ssrf Archives • Page 3 of 3 • Daily CyberSecurity

CISA Warns of Critical Flaws in ControlID iDSecure Vehicle Control Software ControlID iDSecure, Access Control Vulnerabilities

CISA Warns of Critical Flaws in ControlID iDSecure Vehicle Control Software

Do Son June 26, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a risk advisory on three newly discovered vulnerabilities...

Critical Kibana Flaws: CVE-2025-2135 (CVSS 9.9) Allows Heap Corruption & RCE; Open Redirect Also Patched Kibana Vulnerabilities, Code Execution

Critical Kibana Flaws: CVE-2025-2135 (CVSS 9.9) Allows Heap Corruption & RCE; Open Redirect Also Patched

Do Son June 25, 2025

Elastic has published a security advisory addressing two significant vulnerabilities in Kibana, the visualization and dashboarding layer...

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying SSRF, Cloudflare OpenNext

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

Do Son June 19, 2025

A Server-Side Request Forgery (SSRF) vulnerability has been discovered in the @opennextjs/cloudflare package, potentially allowing unauthenticated users...

Apache Kafka Clients at Risk: File Reads, SSRF, and RCE Exploits Trigger Urgent Security Fixes Kafka RCE JAAS vulnerability

Apache Kafka Clients at Risk: File Reads, SSRF, and RCE Exploits Trigger Urgent Security Fixes

Do Son June 9, 2025

The Apache Kafka Project has released security advisories addressing three important vulnerabilities affecting various versions of the...

Critical SSRF Flaw in Esri Portal for ArcGIS Exposes Internal Networks Esri ArcGIS, SSRF Vulnerability

Critical SSRF Flaw in Esri Portal for ArcGIS Exposes Internal Networks

Do Son June 2, 2025

Esri has issued a critical security patch for its widely used Portal for ArcGIS software, addressing a...

Popular Selenium Library WebDriverManager Hit by Critical XXE Bug (CVE-2025-4641, CVSS 9.3) WebDriverManager, CVE-2025-4641

Popular Selenium Library WebDriverManager Hit by Critical XXE Bug (CVE-2025-4641, CVSS 9.3)

Do Son May 16, 2025

A critical XML External Entity (XXE) injection vulnerability has been identified in WebDriverManager, an essential Java library...

Patch Now: SonicWall SMA1000 Flaw (CVE-2025-40595) Enables Stealth SSRF Attacks SSRF, SonicWall SMA1000

Patch Now: SonicWall SMA1000 Flaw (CVE-2025-40595) Enables Stealth SSRF Attacks

Do Son May 16, 2025

A newly disclosed Server-Side Request Forgery (SSRF) vulnerability in SonicWall’s SMA1000 series appliances could allow remote attackers...

High-Risk Flaws in a-blog cms: CVE-2025-36560 Scores Critical 9.2 on CVSS Scale a-blog cms, CVE-2025-36560

High-Risk Flaws in a-blog cms: CVE-2025-36560 Scores Critical 9.2 on CVSS Scale

Do Son May 15, 2025

JPCERT/CC has issued a vulnerability note disclosing multiple security flaws in a-blog cms, a popular content management...

Microsoft Patches Four Critical Azure and Power Apps Vulnerabilities, Including CVSS 10 Privilege Escalation Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

Microsoft Patches Four Critical Azure and Power Apps Vulnerabilities, Including CVSS 10 Privilege Escalation

Do Son May 9, 2025

Microsoft has addressed a cluster of critical vulnerabilities affecting several of its core cloud services—including Azure Automation,...

SonicWall Issues Patch for SSRF Vulnerability in SMA1000 Appliances SonicWall, SSRF vulnerability

SonicWall Issues Patch for SSRF Vulnerability in SMA1000 Appliances

Do Son May 2, 2025

SonicWall’s Product Security Incident Response Team (PSIRT) has issued an important update for its SMA1000 series appliances...

CrushFTP Hit by SSRF and Directory Traversal Vulnerabilities (CVE-2025-32102 & CVE-2025-32103) CVE-2024-53552 CrushFTP vulnerability, SSRF

CrushFTP Hit by SSRF and Directory Traversal Vulnerabilities (CVE-2025-32102 & CVE-2025-32103)

Do Son April 15, 2025

CrushFTP, a popular file transfer server, is facing increased scrutiny following the discovery of two significant security...

Critical SSRF Vulnerability Patched in LNbits Lightning Wallet Server LNbits SSRF LNURL Vulnerability

Critical SSRF Vulnerability Patched in LNbits Lightning Wallet Server

Do Son April 10, 2025

LNbits, the modular and extendable Lightning Network wallet server, has patched a critical Server-Side Request Forgery (SSRF)...

Bitdefender Patches Critical Vulnerabilities in GravityZone and Endpoint Security Bitdefender vulnerabilities

Bitdefender Patches Critical Vulnerabilities in GravityZone and Endpoint Security

Do Son April 11, 2024

Bitdefender, a leading cybersecurity company, has released critical updates to address multiple vulnerabilities in its GravityZone and...

CVE-2024-29190: SSRF Vulnerability Found in Popular Mobile App Testing Tool, MobSF

Do Son March 24, 2024

Security researchers have uncovered a serious vulnerability in the Mobile Security Framework (MobSF). MobSF is a widely...

Teleport’s Security Breach: Centralized System Faces Critical Vulnerabilities Teleport Vulnerability

Teleport’s Security Breach: Centralized System Faces Critical Vulnerabilities

Do Son January 4, 2024

Teleport, a renowned platform offering centralized authentication and auditing for servers and cloud applications, has recently found...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

ssrf

CISA Warns of Critical Flaws in ControlID iDSecure Vehicle Control Software

Critical Kibana Flaws: CVE-2025-2135 (CVSS 9.9) Allows Heap Corruption & RCE; Open Redirect Also Patched

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

Apache Kafka Clients at Risk: File Reads, SSRF, and RCE Exploits Trigger Urgent Security Fixes

Critical SSRF Flaw in Esri Portal for ArcGIS Exposes Internal Networks

Popular Selenium Library WebDriverManager Hit by Critical XXE Bug (CVE-2025-4641, CVSS 9.3)

Patch Now: SonicWall SMA1000 Flaw (CVE-2025-40595) Enables Stealth SSRF Attacks

High-Risk Flaws in a-blog cms: CVE-2025-36560 Scores Critical 9.2 on CVSS Scale

SonicWall Issues Patch for SSRF Vulnerability in SMA1000 Appliances

CrushFTP Hit by SSRF and Directory Traversal Vulnerabilities (CVE-2025-32102 & CVE-2025-32103)

Critical SSRF Vulnerability Patched in LNbits Lightning Wallet Server

Bitdefender Patches Critical Vulnerabilities in GravityZone and Endpoint Security

CVE-2024-29190: SSRF Vulnerability Found in Popular Mobile App Testing Tool, MobSF

Teleport’s Security Breach: Centralized System Faces Critical Vulnerabilities