Recently Added
The most recent resources added to appsec.fyi, across all topics. Subscribe to the RSS feed to stay updated.
| Date | Topic | Link | Excerpt |
|---|---|---|---|
| 2026-04-01 | XSS | Colwen Hotels XSS Hotels launch new collection brand | Colwen Hotels, XSS Hotels launch new collection brand https://ift.tt/cbWKXEy |
| 2026-04-01 | SSRF | Major Anders Lassen VC (1920-1945) had earlier served in SOE's Small Scale Raiding Force (No. 62 Commando) during the Second World War. #AndersLassen #SSRF #62Commando #SOE #SBS #Sx.com/copp_survey/st.co/67AkjCvWx2 | 🅰🅽🅳🅴🆁🆂 🅻🅰🆂🆂🅴🅽 Major Anders Lassen VC (1920-1945) had earlier served in SOE's Small Scale Raiding Force (No. 62 Commando) during the Second World War. #AndersLassen #SSRF #62Commando #SOE #SBS #Sx.com... |
| 2026-04-01 | XSS | ShadowPrompt: Zero-Click Prompt Injection Chain in Anthropics Claude Chrome Extension | ShadowPrompt: Zero-Click Prompt Injection Chain in Anthropic’s Claude Chrome Extension https://ift.tt/LQkpR3n |
| 2026-04-01 | XSS | Jira Account Takeover | Jira Account Takeover https://ift.tt/wtHJ6Lm |
| 2026-03-31 | SSRF | Critical SSRF flaw in HAPI FHIR validation package CVE-2026-34361 could expose healthcare apps to credential theft and potential data breaches. vulert.com/vuln-db/CVE-20Zp #CyberSecurity #SSRpic.x.com/ulvNeLbE3Y3Y | 🚨 Critical SSRF flaw in HAPI FHIR validation package CVE-2026-34361 could expose healthcare apps to credential theft and potential data breaches. �vulert.com/vuln-db/CVE-20…Zp #CyberSecurity #SSRpic.x... |
| 2026-03-31 | SSRF | TL;DR: IMDSv1 SSRF = credenziali IAM gratis. Capital One 2019: 106M record $80M di multa. Tre HTTP request. Zero exploit. Paolo ha scritto come funziona e come si ferma paolocostanzo.github.io/ssrf-imds-ec2-c (post AI paolo studiava AWS cert) #AWS #SSRF #CloudSecurity #PenTest | TL;DR: IMDSv1 + SSRF = credenziali IAM gratis. Capital One, 2019: 106M record, $80M di multa. Tre HTTP request. Zero exploit. Paolo ha scritto come funziona e come si ferma 👇paolocostanzo.github.io/ss... |
| 2026-03-31 | XSS | Vulnerabilities in Bludit software | Vulnerabilities in Bludit software https://ift.tt/xf0FONS |
| 2026-03-30 | XSS | Stored XSS Bug in Jira Work Management Could Lead to Full Organization Takeover | Stored XSS Bug in Jira Work Management Could Lead to Full Organization Takeover https://ift.tt/chvJTgR |
| 2026-03-30 | SSRF | Warning: High #SSRF & Injection vulnerabilities in #SpringAI. CVE-2026-22742 CVE-2026-22743 CVE-2026-22744 CVSS: 8.6. These CVEs can lead to unintended server requests and database access. #Patch #Patch #Patch | Warning: High #SSRF & Injection vulnerabilities in #SpringAI. CVE-2026-22742, CVE-2026-22743, CVE-2026-22744 CVSS: 8.6. These CVEs can lead to unintended server requests and database access. #Patch #P... |
| 2026-03-30 | XSS | Stored XSS Flaw in Jira Work Management Could Enable Full Org Compromise | Stored XSS Flaw in Jira Work Management Could Enable Full Org Compromise https://ift.tt/tBU50wa |
| 2026-03-30 | XSS | Stored XSS Vulnerability in Jira Work Management Could Enable Full Organization Takeover | Stored XSS Vulnerability in Jira Work Management Could Enable Full Organization Takeover https://ift.tt/NBDfQXj |
| 2026-03-29 | XSS | Vulnerabilities in Raytha software | Vulnerabilities in Raytha software https://ift.tt/KuydOeU |
| 2026-03-29 | SSRF | def check_stock_api(url): if url.startswith("http://") or url.startswith("https://"): if not url.startswith("http://localhost") and not url.startswith(""): return False Hmm so... how would you by pass this? #SSRF #WebSecurity #BugBounty #Python | def check_stock_api(url): if url.startswith("http://") or url.startswith("https://"): if not url.startswith("http://localhost") and not url.startswith(""): return False Hmm so... how would you by p... |
| 2026-03-29 | SSRF | SSRF Payload Generator #SSRF #PayloadGenerator #Pentesting #VulnerabilityTesting #SecurityTools shelltrail.com/tools/ssrf-pay | SSRF Payload Generator #SSRF #PayloadGenerator #Pentesting #VulnerabilityTesting #SecurityTools shelltrail.com/tools/ssrf-pay… https://ift.tt/RWCn8zP |
| 2026-03-28 | SSRF | Server-Side Request Forgery (SSRF) in pyLoad (CVE-2026-33992) can lead to cloud metadata exfiltration. Assess pyLoad deployments and restrict network egress. #SSRF #CloudSecurity #InfoSec pulsepatch.io/posts/cve-2026 | Server-Side Request Forgery (SSRF) in `pyLoad` (CVE-2026-33992) can lead to cloud metadata exfiltration. Assess `pyLoad` deployments and restrict network egress. #SSRF #CloudSecurity #InfoSec pulsepat... |
| 2026-03-27 | SSRF | CVE-2026-33992: pyLoad:... PyLoad's blind URL acceptance turns your download manager into a cloud metadata harvesting tool - DigitalOcean SSH keys anyone? #SSRF #CloudSec. zerodaysignal.com/vulnerability/P #netsec #vulnerability #CVE #sysadmin #zeroday | 🚨 CVE-2026-33992: pyLoad:... PyLoad's blind URL acceptance turns your download manager into a cloud metadata harvesting tool - DigitalOcean SSH keys anyone? #SSRF #CloudSec. zerodaysignal.com/vulnerab... |
| 2026-03-27 | SSRF | MCP attack surface is exploding: 30 CVEs in 60 days. CVE-2026-26118: SSRF in Azure MCP Server leaks managed identity tokens. The protocol meant to secure AI agents is now a privesc vector. Run MCP? Audit inputs block outbound rotate tokens. #CyberSecurity #MCP #SSRF | MCP attack surface is exploding: 30 CVEs in 60 days. CVE-2026-26118: SSRF in Azure MCP Server leaks managed identity tokens. The protocol meant to secure AI agents is now a privesc vector. Run MCP? Au... |
| 2026-03-27 | SSRF | CVE-2020-8561 exploits an SSRF flaw in Kubernetes API servers ValidatingWebhookConfiguration and profiling endpoints to expose full responses. Requires cluster-admin creds to escalate impact. #KubernetesSecurity #SSRF #CVE20208561 ift.tt/LEbouZ0 | CVE-2020-8561 exploits an SSRF flaw in Kubernetes API server’s ValidatingWebhookConfiguration and profiling endpoints to expose full responses. Requires cluster-admin creds to escalate impact. #Kubern... |
| 2026-03-27 | SSRF | Blog2Social =8.6.0 tiene SSRF (CVSS 4.3). Un suscriptor puede hacer peticiones a cualquier URL interna. Solución: actualizar a 8.6.1 o superior. #WordPress #Seguridad #SSRF t.me/vulnerabilityw | ⚠️ Blog2Social =8.6.0 tiene SSRF (CVSS 4.3). Un suscriptor+ puede hacer peticiones a cualquier URL interna. Solución: actualizar a 8.6.1 o superior. #WordPress #Seguridad #SSRF t.me/vulnerabilityw… ht... |
| 2026-03-27 | SSRF | LLM連携基盤Spring AIにもSSRFの脆弱性が確認されていますCVE-2026-22742ユーザー指定URLの検証不備により内部ネットワークへのアクセスが誘発される恐れがあります security-next.com/182645 #企業公式相互フォロー #SSRF | LLM連携基盤「Spring AI」にもSSRFの脆弱性が確認されています(CVE-2026-22742)。ユーザー指定URLの検証不備により、内部ネットワークへのアクセスが誘発される恐れがあります。 security-next.com/182645 #企業公式相互フォロー #SSRF https://ift.tt/2bvs6Zm |
| 2026-03-26 | SSRF | Budibase is affected by an Unrestricted SSRF vulnerability (CVE-2026-33226) via its REST Datasource Query Preview. This could enable internal network reconnaissance. Investigate network egress filtering. #Budibase #SSRF #Infosec pulsepatch.io/posts/cve-2026 | `Budibase` is affected by an Unrestricted SSRF vulnerability (CVE-2026-33226) via its REST Datasource Query Preview. This could enable internal network reconnaissance. Investigate network egress filte... |
| 2026-03-26 | XSS | Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website | Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website https://ift.tt/onyUmWb |
| 2026-03-26 | XSS | CISA and FBI release secure-by-design guidelines on cross-site scripting | CISA and FBI release secure-by-design guidelines on cross-site scripting https://ift.tt/OsAW3Rc |
| 2026-03-26 | XSS | HTTP/1.1 Must Die: Conquering the 0.CL Challenge | HTTP/1.1 Must Die: Conquering the 0.CL Challenge https://ift.tt/zWFgsu7 |
| 2026-03-26 | XSS | CISA Warns of Actively Exploited Zimbra Collaboration Suite Vulnerability | CISA Warns of Actively Exploited Zimbra Collaboration Suite Vulnerability https://cyberpress.org/zimbra-collaboration-suite-vulnerability/ |
| 2026-03-25 | XSS | Renaissance Framingham Hotel Debuts After Transformation | Renaissance Framingham Hotel Debuts After Transformation https://ift.tt/EsDvhRT |
| 2026-03-23 | SSRF | Vulnerability in soft-serve allows SSRF via unvalidated LFS endpoint in repo import (CVE-2026-30832). Potential internal network access. #SSRF #GitLFS #infosec pulsepatch.io/posts/cve-2026 | Vulnerability in `soft-serve` allows SSRF via unvalidated LFS endpoint in repo import (CVE-2026-30832). Potential internal network access. #SSRF #GitLFS #infosec pulsepatch.io/posts/cve-2026… https://... |
| 2026-03-23 | SSRF | Intra-thoracic rib fixation is available but is not well studied vs conventional extra-thoracic systems. The addition of VATS to rib fixation cases no matter where the plates are placed may be of benefit particularly in severe chest wall trauma. #ribfracture #SSRF #CWIS pic.x.com/2VsVvEr4eW | Intra-thoracic rib fixation is available but is not well studied vs conventional extra-thoracic systems. The addition of VATS to rib fixation cases, no matter where the plates are placed, may be of be... |
| 2026-03-23 | SSRF | Les comparto un pequeño #writeup de cómo puedes analizar un Blind #SSRF con Introspector Framework. 13.37.hn/webhacking/202 pic.x.com/upPnb1um2G | Les comparto un pequeño #writeup de cómo puedes analizar un Blind #SSRF con Introspector Framework. 13.37.hn/webhacking/202… pic.x.com/upPnb1um2G https://ift.tt/uMrmfOQ |
| 2026-03-21 | SSRF | An unauthenticated SSRF vulnerability (CVE-2026-33502) affects AVideo potentially allowing internal network access. Investigate server isolation and egress filtering. #AVideo #SSRF #infosec pulsepatch.io/posts/cve-2026 | An unauthenticated SSRF vulnerability (CVE-2026-33502) affects `AVideo`, potentially allowing internal network access. Investigate server isolation and egress filtering. #AVideo #SSRF #infosec pulsepa... |
