CVE-2026-49372

In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible...

CVE-2026-34160

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS Package Exchange Notification Services plugin endpoint at public/plugin/Pens/pens.php is accessible without authentication and accepts a user-controlled package-url parameter that the server fetche...

AVideo has Unauthenticated SSRF via plugin/Live/test.php

Summary An unauthenticated server-side request forgery vulnerability in plugin/Live/test.php allows any remote user to make the AVideo server send HTTP requests to arbitrary URLs. This can be used to probe localhost/internal services and, when reachable, access internal HTTP resources or cloud...

CVE-2025-11467 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 5.1.1 - Unauthenticated Blind Server-Side Request Forgery

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 5.1.1 via the feedzylazyload function. This makes it possible for unauthenticated attacker...

Important: Red Hat Security Advisory: python-kdcproxy security update

An update for python-kdcproxy is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

CVE-2025-55971

TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 Android TV, Kernel 5.4.242+, is vulnerable to a blind, unauthenticated Server-Side Request Forgery SSRF vulnerability via the UPnP MediaRenderer service AVTransport:1. The device accepts unauthenticated SetAVTransportURI SOAP...

CVE-2022-37938

Unauthenticated server side request forgery in HPE Serviceguard Manager...