ssrf

Elastic Stack Under Fire: 7 New Flaws Expose Files & Crash Servers Elastic Security Update CVE-2026-0532 Elastic Defend Arbitrary Delete, SYSTEM Privilege Escalation ECE Readonly EoP, Improper Authorization Elastic XSS, Kibana Vulnerabilities Elastic LPE, Observability Tools Vulnerabilities

Elastic Security Update CVE-2026-0532 Elastic Defend Arbitrary Delete, SYSTEM Privilege Escalation ECE Readonly EoP, Improper Authorization Elastic XSS, Kibana Vulnerabilities Elastic LPE, Observability Tools Vulnerabilities

Elastic Stack Under Fire: 7 New Flaws Expose Files & Crash Servers

Ddos January 14, 2026

The XML Trap: Critical Struts 2 Flaw CVE-2025-68493 Exposes Data Apache Struts 2 Vulnerability CVE-2025-68493 CVE-2021-31805 Struts DoS, File Upload Leak

Apache Struts 2 Vulnerability CVE-2025-68493 CVE-2021-31805 Struts DoS, File Upload Leak

The XML Trap: Critical Struts 2 Flaw CVE-2025-68493 Exposes Data

Ddos January 12, 2026

CISA KEV Alert: GeoServer XXE Flaw Under Active Attack Risks Data Theft & Internal Network Scanning CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

CISA KEV Alert: GeoServer XXE Flaw Under Active Attack Risks Data Theft & Internal Network Scanning

Ddos December 12, 2025

Critical ZITADEL Flaws (CVE-2025-67494, CVSS 9.3) Risk SSRF Internal Breach and Account Hijack via XSS CVE-2025-27507 ZITADEL SSRF, Login UI Hijack

CVE-2025-27507 ZITADEL SSRF, Login UI Hijack

Critical ZITADEL Flaws (CVE-2025-67494, CVSS 9.3) Risk SSRF Internal Breach and Account Hijack via XSS

Ddos December 10, 2025

Apache HTTP Server 2.4.66 Fixes SSRF Flaw (CVE-2025-59775) Exposing NTLM Hashes on Windows and suexec Bypass CVE-2024-40725 & CVE-2024-40898 Apache SSRF NTLM Leak, suexec Bypass

CVE-2024-40725 & CVE-2024-40898 Apache SSRF NTLM Leak, suexec Bypass

Apache HTTP Server 2.4.66 Fixes SSRF Flaw (CVE-2025-59775) Exposing NTLM Hashes on Windows and suexec Bypass

Ddos December 5, 2025

High-Severity GeoServer Flaw (CVE-2025-58360) Allows Unauthenticated XXE for File Theft and SSRF CVE-2023-25157 GeoServer XXE, Unauthenticated File Exfiltration

CVE-2023-25157 GeoServer XXE, Unauthenticated File Exfiltration

High-Severity GeoServer Flaw (CVE-2025-58360) Allows Unauthenticated XXE for File Theft and SSRF

Ddos December 1, 2025

Elastic Patches Two Kibana Flaws — SSRF (CVE-2025-37734) and XSS (CVE-2025-59840) Flaws Affect Multiple Versions CVE-2024-37288 and CVE-2024-37285 Kibana XSS SSRF, Vega Vulnerability

CVE-2024-37288 and CVE-2024-37285 Kibana XSS SSRF, Vega Vulnerability

Elastic Patches Two Kibana Flaws — SSRF (CVE-2025-37734) and XSS (CVE-2025-59840) Flaws Affect Multiple Versions

Ddos November 13, 2025

Zimbra Issues Emergency Patch for Critical SSRF Vulnerability in Chat Proxy Configuration Zimbra SSRF, Chat Proxy Flaw

Zimbra SSRF, Chat Proxy Flaw

Zimbra Issues Emergency Patch for Critical SSRF Vulnerability in Chat Proxy Configuration

Ddos October 17, 2025

Elastic Fixes Multiple High-Severity Vulnerabilities in Kibana and Elasticsearch Elastic Security Update CVE-2026-0532 Elastic Defend Arbitrary Delete, SYSTEM Privilege Escalation ECE Readonly EoP, Improper Authorization Elastic XSS, Kibana Vulnerabilities Elastic LPE, Observability Tools Vulnerabilities

Elastic Security Update CVE-2026-0532 Elastic Defend Arbitrary Delete, SYSTEM Privilege Escalation ECE Readonly EoP, Improper Authorization Elastic XSS, Kibana Vulnerabilities Elastic LPE, Observability Tools Vulnerabilities