| 2026-03-21 | XSS | PolyShell flaw exposes Magento and Adobe Commerce to file upload attacks | PolyShell flaw exposes Magento and Adobe Commerce to file upload attacks https://ift.tt/Vn64pI0 |
| 2026-03-20 | SSRF | An unauthenticated SSRF vulnerability (CVE-2026-33351) in AVideo allows for a verification bypass. Review AVideo deployments for exposure. #SSRF #AVideo #infosec pulsepatch.io/posts/cve-2026 | An unauthenticated SSRF vulnerability (CVE-2026-33351) in `AVideo` allows for a verification bypass. Review `AVideo` deployments for exposure. #SSRF #AVideo #infosec pulsepatch.io/posts/cve-2026… http... |
| 2026-03-20 | XSS | Russian APT Exploits Zimbra XSS In GhostMail Attacks On Ukrainian Government | Russian APT Exploits Zimbra XSS In GhostMail Attacks On Ukrainian Government https://cyberpress.org/ghostmail-targets-ukraine-mail/ |
| 2026-03-20 | XSS | Magento PolyShell Flaw Enables Unauthenticated Uploads RCE and Account Takeover | Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover https://ift.tt/Oxljb9W |
| 2026-03-20 | XSS | Russian APT Exploits Zimbra XSS to Target Ukrainian Government in Operation GhostMail | Russian APT Exploits Zimbra XSS to Target Ukrainian Government in ‘Operation GhostMail’ https://ift.tt/XoOLnMt |
| 2026-03-19 | XSS | Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376 | Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376 https://ift.tt/fiP24sx |
| 2026-03-19 | XSS | Russian APT Exploits Zimbra Vulnerability Against Ukraine | Russian APT Exploits Zimbra Vulnerability Against Ukraine https://ift.tt/MVsWfZC |
| 2026-03-19 | SSRF | Completed SSRF (Intro) on @tryhackme. An easy room where I learned how Server-Side Request Forgery works and how attackers exploit internal services through crafted requests. Roomtryhackme.com/room/ssrfqipJ #WebSecurity #SSRF #CTF #LearnInPublic #Founder #CEO #CTO #HR #Startupic.x.com/iUwVcZovfxfx | Completed SSRF (Intro) on @tryhackme. An 🟢easy🟢 room where I learned how Server-Side Request Forgery works and how attackers exploit internal services through crafted requests. Roomtryhackme.com/room/... |
| 2026-03-18 | XSS | When HttpOnly Isnt Enough: Chaining XSS and GhostScript for Full RCE Compromise | When HttpOnly Isn’t Enough: Chaining XSS and GhostScript for Full RCE Compromise https://ift.tt/aCJHUB2 |
| 2026-03-18 | XSS | CISA orders feds to patch Zimbra XSS flaw exploited in attacks | CISA orders feds to patch Zimbra XSS flaw exploited in attacks https://ift.tt/AV9sfJM |
| 2026-03-18 | SSRF | Centrifugo is affected by an SSRF vulnerability (CVE-2026-32301) via unverified JWT claims in JWKS URL resolution. This can lead to internal network reconnaissance. Monitor for official #security advisories. #SSRF #JWT pulsepatch.io/posts/cve-2026 | `Centrifugo` is affected by an SSRF vulnerability (CVE-2026-32301) via unverified JWT claims in JWKS URL resolution. This can lead to internal network reconnaissance. Monitor for official #security ad... |
| 2026-03-18 | SSRF | Audit interne chez @AstioLab Blind SSRF dans Planka (GHSA-c7mq-8hrx-524h) corrigé en v2.0.3 Tout outil auto-hébergé qui émet des requêtes HTTP depuis un input utilisateur est concerné. On a documenté tout ça ici : astiolab.com/blind-ssrf-out #SSRF #DevSecOps #Cybersécurité #Planka pic.x.com/UsxhZxKM0d | Audit interne chez @AstioLab Blind SSRF dans Planka (GHSA-c7mq-8hrx-524h) corrigé en v2.0.3 Tout outil auto-hébergé qui émet des requêtes HTTP depuis un input utilisateur est concerné. On a documenté ... |
| 2026-03-17 | XSS | Colwen Hotels and XSS Hotels Complete The Framingham Hotel Collection Featuring Three Unique Hotels Revamped Public Spaces and New Culinary Experiences - Travel And Tour World | Colwen Hotels and XSS Hotels Complete The Framingham Hotel Collection, Featuring Three Unique Hotels, Revamped Public Spaces and New Culinary Experiences - Travel And Tour World https://ift.tt/eJz6Z0L |
| 2026-03-17 | XSS | Angular XSS Vulnerability Exposes Thousands of web Applications to XSS Attacks | Angular XSS Vulnerability Exposes Thousands of web Applications to XSS Attacks https://ift.tt/FtpE0RI |
| 2026-03-17 | XSS | Angular XSS Vulnerability Puts Thousands of Web Apps at Risk | Angular XSS Vulnerability Puts Thousands of Web Apps at Risk https://cyberpress.org/angular-xss-vulnerability/ |
| 2026-03-17 | XSS | Angular XSS Vulnerability Threatens Thousands of Web Applications | Angular XSS Vulnerability Threatens Thousands of Web Applications https://ift.tt/CsxVb9J |
| 2026-03-17 | SSRF | SSRF في 2025 = من أعلى الثغرات مكافأة لأن: - Cloud deployments تعتمد على metadata endpoints - Microservices تعني internal services كثيرة - كل service داخلية = هدف محتمل ايش أكثر شيء محيرك في SSRF #BugBounty #SSRF #WebSecurity #أمن_سيبراني | SSRF في 2025 = من أعلى الثغرات مكافأة لأن: - Cloud deployments تعتمد على metadata endpoints - Microservices تعني internal services كثيرة - كل service داخلية = هدف محتمل ايش أكثر شيء محيرك في SSRF؟ 👇 #... |
| 2026-03-16 | SSRF | Atenção profissionais de segurança! A vulnerabilidade SSRF no vanna-ai (até v2.0.2) pode permitir que atacantes realizem requisições arbitrárias. Atualize agora e isole sua rede para evitar riscos! Saiba maistenable.com/cve/CVE-2026-4U0 #CyberSecurity #Vulnerability #SSRF | 🚨 Atenção, profissionais de segurança! A vulnerabilidade SSRF no vanna-ai (até v2.0.2) pode permitir que atacantes realizem requisições arbitrárias. Atualize agora e isole sua rede para evitar riscos!... |
| 2026-03-14 | SSRF | Check out our ebooks. brutelogic.net #BugBounty #SSRF #Bypass pic.x.com/CaYJYdmi2J | Check out our ebooks. brutelogic.net #BugBounty #SSRF #Bypass pic.x.com/CaYJYdmi2J https://ift.tt/4FfzesC |
| 2026-03-14 | SSRF | Please support independent work. brutelogic.net #BugBounty #SSRF #Bypass pic.x.com/kZD7G5xeFK | Please support independent work. brutelogic.net #BugBounty #SSRF #Bypass pic.x.com/kZD7G5xeFK https://ift.tt/ODBWAMp |
| 2026-03-14 | XSS | Persistent XSS/RCE using WebSockets in Storybooks dev server | Persistent XSS/RCE using WebSockets in Storybook’s dev server https://ift.tt/FpslaPW |
| 2026-03-12 | XSS | Critical 0-Click Microsoft Excel Security Bug Lets Copilot Steal Data | Critical 0-Click Microsoft Excel Security Bug Lets Copilot Steal Data https://ift.tt/mTA2R1M |
| 2026-03-12 | XSS | GitLab Security Update - Patch for XSS and API DoS Vulnerabilities | GitLab Security Update - Patch for XSS and API DoS Vulnerabilities https://ift.tt/WObhDLV |
| 2026-03-09 | SSRF | CVE-2026-27739: Angular SSR Request Vulnerability Enabling Server-Side Request Forgery | CVE-2026-27739: Angular SSR Request Vulnerability Enabling Server-Side Request Forgery https://ift.tt/Vm4A7Gl |
| 2026-03-09 | XSS | 1-Click ZITADEL Vulnerability Could Allow Full System Takeover | 1-Click ZITADEL Vulnerability Could Allow Full System Takeover https://ift.tt/j43WBuo |
| 2026-03-06 | SSRF | The Small Scale Raiding Force (aka No. 62 Commando) was a British Commando unit under the command of the Special Operations Executive during World War II. #SSRF #62Cx.com/SOE_Expedition | 🆂🅼🅰🅻🅻 🆂🅲🅰🅻🅴 🆁🅰🅸🅳🅸🅽🅶 🅵🅾🆁🅲🅴 The Small Scale Raiding Force (aka No. 62 Commando) was a British Commando unit under the command of the Special Operations Executive during World War II. #SSRF #62Cx.com/... |
| 2026-03-05 | SSRF | Intra-thoracic rib fixation is available but is not well studied vs conventional extra-thoracic systems. The addition of VATS to rib fixation cases no matter where the plates are placed may be of benefit particularly in severe chest wall trauma. #ribfracture #SSRF #CWIS pic.x.com/evOafxfkVX | Intra-thoracic rib fixation is available but is not well studied vs conventional extra-thoracic systems. The addition of VATS to rib fixation cases, no matter where the plates are placed, may be of be... |
| 2026-03-05 | SSRF | CVE-2026-27825 | CVE-2026-27825 https://ift.tt/VQj2Aqs |
| 2026-03-04 | XSS | Critical XSS Vulnerability in Angular i18n Enables Malicious Code Execution | Critical XSS Vulnerability in Angular i18n Enables Malicious Code Execution https://ift.tt/MaisAIy |
| 2026-03-04 | XSS | Checkmk and CVE-2025-64999: When a log entry becomes a gateway | Checkmk and CVE-2025-64999: When a log entry becomes a gateway https://ift.tt/7noF219 |
| 2026-03-04 | SSRF | WordPress Admins! Beware of CVE-2026-2269: Uncanny Automator ( 7.0.0.3) is vulnerable to SSRF allowing unauthorized file uploads and remote code execution. Update your plugins ASAP or disable them! Stay secure! #Cybersecurity #WordPress #SSRFtenable.com/cve/CVE-2026-2PJ | 🚨 WordPress Admins! Beware of CVE-2026-2269: Uncanny Automator (≤ 7.0.0.3) is vulnerable to SSRF, allowing unauthorized file uploads and remote code execution. Update your plugins ASAP or disable them... |
| 2026-03-03 | SSRF | Show HN: Drawbridge – Drop-In SSRF Protection for Python | Hacker News | Show HN: Drawbridge – Drop-In SSRF Protection for Python | Hacker News |
| 2026-03-03 | XSS | Severe XSS Vulnerability in Angular i18n Enables Malicious Script Injection | Severe XSS Vulnerability in Angular i18n Enables Malicious Script Injection https://cyberpress.org/severe-xss-vulnerability/ |
| 2026-03-03 | SSRF | CVE-2026-27825: Critical Unauthenticated RCE and SSRF in mcp-atlassian | CVE-2026-27825: Critical Unauthenticated RCE and SSRF in mcp-atlassian https://ift.tt/x2XrNMH |
| 2026-03-03 | XSS | Angular i18n Flaw Lets Hackers Execute Malicious Code via Critical XSS Vulnerability | Angular i18n Flaw Lets Hackers Execute Malicious Code via Critical XSS Vulnerability https://ift.tt/Zxys3rh |
| 2026-03-02 | SSRF | Dear Trauma Surgeons (not my region) Thoracic Trauma / rib fractures (even if requiring #SSRF) Is for Trauma Surgeon NOT thoracic surgeon Our speciality is not only Abdominal Trauma (would be boring if so!) Don't demote our Great Speciality #MakeTraumaGreatAgain #MTpic.x.com/3Ochke4Z5fZ5f | Dear Trauma Surgeons (not my region) 🔴Thoracic Trauma / rib fractures (even if requiring #SSRF) Is for Trauma Surgeon NOT thoracic surgeon 🔴Our speciality is not only Abdominal Trauma (would be bor... |
