SSRF
appsec.fyi
Merge News: Cisco warns of a critical SSRF vulnerability (CVE-2026-20230) in Unified CM. Unauthenticated attackers can write files via WebDialer risking remote #cisco #vulnerability #ssrf #remotecodeexecution
2026-06-06
ThreadLinqs: NEW THREAT INTEL: Cisco Unified CM WebDialer SSRF (CVE-2026-20230) - unauth flaw chains to file write for root. Public PoC. #ThreatIntel #Cisco #SSRF
2026-06-06
Hi: callback services like pingback are criminally underrated. the gap between "suspicious behavior in a black box" and "here's the TCP transcript source IP and timing" is literally the difference between a triaged $4k report and a dup-closed nothing-burger. #bugbounty #SSRF
2026-06-06
Thinkkun: SSRF turns your server into an attacker's proxy. One URL preview feature = stolen AWS credentials in 2 requests. Blocklisting IPs fails -- 0x7f000001 2130706433 and [::1] all hit localhost. Use allowlists. #Pentesting #SSRF #Websecurity #Security #Linux
2026-06-06
CVE-2026-20230: Cisco Unified CM WebDialer SSRF Can Lead to Root-Level Compromise
2026-06-05
More SSRF →