPI...
EUVD-2022-45043
Malicious code in bioql PyPI...
EUVD-2025-18779
Malicious code in bioql PyPI...
EUVD-2023-54616
Malicious code in bioql PyPI...
EUVD-2025-27285
Malicious code in bioql PyPI...