| 2026-03-02 | SSRF | CVE-2026-27829: Astro Framework SSRF Vulnerability | CVE-2026-27829 is a server-side request forgery vulnerability in Astro web framework. Learn about its impact, affected versions, and mitigation methods. |
| 2026-03-02 | SSRF | CVE-2026-28295: Server-Side Request Forgery (SSRF) in Red Hat Red Hat Enterprise Linux 10 - Live Threat Intelligence - Threat Radar | OffSeq.com | Detailed information about CVE-2026-28295: Server-Side Request Forgery (SSRF) in Red Hat Red Hat Enterprise Linux 10 affecting Red Hat Red Hat Enterprise Linux |
| 2026-03-02 | SSRF | Breaking the Trust Boundary: SSRF via a Misconfigured Sentry Tunnel | Free Article Link: Click for free! |
| 2026-03-02 | SSRF | Angular SSR Flaw Enables Unauthorized Server-Side Requests in Web Apps | A critical vulnerability has been discovered in Angular Server-Side Rendering (SSR) that could allow attackers to perform SSRF. |
| 2026-03-02 | SSRF | Angular SSR Flaw Lets Attackers Trigger Unauthorized Server-Side Requests | This allows header injection, enabling attacks on internal networks. Angular has patched its update now to avoid risks. |
| 2026-03-02 | SSRF | Security Advisory: Addressing Recent Vulnerabilities in Angular | We’ve released security updates to address two SSR vulnerabilities that we were made aware of and have since submitted committed code… |
| 2026-03-02 | SSRF | Angular SSR Request Vulnerability Allows Attackers to Trick Applications into Sending Unauthorized Requests | Angular SSR Request Vulnerability Allows Attackers to Trick Applications into Sending Unauthorized Requests https://ift.tt/8hfCray |
| 2026-03-02 | SSRF | Angular patches a critical 9.2 CVSS SSRF vulnerability (CVE-2026-27739). Attackers can manipulate Host headers to steal credentials and probe internal networks. #Angular #SSRF #CyberSecurity #CVE202627739 #WebDev #InfoSec #Javascript #SecurityPatch securityonline.info/steering-the-s | Angular patches a critical 9.2 CVSS SSRF vulnerability (CVE-2026-27739). Attackers can manipulate Host headers to steal credentials and probe internal networks. #Angular #SSRF #CyberSecurity #CVE20262... |
| 2026-03-02 | XSS | UK govermnent's Vulnerability Monitoring System is working - fixes flow far faster | UK govermnent's Vulnerability Monitoring System is working - fixes flow far faster https://ift.tt/razAec0 |
| 2026-03-01 | SSRF | "It's a Trap!" (Star Wars) - Server-Side Request Forgery - LinkedIn | "It's a Trap!" (Star Wars) - Server-Side Request Forgery - LinkedIn |
| 2026-03-01 | SSRF | Exploring Server-Side Request Forgery (SSRF) | Securityium | Exploring Server-Side Request Forgery (SSRF) | Securityium |
| 2026-03-01 | SSRF | Server-Side Request Forgery: Impact, Examples & Defenses | Server-Side Request Forgery: Impact, Examples & Defenses |
| 2026-03-01 | SSRF | Server-Side Request Forgery SSRF: A Complete Security Guide | Server-Side Request Forgery SSRF: A Complete Security Guide |
| 2026-03-01 | SSRF | Server-Side Request Forgery: What It Is & How To Fix It | Wiz | Server-Side Request Forgery: What It Is & How To Fix It | Wiz |
| 2026-03-01 | SSRF | What Is Server Side Request Forgery? - Palo Alto Networks | What Is Server Side Request Forgery? - Palo Alto Networks |
| 2026-03-01 | SSRF | Server-side request forgery - Wikipedia | Server-side request forgery - Wikipedia |
| 2026-03-01 | SSRF | Server-Side Request Forgery (SSRF) Attack Guide | Hackviser | Server-Side Request Forgery (SSRF) Attack Guide | Hackviser |
| 2026-03-01 | SSRF | Server Side Request Forgery (SSRF) in Depth - GeeksforGeeks | Server Side Request Forgery (SSRF) in Depth - GeeksforGeeks |
| 2026-03-01 | SSRF | Server Side Request Forgery - OWASP Foundation | Server Side Request Forgery - OWASP Foundation |
| 2026-03-01 | SSRF | A Beginner's Guide to Testing for Server-Side Request Forgery (SSRF) | A Beginner's Guide to Testing for Server-Side Request Forgery (SSRF) |
| 2026-03-01 | SSRF | Gradio instances are vulnerable to SSRF (CVE-2026-28416) via proxy_url injection. Update gradio to the patched version to mitigate risks. #Gradio #SSRF #infosec pulsepatch.io/posts/cve-2026 | `Gradio` instances are vulnerable to SSRF (CVE-2026-28416) via `proxy_url` injection. Update `gradio` to the patched version to mitigate risks. #Gradio #SSRF #infosec pulsepatch.io/posts/cve-2026… htt... |
| 2026-02-28 | XSS | Stored XSS Flaw in RustFS Console Leaks Admin S3 Credentials | Stored XSS Flaw in RustFS Console Leaks Admin S3 Credentials https://cyberpress.org/stored-xss-flaw-in-rustfs-console-leaks-admin-s3-credentials/ |
| 2026-02-27 | SSRF | A critical SSRF and Header Injection vulnerability (CVE-2026-27739) affects @angular/ssr. Patch to 21.2.0-rc.1 or later to mitigate risks. #AngularSSR #SSRF #Infosec pulsepatch.io/posts/cve-2026 | A critical SSRF and Header Injection vulnerability (CVE-2026-27739) impacts `@angular/ssr`. To address this, update to version 21.2.0-rc.1 or newer to reduce risks. This vulnerability poses security threats and falls under the categories of SSRF and Header Injection. Stay informed about #AngularSSR, #SSRF, and #Infosec. More details available at pulsepatch.io/posts/cve-2026. |
| 2026-02-27 | XSS | Stored XSS Vulnerability in RustFS Console Puts S3 Admin Credentials at Risk | A stored XSS vulnerability in RustFS Console has been identified, posing a risk to S3 admin credentials. This vulnerability can potentially be exploited to compromise sensitive data stored in S3 buckets. It highlights the importance of addressing security flaws promptly to prevent unauthorized access to critical information. Users are advised to update their systems and take necessary precautions to mitigate the risk of exploitation. |
| 2026-02-26 | XSS | Mozilla Releases Firefox 148 With New Sanitizer API to Block XSS Attacks | Mozilla has launched Firefox 148 featuring a new Sanitizer API to prevent XSS attacks. This update aims to enhance security by blocking cross-site scripting attacks, a common vulnerability exploited by hackers. The Sanitizer API helps sanitize input data to prevent malicious scripts from executing on web pages, thus safeguarding users from potential security threats. This release underscores Mozilla's commitment to improving browser security and protecting users' online experiences. |
| 2026-02-26 | XSS | Firefox 148 Released With Sanitizer API to Disable XSS Attack | Firefox 148 has been released with a Sanitizer API aimed at preventing XSS attacks. This new feature enhances security by disabling cross-site scripting attacks. The Sanitizer API is designed to protect users from malicious scripts that could exploit vulnerabilities in web applications. This update aims to improve the overall security of the Firefox browser and provide users with a safer browsing experience. |
| 2026-02-26 | XSS | Firefox 148 Unveils New Sanitizer API to Mitigate XSS Attacks in Web Applications | Firefox version 148 introduces a new Sanitizer API to combat XSS (cross-site scripting) attacks in web applications. This new feature aims to enhance security by sanitizing user input and preventing malicious scripts from executing. XSS attacks are a common vulnerability exploited by attackers to inject harmful code into websites. The Sanitizer API in Firefox 148 offers a proactive defense mechanism to safeguard web applications and protect users from potential security threats. |
| 2026-02-25 | XSS | VMware Aria Operations Vulnerability Could Allow Remote Code Execution | A vulnerability in VMware Aria Operations could enable remote code execution. This flaw poses a security risk as attackers could exploit it to execute malicious code on affected systems. VMware users should be aware of this vulnerability and take necessary precautions to mitigate the risk of potential attacks. Regularly updating software and implementing security best practices are crucial to safeguard systems from such vulnerabilities. |
| 2026-02-25 | XSS | XSS Bug in VS Code Extension Exposed Local Files | A Cross-Site Scripting (XSS) bug in a Visual Studio Code (VS Code) extension was discovered, allowing attackers to access local files. This vulnerability could potentially compromise user data and expose sensitive information. It highlights the importance of ensuring the security of software extensions and the need for developers to regularly update and review their code to prevent such security risks. Users are advised to be cautious when installing extensions and to keep their software up to date to protect against such vulnerabilities. |
| 2026-02-24 | XSS | Multiple VMware Aria Vulnerabilities Enable Remote Code Execution Attacks | The content discusses multiple vulnerabilities found in VMware Aria that can be exploited for remote code execution attacks. These vulnerabilities pose a significant security risk and could allow attackers to execute malicious code on affected systems. It is crucial for users of VMware Aria to be aware of these vulnerabilities and apply necessary patches or updates to mitigate the risk of exploitation. |
| 2026-02-23 | XSS | Multiple Zero-Day Flaws in PDF Platforms Enable XSS and One-Click Attacks | The content discusses the presence of multiple zero-day vulnerabilities in PDF platforms that allow for cross-site scripting (XSS) and one-click attacks. These flaws pose security risks as they can be exploited by attackers to execute malicious actions. The vulnerabilities are considered zero-day, meaning they are newly discovered and do not have patches available yet. Users of PDF platforms should be cautious and take preventive measures to protect their systems from potential attacks exploiting these vulnerabilities. |
