CVE-2026-49139

Summary: Nanobot before 0.2.1 contains a server-side request forgery (SSRF) in the Microsoft Teams channel handler, enabling attackers to exfiltrate Bot Framework bearer tokens. By sending a forged inbound activity with an attacker-controlled serviceUrl, an adversary can poison the stored convers...

Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay

Cas2Handler builds this service parameter from Request::getSchemeAndHttpHost, which reflects the attacker-controlled HTTP Host header whenever Symfony's framework.trustedhosts setting is not configured the default. An attacker who controls any other application registered with the same CAS server...

GHSA-J8GJ-9RM5-4XHX Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay

Cas2Handler builds this service parameter from Request::getSchemeAndHttpHost, which reflects the attacker-controlled HTTP Host header whenever Symfony's framework.trustedhosts setting is not configured the default. An attacker who controls any other application registered with the same CAS server...

PT-2026-44143

Cas2Handler builds this service parameter from Request::getSchemeAndHttpHost, which reflects the attacker-controlled HTTP Host header whenever Symfony's framework.trusted hosts setting is not configured the default. An attacker who controls any other application registered with the same CAS serve...

MaxKB 代码问题漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.8.1 contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the OSS file service URL retrieval...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the apiCall executor. An attacker can obtain sensitive credentials by sending crafted HTTP requests to endpoints controlled by the attacker, causing the automatic forwarding of the ServiceAccount...

CVE-2026-39922

GeoNode versions 4.4.5 and 5.0.2 and prior within their respective releases contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL durin...

CVE-2026-5538

CVE-2026-5538 affects QingdaoU OnlineJudge up to 1.6.1. The issue lies in the function service_url of JudgeServer.service_url within the judge_server_heartbeat Endpoint, where manipulation enables server-side request forgery. The vulnerability is exploitable remotely. The vendor has been contacte...

CVE-2026-5538 QingdaoU OnlineJudge judge_server_heartbeat Endpoint JudgeServer.service_url server-side request forgery

A vulnerability was detected in QingdaoU OnlineJudge up to 1.6.1. Affected by this issue is the function serviceurl of the file JudgeServer.serviceurl of the component judgeserverheartbeat Endpoint. The manipulation results in server-side request forgery. It is possible to launch the attack...

CVE-2025-68924

CVE-2025-68924 affects UmbracoForms up to version 8.13.16. An authenticated attacker can specify a malicious WSDL URL as a Webservice data source, enabling remote code execution via dynamic SOAP client generation. The root cause is untrusted WSDL processing in the Webservice data source. Impact i...

CVE-2025-68924

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...

PT-2026-3273

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...

PT-2025-50335

Name of the Vulnerable Software and Affected Versions Barracuda Service Center versions prior to 2025.1.1 Description Barracuda Service Center, as implemented in the RMM solution, does not validate the URL specified in a WSDL file controlled by an attacker, which is subsequently loaded by the...

EUVD-2019-7811

Malware in sbrugna...

EUVD-2019-16169

Malware in sbrugna...

CVE-2025-59341 Local File Inclusion in esm.sh

esm.sh is a nobuild content delivery networkCDN for modern web development. In 136 and earlier, a Local File Inclusion LFI issue was identified in the esm.sh service URL handling. An attacker could craft a request that causes the server to read and return files from the host filesystem or other...

Linux Distros Unpatched Vulnerability : CVE-2022-39369

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS librar...

Ubuntu 16.04 LTS / 18.04 LTS : PHP vulnerabilities (USN-7645-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7645-1 advisory. It was discovered that PHP incorrectly parsed certain HTTP response headers. An attacker could possibly use this issue to cause incorrect MIM...

USN-6913-1 php-cas vulnerability

Filip Hejsek discovered that phpCAS was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account on a vulnerable CASified service. This security update introduces an incompatible API change. Afte...

PT-2024-23864

Name of the Vulnerable Software and Affected Versions Fides versions 2.19.0 through 2.39.2rc0 Description A vulnerability in Fides allows an unauthenticated attacker to make a HTTP GET request from the Privacy Center that discloses the value of the SERVER SIDE FIDES API URL server-side...