5 matches found
EUVD-2018-0207
Malware in sbrugna...
CVE-2025-9269
A Server-Side Request Forgery SSRF vulnerability has been identified in the embedded web server in various Lexmark devices. This vulnerability can be leveraged by an attacker to force the device to send an arbitrary HTTP request to a third-party server. Successful exploitation of this vulnerabili...
CVE-2025-9269
Lexmark devices with the embedded web server are affected by CVE-2025-9269 (SSRF). The vulnerability allows an attacker to coerce the device into issuing arbitrary HTTP requests to a third-party server, potentially enabling internal network access or data disclosure. CVSSv4 base score 6.9 (networ...
CVE-2025-54988
An XML External Entity injection flaw was found in the Apache Tika tika-parser-pdf-module. This vulnerability allows an attacker to provide a crafted XFA file within a PDF, read sensitive data, or trigger malicious requests to internal resources or third-party servers. Mitigation Mitigation for...
CVE-2025-30218 Next.js may leak x-middleware-subrequest-id to external hosts
Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host ...