| 2026-02-23 | SSRF | Astro SSRF Vulnerability: Host Header Injection in SSR Error Pages (CVE-2026-25545) | The content discusses a vulnerability in Astro SSRF (Server-Side Request Forgery) related to host header injection in SSR (Server-Side Rendering) error pages, identified as CVE-2026-25545. This vulnerability could potentially be exploited by attackers. For more details, refer to the provided link. |
| 2026-02-23 | AI | ottosulin/awesome-ai-security: A collection of awesome resources related AI security | The content is a collection of resources related to AI security compiled by ottosulin. It is available on the GitHub repository ottosulin/awesome-ai-security. The repository likely contains a curated list of tools, articles, research papers, and other materials focused on enhancing security in the field of artificial intelligence. |
| 2026-02-23 | XSS | CISA Warns of Actively Exploited Roundcube Vulnerabilities | The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about actively exploited vulnerabilities in Roundcube, an open-source webmail software. The vulnerabilities could allow threat actors to compromise email accounts and potentially gain unauthorized access to sensitive information. Users are advised to update their Roundcube installations to the latest version to mitigate the risk of exploitation. CISA's alert serves as a reminder for organizations and individuals to stay vigilant against cyber threats and regularly update their software to protect against potential security breaches. |
| 2026-02-22 | XSS | Jenkins Vulnerability Exposes Build Environments to XSS Attacks | The content discusses a vulnerability in Jenkins that exposes build environments to cross-site scripting (XSS) attacks. This vulnerability can potentially allow attackers to inject malicious scripts into the Jenkins environment, compromising the security of the build process. It highlights the importance of addressing this vulnerability promptly to prevent exploitation and protect sensitive data. |
| 2026-02-20 | XSS | Critical Jenkins Flaw Exposes Build Environments to XSS Attacks | A critical flaw in Jenkins exposes build environments to cross-site scripting (XSS) attacks. The vulnerability could allow attackers to inject malicious scripts into Jenkins builds, potentially leading to unauthorized access or data theft. Jenkins users are advised to update their software to the latest version to mitigate the risk of exploitation. |
| 2026-02-20 | XSS | Critical Jenkins Vulnerability Exposes Build Environments to XSS Attacks | A critical vulnerability in Jenkins exposes build environments to cross-site scripting (XSS) attacks. This vulnerability poses a significant risk to Jenkins users as it can be exploited to compromise build environments. XSS attacks can lead to unauthorized access, data theft, and other security breaches. Jenkins users are advised to update their systems promptly to protect against this vulnerability and ensure the security of their build environments. |
| 2026-02-19 | SSRF | Six flaws found hiding in OpenClaws plumbing | Six flaws were discovered in OpenClaw's plumbing system. The specific details of the flaws are not provided in the summary. |
| 2026-02-19 | SSRF | Researchers Reveal Six New OpenClaw Vulnerabilities | Researchers have uncovered six new vulnerabilities in OpenClaw, a software used for controlling robotic arms. These vulnerabilities could potentially be exploited by attackers to compromise the system's security. The discovery highlights the importance of addressing security flaws in critical software systems to prevent potential cyber threats. |
| 2026-02-18 | XSS | 16 Zero-Day Vulnerabilities in Popular PDF Platforms Enable Code Execution and Data Exfiltration | The content highlights the discovery of 16 zero-day vulnerabilities in popular PDF platforms that allow attackers to execute code and steal data. These vulnerabilities pose a significant security risk as they can be exploited for malicious purposes. It is crucial for users of these platforms to stay informed about security updates and patches to protect their systems from potential attacks. |
| 2026-02-18 | XSS | Microsoft VS Code Extension with 11M Downloads Expose Developers to One-Click XSS Attacks | A Microsoft VS Code extension with 11 million downloads has been found to expose developers to one-click cross-site scripting (XSS) attacks. This vulnerability could potentially allow attackers to execute malicious code on developers' systems with a single click. Developers are advised to be cautious and consider the security implications of using this extension. |
| 2026-02-18 | SSRF | CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update | CISA has identified four security vulnerabilities actively exploited in the latest KEV update. The flaws pose risks to systems and data security. It is crucial for users to be aware of these vulnerabilities and take necessary precautions to protect their systems from potential exploitation. Stay informed and update systems promptly to mitigate the risks associated with these security flaws. |
| 2026-02-17 | SSRF | Langchain Community SSRF Bypass Vulnerability Enables Access to Internal Services | The Langchain Community SSRF Bypass Vulnerability allows unauthorized access to internal services. This vulnerability enables attackers to bypass security measures and gain entry to sensitive information. It poses a significant risk to the security of the Langchain Community platform. |
| 2026-02-17 | SSRF | LangChain Community Flaw Allows SSRF Bypass to Access Internal Infrastructure | The LangChain community flaw enables a Server-Side Request Forgery (SSRF) bypass, granting unauthorized access to internal infrastructure. This vulnerability poses a significant security risk, potentially allowing attackers to exploit SSRF to access sensitive data or launch further attacks within the system. It is crucial for LangChain users and administrators to be aware of this flaw and take immediate action to mitigate the risk of unauthorized access and potential security breaches. More details can be found at the provided link. |
| 2026-02-17 | SSRF | Langchain Community SSRF Bypass Vulnerability Exposes Internal Services to Unauthorized Access | The Langchain Community SSRF Bypass Vulnerability allows unauthorized access to internal services. This vulnerability exposes sensitive information to potential attackers. It is crucial for Langchain Community to address this issue promptly to prevent unauthorized access and protect their internal services from exploitation. |
| 2026-02-16 | Bug Bounty | How I Built a 5-Path AI “Recon Beast” with n8n and Gemini (2026 Guide) | In 2026, the bug bounty landscape requires more than just speed, with AI enhancing attacker capabilities. The article discusses building a 5-Path AI "Recon Beast" using n8n and Gemini. This innovative approach leverages automation and AI to enhance reconnaissance processes for bug bounty hunting. The focus is on utilizing technology to improve efficiency and effectiveness in identifying vulnerabilities. |
| 2026-02-15 | SSRF | SSRF attacks are sneaky. Server-Side Request Forgery tricks YOUR server into accessing internal systems. Prevention: Validate URLs Use allowlists Block internal IPs Test your site:denti.systemsg #SSRF #AppSec #DentiSystems | SSRF attacks are deceptive, manipulating servers to access internal systems. Prevention involves validating URLs, using allowlists, blocking internal IPs, and testing the site. This information is shared with hashtags #SSRF, #AppSec, and #DentiSystems. |
| 2026-02-15 | SSRF | Affected Tandoor Recipes instances are vulnerable to a blind SSRF (CVE-2026-25991) via recipe import allowing internal network access. #AppSec #SSRF #infosec pulsepatch.io/posts/cve-2026 | The content highlights a vulnerability in Tandoor Recipes instances, exposing them to a blind Server-Side Request Forgery (SSRF) attack (CVE-2026-25991) through recipe imports, potentially granting unauthorized access to the internal network. This security flaw poses a risk to affected systems and emphasizes the importance of addressing such vulnerabilities promptly. #AppSec #SSRF #infosec. |
| 2026-02-14 | SSRF | Day 2 of active bug hunting. 3 reports submitted on HackerOne XSS subdomain takeover and a blind SSRF with redirect bypass hitting internal cloud infrastructure. The grind is real. #bugbounty #ssrf #infosec | Day 2 of bug hunting involved submitting 3 reports on HackerOne about XSS, subdomain takeover, and a blind SSRF with redirect bypass affecting internal cloud infrastructure. The process was challenging but rewarding. The focus was on bug bounty, SSRF, and information security. #bugbounty #ssrf #infosec. |
| 2026-02-13 | XSS | Zimbra Security Update - Patch for XSS XXE & LDAP Injection Vulnerabilities | Zimbra released a security update to address vulnerabilities including XSS, XXE, and LDAP injection. Users are advised to apply the patch to protect their systems from potential security risks. |
| 2026-02-13 | XSS | Critical Zimbra Vulnerabilities Fixed: XSS XXE and LDAP Injection Risks Mitigated | The article discusses critical vulnerabilities in Zimbra that have been fixed to mitigate risks of XSS, XXE, and LDAP injection. The vulnerabilities were addressed to enhance the security of Zimbra systems. More information can be found at the provided link. |
| 2026-02-13 | XSS | Zimbra Issues Security Update to Address XSS XXE and LDAP Injection Flaws | Zimbra has released a security update to fix vulnerabilities including XSS, XXE, and LDAP injection flaws. These flaws could potentially be exploited by attackers to compromise the security of Zimbra systems. Users are advised to promptly apply the security update to protect their systems from these vulnerabilities. |