Elastic Fixes Multiple High-Severity Vulnerabilities in Kibana and Elasticsearch

Ddos October 7, 2025

Splunk Fixes Six Flaws, Including Unauthenticated SSRF and XSS Vulnerabilities in Enterprise Platform Splunk Permission Flaw, Local Privilege Escalation Splunk Vulnerabilities CVE-2024-53247 - Splunk Secure Gateway App CVE-2025-20229 & CVE-2025-20231

Splunk Permission Flaw, Local Privilege Escalation Splunk Vulnerabilities CVE-2024-53247 - Splunk Secure Gateway App CVE-2025-20229 & CVE-2025-20231

Splunk Fixes Six Flaws, Including Unauthenticated SSRF and XSS Vulnerabilities in Enterprise Platform

Ddos October 2, 2025

Apache Kylin Flaw: Authentication Bypass and SSRF Vulnerabilities Found in Big Data Platform CVE-2022-43396 Apache Kylin, Authentication Bypass

CVE-2022-43396 Apache Kylin, Authentication Bypass

Apache Kylin Flaw: Authentication Bypass and SSRF Vulnerabilities Found in Big Data Platform

Ddos October 1, 2025

CVE-2025-58179: Astro Cloudflare Adapter Vulnerability Enables SSRF Astro vulnerability

Astro vulnerability

CVE-2025-58179: Astro Cloudflare Adapter Vulnerability Enables SSRF

Ddos September 7, 2025

CVE-2025-54370: SSRF Vulnerability Discovered in PhpSpreadsheet Library PhpSpreadsheet CVE-2025-54370

PhpSpreadsheet CVE-2025-54370

CVE-2025-54370: SSRF Vulnerability Discovered in PhpSpreadsheet Library

Ddos August 26, 2025

Urgent Xerox FreeFlow Core Patch: Critical Flaws (CVSS 9.8) Allow RCE and SSRF Xerox RCE, FreeFlow Core Vulnerabilities

Xerox RCE, FreeFlow Core Vulnerabilities

Urgent Xerox FreeFlow Core Patch: Critical Flaws (CVSS 9.8) Allow RCE and SSRF

Ddos August 11, 2025

Critical BentoML SSRF (CVSS 9.9) Exposes AI Applications to Unauthenticated Network Recon & Cloud Credential Theft BentoML SSRF, AI Application Security

BentoML SSRF, AI Application Security

Critical BentoML SSRF (CVSS 9.9) Exposes AI Applications to Unauthenticated Network Recon & Cloud Credential Theft

Ddos July 30, 2025

RCE, SSRF & Data Exposure: Salesforce Patches 8 Serious Flaws in Tableau Server Tableau Server Vulnerabilities, Remote Code Execution

Tableau Server Vulnerabilities, Remote Code Execution

RCE, SSRF & Data Exposure: Salesforce Patches 8 Serious Flaws in Tableau Server

Ddos July 28, 2025

18 Serious Flaws (CVSS up to 9.8) Expose Samsung MagicINFO 9 Servers to Full Compromise Samsung MagicINFO, Digital Signage Vulnerabilities

Samsung MagicINFO, Digital Signage Vulnerabilities

18 Serious Flaws (CVSS up to 9.8) Expose Samsung MagicINFO 9 Servers to Full Compromise

Ddos July 24, 2025

Critical Manager.io Flaw (CVE-2025-54122, CVSS 10.0) Allows Unauthenticated SSRF & Cloud Takeover Manager.io SSRF, Accounting Software Vulnerability

Manager.io SSRF, Accounting Software Vulnerability

Critical Manager.io Flaw (CVE-2025-54122, CVSS 10.0) Allows Unauthenticated SSRF & Cloud Takeover

Ddos July 23, 2025

Apache HTTP Server 2.4.64 Released: Patches 8 Vulnerabilities, Including HTTP Splitting, SSRF & DoS CVE-2024-38472 Apache HTTP Server, Security Patches

CVE-2024-38472 Apache HTTP Server, Security Patches

Apache HTTP Server 2.4.64 Released: Patches 8 Vulnerabilities, Including HTTP Splitting, SSRF & DoS

Ddos July 11, 2025

Critical Vulnerabilities Found in Schneider Electric’s EcoStruxure IT Data Center Expert CVE-2024-8884 & CVE-2024-11737 Schneider Electric, Critical Vulnerabilities

CVE-2024-8884 & CVE-2024-11737 Schneider Electric, Critical Vulnerabilities

Critical Vulnerabilities Found in Schneider Electric’s EcoStruxure IT Data Center Expert

Ddos July 10, 2025