CVE-2025-15509

The SmartRemote module has insufficient restrictions on loading URLs, which may lead to some information leakage...

CVE-2025-15509

CVE-2025-15509 affects the SmartRemote module, which has insufficient restrictions on loading URLs, potentially leaking information. CVSSv4.0 vector: AV:N/AC:L/PR:N/UI:P/HI:HIGH/VI:L; base score 7.1 (HIGH). Attack vector: network, no authentication, passive user interaction. No explicit remediati...

CVE-2026-24779 vLLM vulnerable to Server-Side Request Forgery (SSRF) in `MediaConnector`

vLLM is an inference and serving engine for large language models LLMs. Prior to version 0.14.1, a Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods obtain and process...

PT-2026-5029

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.14.1 Description A Server-Side Request Forgery SSRF issue exists in the MediaConnector class within vLLM's multimodal feature set. The load from url and load from url async methods process URLs provided by users to...

MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.362.b09-2.el8 (AXSA:2023-4869:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4869:03 advisory. OpenJDK: improper restrictions in CORBA deserialization Serialization, 8285021 CVE-2023-21830 OpenJDK: soundbank URL remote loading Sound, 8293742...

MiracleLinux 8 : java-17-openjdk-17.0.6.0.10-3.el8 (AXSA:2023-4811:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4811:01 advisory. OpenJDK: handshake DoS attack against DTLS connections JSSE, 8287411 CVE-2023-21835 OpenJDK: soundbank URL remote loading Sound, 8293742...

EUVD-2014-1945

Malware in sbrugna...

EUVD-2022-29678

Malicious code in bioql PyPI...

EUVD-2025-10406

Malicious code in bioql PyPI...

EUVD-2024-51399

Malicious code in bioql PyPI...

EUVD-2024-51407

Malicious code in bioql PyPI...

EUVD-2023-46377

Malicious code in bioql PyPI...

EUVD-2024-51408

Malicious code in bioql PyPI...

OpenNext for Cloudflare (opennextjs-cloudflare) has a SSRF vulnerability via /_next/image endpoint

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...

CVE-2025-49091

KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code...

CVE-2025-49091

KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code...

CVE-2024-44081

In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an arbitrary URL if a message from another participant contains a URL encoded in the expected format...

CVE-2024-13185

The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage...

CVE-2023-41898

Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential...

CVE-2021-43544

When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. This bug only affects Firefox for Android. Other operating systems are...