| 2026-02-12 | SSRF | The Small Scale Raiding Force (No. 62 Commando) were a group of British Commandos undex.com/SOE_Expeditionttps://t.co/XEz7RO6fYI #SSRF #62Commando #SOE #WW2 | The Small Scale Raiding Force (No. 62 Commando) was a British Commando group during World War II. They conducted small-scale raids and were associated with the Special Operations Executive (SOE). The content highlights their role and provides links for further information. |
| 2026-02-11 | SSRF | El plugin Converter for Media Optimize images | Convert WebP & AVIF (6.5.1) tiene una vulnerabilidad SSRF sin autenticación (CVSS 4.8). Solución: actualizar a la versión 6.5.2 o superior. #WordPress #Seguridad #SSRF | The "Converter for Media - Optimize images | Convert WebP & AVIF" plugin version 6.5.1 has an SSRF vulnerability without authentication (CVSS 4.8). The solution is to update to version 6.5.2 or higher. This vulnerability poses a security risk in WordPress websites. It is recommended to address this issue promptly by updating the plugin to ensure protection against potential exploits. |
| 2026-02-11 | XSS | FortiSandbox XSS Vulnerability Allows Remote Command Execution | The FortiSandbox platform has been found to have a cross-site scripting (XSS) vulnerability that can be exploited for remote command execution. This vulnerability poses a significant security risk as it allows attackers to execute commands on the affected system remotely. Organizations using FortiSandbox should be aware of this issue and take necessary precautions to mitigate the risk of exploitation. Regular security updates and patches should be applied to address vulnerabilities and protect systems from potential attacks. |
| 2026-02-11 | XSS | GitLab Patches Multiple Vulnerabilities That Enables DoS and Cross-site Scripting Attacks | GitLab has addressed several vulnerabilities that could lead to Denial of Service (DoS) and Cross-site Scripting (XSS) attacks. By patching these vulnerabilities, GitLab aims to enhance the security of its platform and protect users from potential exploitation. It is crucial for users to update their GitLab installations promptly to mitigate the risk of these security threats. |
| 2026-02-11 | XSS | GitLab Patches Multiple Vulnerabilities Enabling DoS and Cross-Site Scripting Attacks | GitLab has addressed multiple vulnerabilities that could lead to Denial of Service (DoS) and Cross-Site Scripting (XSS) attacks. The patches aim to prevent potential security risks associated with these vulnerabilities. Users are advised to update their GitLab installations to the latest version to mitigate the risk of exploitation. More details can be found at the provided link. |
| 2026-02-11 | XSS | GitLab Patches Multiple Vulnerabilities Enabling DoS and Cross-Site Scripting Attacks | GitLab has addressed several vulnerabilities that could lead to Denial of Service (DoS) and Cross-Site Scripting (XSS) attacks. These vulnerabilities have been patched to prevent potential exploitation. It is crucial for GitLab users to update their systems promptly to mitigate the risks associated with these security flaws. |
| 2026-02-11 | SSRF | CVE-2021-39935 | #GitLab CI Lint API #SSRF 2026年2月未パッチかつインターネットに露出した GitLab インスタンスでの実際の悪用が確認されCISA は CVE-2021-39935 を KEV カタログに追加しました Criminal IP の観測結果 外部から識別可能な GitLab 資産71069 件 Wepic.x.com/4CGzTEiifafa | The content discusses CVE-2021-39935, a vulnerability in GitLab CI Lint API leading to SSRF exploitation. CISA added it to the KEV catalog due to confirmed malicious activities on unpatched, internet-exposed GitLab instances. Observations show 71,069 identifiable GitLab assets externally. The link provided may offer more details. |
| 2026-02-10 | XSS | FortiSandbox XSS Vulnerability Let Attackers Run Arbitrary Commands | The FortiSandbox XSS vulnerability allows attackers to execute arbitrary commands. This security flaw poses a risk as it enables attackers to run unauthorized commands on the affected system. Organizations using FortiSandbox should be aware of this vulnerability and take necessary precautions to mitigate the risk of exploitation. |
| 2026-02-10 | SSRF | SSRF Hunting 2025: 12 Tools Beyond Metadata for Next-Level Pentesting medium.verylazytech.com/ssrf-hunting-2 #ssrf #CyberSecurity | The content discusses SSRF hunting tools for advanced penetration testing beyond metadata, focusing on next-level pentesting for improved cybersecurity. It highlights 12 tools and strategies to enhance SSRF hunting in 2025. The article aims to provide insights and techniques for cybersecurity professionals interested in strengthening their skills in identifying and mitigating Server-Side Request Forgery (SSRF) vulnerabilities. |
| 2026-02-09 | SSRF | مو كل الهجمات تحتاج كسر النظام أحيانا يكفي إنك تخليه يهاجم نفسه ثغرة SSRF تسمح للمهاجم يجبر السيرفر يرسل طلبات داخلية يوصل لخدمات مخفية بيانات حساسة أو حتى مفاتيح سحابية. لو السيرفر يثق بأي رابط فهو حرفيا يفتح الباب من الداخل #CyberSecurity #SSRF #AppSe | The content discusses how not all attacks require system breaches, sometimes exploiting SSRF vulnerability can make a server send internal requests to hidden services, exposing sensitive data or cloud keys. If the server trusts any link, it essentially opens the door from within. The post emphasizes the importance of cybersecurity, SSRF vulnerability, and application security. |
| 2026-02-08 | SSRF | A Server-Side Request Forgery (SSRF) flaw (CVE-2026-25580) impacts Pydantic AI in its URL download handling. This could enable internal network reconnaissance. #PydanticAI #SSRF #infosec pulsepatch.io/posts/cve-2026 | The Pydantic AI software is affected by a Server-Side Request Forgery (SSRF) vulnerability (CVE-2026-25580) in its URL download feature, potentially allowing internal network reconnaissance. This flaw poses a security risk and falls under the realm of information security (#infosec). For more details, visit pulsepatch.io/posts/cve-2026. |
| 2026-02-06 | XSS | DOM Invader | The content provided is a link to a webpage or resource related to "DOM Invader." No further details or information are given in the content. |
| 2026-02-05 | SSRF | Vulristics 1.0.11 released: SSRF added as a dedicated vulnerability type (sev 0.87) replacing the old Command Injection mapping and simplifying classification; new anvil forge icon for reports. #Vulristics #SSRF t.me/avleonovcom/16Ipic.x.com/GPY6oLxYT66 | Vulristics 1.0.11 update introduces SSRF as a new vulnerability type with a severity rating of 0.87, replacing Command Injection mapping for easier classification. The release also includes a new anvil forge icon for reports. The update aims to simplify vulnerability classification and reporting. #Vulristics #SSRF. |
| 2026-02-05 | SSRF | Warning: The AI agent automation platform #AutoGPT contains 3 #critical vulnerabilities including insecure functions causing #SSRF and resource exhaustion. #PoC is available (bypassing URL filter). Details and PoC available at: github.com/Significant-Gr #Patch #Patch #Patch | The AI agent automation platform #AutoGPT has 3 critical vulnerabilities, leading to SSRF and resource exhaustion due to insecure functions. A proof of concept (PoC) is accessible, bypassing URL filters. More information and the PoC are available on github.com/Significant-Gr. Urgent patching is recommended to address these vulnerabilities. |
| 2026-02-05 | SSRF | @Tech_girlll There is maybe #SSRF | The content suggests the presence of Server-Side Request Forgery (SSRF) on the Twitter account @Tech_girlll. The hashtag #SSRF is used to indicate this potential security vulnerability. The link provided seems to lead to further information or resources related to SSRF. |
| 2026-02-05 | SSRF | Uh oh looks like n8n had a lil' oopsie with their S3 node! An SSRF vulnerability meant secrets could spill. Update your n8n like it's hot sauce on your ramen! Details here:github.com/n8n-io/n8n/sec5 #n8n #SSRF #CyberSecurity #PatchNow | n8n encountered an SSRF vulnerability in their S3 node, potentially exposing secrets. Users are advised to update their n8n to address the issue promptly. More information can be found at github.com/n8n-io/n8n/sec5. The importance of cybersecurity and the need to patch the vulnerability immediately are emphasized. |
| 2026-02-04 | SSRF | CISA warns of five-year-old GitLab flaw exploited in attacks | CISA has issued a warning about a five-year-old vulnerability in GitLab that is being exploited in attacks. The flaw poses a security risk and has been actively targeted by threat actors. Organizations using GitLab are advised to update their systems to protect against potential exploitation. |
| 2026-02-04 | SSRF | CISA Warns of GitLab Community and Enterprise Editions SSRF Vulnerability Exploited in Attacks | CISA issued a warning about a SSRF vulnerability in GitLab Community and Enterprise Editions being exploited in attacks. The vulnerability allows attackers to send unauthorized requests from the server, potentially leading to data breaches or server compromise. Users of GitLab should be vigilant and apply any available patches or updates to mitigate the risk of exploitation. |
| 2026-02-04 | SSRF | CISA Warns of Actively Exploited GitLab SSRF Vulnerability in Community and Enterprise Editions | The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an actively exploited Server-Side Request Forgery (SSRF) vulnerability in both the Community and Enterprise editions of GitLab. The vulnerability poses a risk of exploitation by threat actors. Users of GitLab are advised to update their systems promptly to mitigate the security threat. |
| 2026-02-04 | SSRF | CISA Warns of Exploited GitLab Community and Enterprise SSRF Vulnerability | The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a serious Server-Side Request Forgery (SSRF) vulnerability in GitLab Community and Enterprise editions that is being actively exploited. This vulnerability could allow attackers to send unauthorized requests from the server, potentially leading to data breaches or server compromise. Organizations using GitLab are advised to update to the latest version to patch this vulnerability and enhance their security posture. |
| 2026-02-04 | XSS | Foxit PDF Editor XSS Flaws Patched In February 2026 | In February 2026, Foxit PDF Editor addressed and patched XSS (cross-site scripting) vulnerabilities. The flaws were identified and fixed to enhance the security of the software. This action aimed to prevent potential exploitation of these vulnerabilities by malicious actors. |
| 2026-02-03 | SSRF | SSRF vulnerability TRIAGED Server-Side Request Forgery leading to cloud metadata exposure and potential instance compromise. Responsible disclosure in progress. #BugBounty #SSRF #CloudSecurity #InfoSec #bugcrowd pic.x.com/PR0wU6fOk2 | A Server-Side Request Forgery (SSRF) vulnerability has been identified, potentially exposing cloud metadata and compromising instances. The issue is being responsibly disclosed. The vulnerability poses a risk to cloud security and is being addressed through bug bounty programs. #BugBounty #SSRF #CloudSecurity #InfoSec #bugcrowd. |
| 2026-02-03 | XSS | Foxit PDF Editor Vulnerabilities Let Attackers Execute Arbitrary JavaScript | The Foxit PDF Editor has vulnerabilities that allow attackers to execute arbitrary JavaScript. This security flaw can be exploited by malicious actors to run unauthorized code within PDF documents, potentially leading to harmful consequences. Users of Foxit PDF Editor should be cautious and consider updating their software to protect against these vulnerabilities. |
| 2026-02-03 | XSS | Foxit PDF Editor Vulnerability Allows Attackers to Execute Arbitrary JavaScript | A vulnerability in Foxit PDF Editor enables attackers to execute arbitrary JavaScript. This flaw poses a security risk as it allows malicious actors to run code on affected systems. Users of Foxit PDF Editor should be cautious and consider updating their software to protect against potential attacks exploiting this vulnerability. More details can be found at the provided link. |
| 2026-02-02 | SSRF | Step 1: The Initial Foothold I found that Apigee could be configured to point to ANY backend of my choice making it a built-in #SSRF. I then pointed it towards the internal metadata endpoint and extracted its service account tokens. | The content discusses exploiting Apigee's configuration to direct it to any backend, creating a Server-Side Request Forgery (#SSRF) vulnerability. By pointing it to the internal metadata endpoint, the author extracted service account tokens. This process is outlined as Step 1 in gaining an initial foothold. |
| 2026-02-02 | SSRF | A Discourse SSRF protection bypass (CVE-2025-68662) has been identified due to hostname matching issues. This flaw could enable access to internal network resources. #Discourse #SSRF #infosec pulsepatch.io/posts/cve-2025 | A vulnerability (CVE-2025-68662) in Discourse's SSRF protection was discovered due to hostname matching problems, potentially allowing unauthorized access to internal network resources. This issue poses a security risk and has implications for information security. More details can be found at pulsepatch.io/posts/cve-2025. |
| 2026-02-02 | SSRF | Yay I was awarded a $ $$$ bounty on @Hacker0x01! hackerone.com/drak3hft7 #TogetherWeHitHarder #bugbountytips Always try to reach internal resources. #ssrf pic.x.com/ozNnHGo1mN | The content mentions receiving a bounty on HackerOne, emphasizing the importance of trying to access internal resources for bug bounty tips. It also includes a reference to Server-Side Request Forgery (SSRF) and a link. The post celebrates the bounty reward and encourages others to aim for similar success. |
| 2026-01-29 | SSRF | This study found that despite comparable injury severity scores obese patients had lower rates of lung injuries but had higher rates of respiratory complications including ARDS PE and unplanned-reintubation following SSRF. #SSRF #obesity #respiratory complication pic.x.com/op1zGxAFOs | A study revealed that obese patients with similar injury severity scores had lower lung injury rates but higher respiratory complications like ARDS, PE, and unplanned reintubation after SSRF. This suggests a potential link between obesity and increased respiratory issues post-injury. The study highlights the importance of monitoring and managing respiratory complications in obese patients undergoing SSRF procedures. #SSRF #obesity #respiratorycomplications. |
| 2026-01-29 | IDOR | How I Made Burp Suite My IDOR-Finding Robot Butler (And Found 20+ Bugs) 🤖🔍 | The content titled "How I Made Burp Suite My IDOR-Finding Robot Butler (And Found 20+ Bugs)" likely discusses utilizing the Burp Suite tool to automate the discovery of Insecure Direct Object Reference (IDOR) vulnerabilities, leading to the identification of over 20 bugs. The author shares their experience and strategies for leveraging Burp Suite effectively in bug hunting. The content may provide insights into the process of using automation tools for security testing and the successful outcomes achieved through this approach. |
| 2026-01-28 | SSRF | Squidex has an SSRF vulnerability (CVE-2026-24736) in its webhook configuration. Review network egress and webhook validation #Squidex #SSRF #infosec pulsepatch.io/posts/cve-2026 | Squidex has an SSRF vulnerability (CVE-2026-24736) in its webhook setup. It is advised to examine network egress and validate webhooks to address this issue. This information is shared on pulsepatch.io/posts/cve-2026. #Squidex #SSRF #infosec |
| 2026-01-27 | XSS | XSS in Live Preview Microsoft VS Code Extension with 11M Downloads | The content discusses a Cross-Site Scripting (XSS) vulnerability found in the Live Preview feature of a popular Microsoft VS Code Extension with 11 million downloads. The vulnerability could potentially allow attackers to execute malicious scripts on users' systems. It highlights the importance of addressing security flaws in widely used software to prevent exploitation by malicious actors. |
| 2026-01-26 | SSRF | WebHackDiaries Part 4: SSRF Just completed the SSRF labs on PortSwigger Web Security Academy. Key lesson: SSRF isnt about URLs its about broken trust boundaries. On to the next labs #WebHackDiaries #SSRF #PortSwigger #WebSecurity #BugBounty #CyberSecuripic.x.com/RgANMeoaW2aW2 | The content discusses completing SSRF labs on PortSwigger Web Security Academy, emphasizing that SSRF is about broken trust boundaries, not just URLs. The focus is on learning and moving on to the next labs. Key hashtags include #WebHackDiaries, #SSRF, #PortSwigger, #WebSecurity, #BugBounty, and #CyberSecuri. The post includes a link to a picture. |
| 2026-01-26 | SSRF | Just published a blog about a not well documented azure endpoint osquery.net/unknown-azure- #bugbountytips #SSRF | A new blog post has been published discussing an undocumented Azure endpoint. The post can be found at osquery.net/unknown-azure- and covers information related to bug bounty tips and SSRF. The content highlights insights and details about the Azure endpoint that may not be widely known. The blog post aims to provide valuable information for bug bounty hunters and those interested in security research. |
| 2026-01-26 | XSS | Brakemans Static Vigilance: Securing Ruby on Rails from Code to Cloud | The content discusses Brakeman's Static Vigilance, a tool for securing Ruby on Rails applications from code to cloud. It emphasizes the importance of using Brakeman to detect security vulnerabilities in Ruby on Rails projects and ensure secure deployment to cloud environments. By utilizing Brakeman's static analysis capabilities, developers can proactively identify and address potential security risks in their applications, enhancing overall security posture. The tool serves as a valuable asset in safeguarding Ruby on Rails applications throughout the development and deployment process. |
| 2026-01-22 | SSRF | This study found that despite comparable injury severity scores obese patients had lower rates of lung injuries but had higher rates of respiratory complications including ARDS PE and unplanned-reintubation following SSRF. #SSRF #obesity #respiratory complication pic.x.com/5XH9pEB0t9 | A study revealed that obese patients with comparable injury severity scores had lower rates of lung injuries but higher rates of respiratory complications like ARDS, PE, and unplanned-reintubation after SSRF. This highlights a potential link between obesity and increased respiratory issues post-injury. The study emphasizes the importance of considering obesity as a factor in managing respiratory complications following traumatic injuries. |
| 2026-01-22 | XSS | Foxit Epic Games Store MedDreams vulnerabilities | The content mentions vulnerabilities found in Foxit, Epic Games Store, and MedDreams. It appears to be a brief mention or reference to potential security flaws or weaknesses in these platforms. For more detailed information, it is recommended to access the provided link for further details on the specific vulnerabilities identified in these systems. |
| 2026-01-22 | SSRF | Critical Chainlit AI Vulnerabilities Let Hackers Gain Control Over Cloud Environments | Critical vulnerabilities in Chainlit AI allow hackers to take control of cloud environments, posing a significant security risk. These vulnerabilities could potentially lead to unauthorized access, data breaches, and other malicious activities within cloud systems. It is crucial for organizations using Chainlit AI to promptly address these vulnerabilities to prevent exploitation by cyber attackers. |
| 2026-01-22 | XSS | Testing for reflected XSS manually with Burp Suite | The content discusses how to manually test for reflected cross-site scripting (XSS) vulnerabilities using Burp Suite, a popular web application security testing tool. By utilizing Burp Suite, security professionals can identify and exploit XSS vulnerabilities in web applications to enhance their security posture. Manual testing allows for a more thorough examination of potential vulnerabilities compared to automated tools. This process involves sending crafted payloads to the application and analyzing the responses to detect any XSS vulnerabilities. By following these steps, security testers can effectively identify and mitigate XSS risks in web applications. |
| 2026-01-21 | XSS | Testing for stored XSS with Burp Suite | The content discusses using Burp Suite to test for stored Cross-Site Scripting (XSS) vulnerabilities. Burp Suite is a popular web application security testing tool that helps identify and exploit security issues. Stored XSS occurs when malicious scripts are stored on a website and executed when viewed by other users. By using Burp Suite, security professionals can scan web applications for stored XSS vulnerabilities, helping to identify and mitigate potential security risks. Testing for stored XSS is crucial to prevent attackers from injecting harmful scripts into websites and compromising user data. |
| 2026-01-21 | SSRF | Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs | The Chainlit AI framework has vulnerabilities that can lead to data theft through file read and Server-Side Request Forgery (SSRF) bugs. These flaws allow attackers to access sensitive information and potentially compromise the security of the system. It is crucial for users of the Chainlit AI framework to be aware of these vulnerabilities and take necessary precautions to mitigate the risks associated with them. |
| 2026-01-21 | SSRF | Tenable Discovers SSRF Vulnerability in Java TLS Handshakes That Creates DoS Risk | Tenable has identified a Server-Side Request Forgery (SSRF) vulnerability in Java TLS handshakes, posing a risk of Denial of Service (DoS) attacks. This vulnerability could potentially allow attackers to manipulate TLS handshakes, leading to service disruptions. It emphasizes the importance of addressing security flaws in Java implementations to prevent exploitation and maintain system integrity. |
| 2026-01-20 | SSRF | [Rabbit Store] JWT Manipulation SSRF SSTI and Root Access via a Vulnerable Erlang Distribution on RabbitMQ Link: osintteam.blog/rabbit-store-j #jwt #ssrf #ssti #erlang #rabbitmq pic.x.com/j10mRySsKG | The content discusses vulnerabilities in RabbitMQ, specifically JWT manipulation, SSRF, SSTI, and root access due to a vulnerable Erlang distribution. The post highlights the risks associated with these vulnerabilities and provides a link for further details. The focus is on the security implications of these issues and their potential impact on systems using RabbitMQ. |
| 2026-01-19 | XSS | Bypassing XSS filters by enumerating permitted tags and attributes | The content discusses bypassing XSS filters by identifying allowed HTML tags and attributes. By understanding the restrictions imposed by filters, attackers can craft malicious payloads that exploit vulnerabilities in the filtering mechanism. This technique involves enumerating the permitted tags and attributes to evade detection and execute cross-site scripting attacks. Understanding the limitations of the filter helps attackers manipulate the input to inject malicious scripts. By exploiting these vulnerabilities, attackers can circumvent security measures and compromise the target system. |
| 2026-01-19 | XSS | Researchers hack malware gang via its own weak spot | Researchers successfully infiltrated a malware gang by exploiting a vulnerability within the gang's own operations. This strategic move allowed the researchers to gain access to the gang's infrastructure and disrupt their malicious activities. By taking advantage of the gang's weak spot, the researchers were able to gain valuable insights into the gang's operations and potentially prevent future cyber attacks. |
| 2026-01-19 | XSS | StealC malware control panel flaw leaks details on active attacker | The StealC malware control panel has a flaw that exposes information about an active attacker. This vulnerability could potentially compromise the attacker's identity or activities. It is crucial for security experts to address this issue promptly to prevent further exploitation of the flaw and mitigate potential risks associated with the leaked details. |
| 2026-01-19 | SSRF | Here's a 20% Discount Coupon BRLJAN20 For the ebooks: = First #Bounty = #SSRF Mastery - Fundamentals = The Brute Art of #Bypass Encourage independent work in #cybersecurity. brutelogic.net | Get a 20% discount on cybersecurity ebooks like "First #Bounty," "#SSRF Mastery - Fundamentals," and "The Brute Art of #Bypass" using the coupon code BRLJAN20 at brutelogic.net. This offer aims to support independent work in cybersecurity. |
| 2026-01-19 | SSRF | Testing for SSRF with Burp Suite | The content discusses using Burp Suite, a popular web application security testing tool, to test for Server-Side Request Forgery (SSRF) vulnerabilities. SSRF allows attackers to send crafted requests from the server to other internal systems, potentially leading to data leaks or unauthorized access. Burp Suite can help identify and mitigate SSRF vulnerabilities by intercepting and modifying requests, analyzing responses, and identifying potential SSRF points of entry. By utilizing Burp Suite's features effectively, security professionals can enhance their SSRF testing capabilities and strengthen the security posture of web applications. |
| 2026-01-19 | XSS | Researchers Exploit Bug in StealC Infostealer to Collect Evidence | Researchers have discovered a bug in the StealC Infostealer malware and used it to collect evidence. This bug exploitation helps in understanding how the malware operates and can aid in developing countermeasures against it. By studying the vulnerability, researchers can gain insights into the tactics and techniques used by cybercriminals, ultimately enhancing cybersecurity defenses. |
| 2026-01-19 | XSS | Critical XSS Vulnerability in StealC Malware Admin Panel Allows Researchers to Infiltrate and Monitor Threat Actor Operations | A critical XSS vulnerability in the StealC malware admin panel has been discovered, enabling researchers to infiltrate and monitor threat actor operations. This vulnerability allows for unauthorized access and surveillance of malicious activities. Researchers can exploit this flaw to gain insights into the operations of threat actors using the StealC malware. This discovery highlights the importance of addressing security vulnerabilities promptly to prevent unauthorized access and monitor malicious activities effectively. |
| 2026-01-19 | XSS | Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations | A security bug in the StealC malware panel allowed researchers to spy on threat actor operations. This vulnerability enabled the researchers to gain insights into the activities and operations of malicious actors using the StealC malware. By exploiting this bug, the researchers were able to monitor and track the actions of threat actors, providing valuable intelligence on their tactics and strategies. This discovery highlights the importance of identifying and addressing security vulnerabilities to prevent unauthorized access and surveillance of malicious activities. |
| 2026-01-19 | IDOR | TrinetLayer | TrinetLayer is a proven tool used by hackers for vulnerability research, real-world exploit payloads, and modern attack techniques. It is trusted within the hacking community for its effectiveness and reliability. |
| 2026-01-18 | SSRF | Testing for blind SSRF with Burp Suite | The content discusses using Burp Suite to test for blind Server-Side Request Forgery (SSRF). SSRF vulnerabilities allow attackers to make unauthorized requests from a server. Burp Suite, a popular web vulnerability scanner, can help identify blind SSRF by analyzing responses for indicators of SSRF attacks. Testing for blind SSRF with Burp Suite involves sending crafted requests to the target server and analyzing the responses for potential SSRF behavior. This method can help security professionals identify and mitigate SSRF vulnerabilities in web applications. |
| 2026-01-17 | SSRF | Day 16 Today was about Server Side Request Forgery. I Learned how it works and very simple ways to carry it out. Solved two labs today. Also studied more on isc's domain 1. Security principles #100DaysOfCybersecurity #ssrf pic.x.com/MIOMpjOln8 | Day 16 focused on Server Side Request Forgery (SSRF), learning its workings and simple execution methods. The individual solved two labs and delved deeper into ISC's domain 1 on security principles. The day's activities were part of the #100DaysOfCybersecurity challenge. |
| 2026-01-17 | SSRF | SSRF is still one of the most dangerous web bugs Built & open sourced SSRFHunter: Cloud metadata payloads GraphQL & WebSocket vectors Advanced bypass techniques Automation for real-world testing Repgithub.com/BotGJ16/SSRFHuwRNSBN #BugBounty #SSRF #RedTeam #CyberSecurity | SSRF remains a dangerous web bug. SSRFHunter tool is open-sourced, focusing on cloud metadata payloads, GraphQL & WebSocket vectors, advanced bypass techniques, and automation for real-world testing. The tool is available on GitHub for Bug Bounty, Red Team, and Cybersecurity purposes. The link provided directs to the tool's repository for further exploration. |
| 2026-01-17 | XSS | Testing for DOM XSS with DOM Invader | The content discusses using a tool called DOM Invader to test for DOM-based Cross-Site Scripting (XSS) vulnerabilities. DOM XSS is a type of security issue where client-side scripts manipulate the Document Object Model (DOM) in a way that can be exploited by attackers. DOM Invader is a tool that helps in identifying and testing for such vulnerabilities. By using DOM Invader, security professionals and developers can detect and address potential DOM XSS vulnerabilities in web applications, ensuring better security measures are in place to protect against malicious attacks. |
| 2026-01-17 | XSS | Critical XSS Vulnerabilities in Meta Conversion API Enable Zero-Click Account Takeover | The content discusses critical Cross-Site Scripting (XSS) vulnerabilities found in Meta Conversion API that allow attackers to take over accounts without any user interaction, known as Zero-Click Account Takeover. These vulnerabilities pose a significant security risk and highlight the importance of addressing XSS issues promptly to prevent unauthorized access to user accounts. |
| 2026-01-17 | XSS | Exploiting XSS in Meta Conversion API for Zero-Click Account Takeover | The content discusses exploiting Cross-Site Scripting (XSS) vulnerabilities in Meta Conversion API to achieve a Zero-Click Account Takeover. The article likely provides insights into how attackers can leverage XSS flaws in the API to compromise user accounts without any interaction required from the victim. This type of attack can be highly dangerous as it allows malicious actors to gain unauthorized access to accounts easily. The link provided likely offers more in-depth information on this security issue and its implications. |
| 2026-01-16 | XSS | Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability (CVE-2026-20076) | The content discusses a vulnerability in Cisco Identity Services Engine (ISE) known as Stored Cross-Site Scripting (XSS) with the CVE identifier CVE-2026-20076. This vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized access or data theft. Organizations using Cisco ISE are advised to apply relevant security patches and updates to mitigate this risk. |
| 2026-01-16 | Burp Suite | Included Skills: 𝐛𝐮𝐫𝐩𝐬𝐮𝐢𝐭𝐞-𝐩𝐫𝐨𝐣𝐞𝐜𝐭-𝐩𝐚𝐫𝐬𝐞𝐫 - Search/extract data from Burp Suite projects 𝐝𝐢𝐟𝐟𝐞𝐫𝐞𝐧𝐭𝐢𝐚𝐥-𝐫𝐞𝐯𝐢𝐞𝐰 - Security-focused differential review of code changes | The content discusses two included skills: searching/extracting data from Burp Suite projects and conducting a security-focused differential review of code changes. These skills are valuable for individuals involved in cybersecurity or software development. The link provided likely offers more detailed information on these skills. |
| 2026-01-16 | XSS | StealC hackers hacked as researchers hijack malware control panels | Researchers successfully took control of malware control panels used by the StealC hacking group. By hijacking these control panels, the researchers were able to disrupt the hackers' operations and potentially gather valuable intelligence on their activities. This action demonstrates a proactive approach to cybersecurity, where researchers actively engage with cyber threats to mitigate their impact. The incident highlights the ongoing battle between cybersecurity professionals and malicious actors in the digital landscape. |
| 2026-01-16 | SSRF | #SSRF hxxs://citizen.gov.gh/_next/image?w=16&q=10&url=hxxps://xxxxxxx.oast.live hxxps://https://ift.tt/ewbARxD | The content mentions a potential Server-Side Request Forgery (SSRF) vulnerability involving URLs pointing to citizen.gov.gh and other suspicious domains like oast.live and ift.tt. The presence of SSRF could allow attackers to manipulate server requests and potentially access sensitive information. It is crucial to address and mitigate such vulnerabilities to protect the security of the system and prevent unauthorized access. |
| 2026-01-15 | XSS | CISAs secure-software buying tool had a simple XSS vulnerability of its own | CISA's secure-software buying tool was found to have a basic XSS vulnerability. This vulnerability could potentially compromise the security of the tool. It highlights the importance of thorough security testing and measures in software development, even for tools designed to enhance security. Regular security assessments and updates are crucial to prevent such vulnerabilities from being exploited by malicious actors. |
| 2026-01-15 | SSRF | Serverless Security Risks 2026: Mitigating Identity & SSRF RCE Threats | The content discusses serverless security risks in 2026, focusing on mitigating identity and SSRF RCE threats. It highlights the importance of addressing these specific vulnerabilities to enhance the security of serverless environments. The content likely provides insights, strategies, or best practices for organizations to protect their serverless applications from potential risks related to identity management and SSRF RCE attacks. |
| 2026-01-15 | SSRF | This study found that despite comparable injury severity scores obese patients had lower rates of lung injuries but had higher rates of respiratory complications including ARDS PE and unplanned-reintubation following SSRF. #SSRF #obesity #respiratory complication pic.x.com/FiKycHe4Np | A study discovered that obese patients with similar injury severity scores had lower rates of lung injuries but higher rates of respiratory complications like ARDS, PE, and unplanned reintubation after SSRF. This highlights the impact of obesity on respiratory outcomes post-injury. #SSRF #obesity #respiratorycomplications. |
| 2026-01-14 | SSRF | Elastic Patches Multiple Vulnerabilities Enabling Arbitrary File Theft and DoS Attacks | The content discusses Elastic's recent patching of multiple vulnerabilities that could allow for arbitrary file theft and denial-of-service (DoS) attacks. The vulnerabilities were identified and addressed to prevent potential exploitation by malicious actors. Elastic took proactive measures to secure their systems and protect users from these security risks. The patches aim to enhance the overall security of Elastic's platform and prevent unauthorized access or disruptions. Users are advised to update their systems promptly to ensure they are protected against these vulnerabilities. |
| 2026-01-14 | SSRF | FortiSandbox SSRF Vulnerability Allows Attackers to Proxy Internal Traffic via Crafted HTTP Requests | The FortiSandbox SSRF vulnerability enables attackers to proxy internal traffic by sending specially crafted HTTP requests. This vulnerability poses a risk as attackers can exploit it to manipulate internal traffic flow. More details can be found at https://cyberpress.org/fortisandbox-ssrf-vulnerability/. |
| 2026-01-14 | SSRF | . df March-Phillipps led 32 men on the raid conducted on the island of Fernando Po Spanish Guinea: 11 commandos four agents and 17 local volunteers. He and his commandos were members of SOE's No. 62 Commando. #62Commando #SSRF #SOE #WW2 2/7 | During World War II, df March-Phillipps led a raid on the island of Fernando Po, Spanish Guinea with 32 men, including 11 commandos, four agents, and 17 local volunteers. They were members of SOE's No. 62 Commando. The operation was significant in the context of wartime activities. |
| 2026-01-13 | SSRF | Data theft SSRF intrusions likely with critical Apache Struts 2 bug | A critical Apache Struts 2 bug has the potential to lead to data theft and Server-Side Request Forgery (SSRF) intrusions. This vulnerability could allow attackers to exploit the system, potentially resulting in unauthorized access to sensitive information. Organizations using Apache Struts 2 should be aware of this issue and take necessary precautions to mitigate the risk of data breaches and unauthorized access. |
| 2026-01-13 | SSRF | Critical Apache Struts 2 Vulnerability Allows Attackers to Steal Sensitive Data | A critical vulnerability in Apache Struts 2 has been identified, enabling attackers to steal sensitive data. The flaw poses a significant risk to systems using this framework, potentially leading to data breaches and unauthorized access. Organizations utilizing Apache Struts 2 are advised to promptly apply patches or updates to mitigate the vulnerability and enhance their cybersecurity defenses. Vigilance and proactive measures are crucial to safeguard sensitive information and prevent exploitation by malicious actors. |
| 2026-01-13 | SSRF | FortiSandbox SSRF Vulnerability Allow Attacker to proxy Internal Traffic via Crafted HTTP Requests | The content discusses a vulnerability in FortiSandbox that allows attackers to proxy internal traffic using specially crafted HTTP requests. This Server-Side Request Forgery (SSRF) vulnerability can be exploited by attackers to manipulate the server into making requests to internal systems, potentially leading to unauthorized access or data leakage. It is crucial for FortiSandbox users to be aware of this vulnerability and take necessary precautions to prevent exploitation by malicious actors. |
| 2026-01-13 | XSS | Lack of isolation in agentic browsers resurfaces old vulnerabilities | The content discusses how the lack of isolation in agentic browsers has led to the resurgence of old vulnerabilities. This issue highlights the importance of maintaining strong isolation measures within browsers to prevent security breaches and protect user data. By addressing these vulnerabilities and implementing proper isolation techniques, browser developers can enhance security and safeguard against potential threats. |
| 2026-01-13 | SSRF | WP Migrate Lite 2.7.6 sufre Blind SSRF (SSRF) que permite peticiones externas sin autenticación. CVSS 5.8 (medio). Solución: actualizar a 2.7.7 o superior. #WordPress #Seguridad #SSRF t.me/vulnerabilityw | WP Migrate Lite version 2.7.6 has a Blind SSRF vulnerability allowing external requests without authentication, rated CVSS 5.8 (medium). The solution is to update to version 2.7.7 or higher. This security issue is related to WordPress and SSRF. Stay informed about vulnerabilities at t.me/vulnerabilityw. |
| 2026-01-13 | XSS | New Angular Vulnerability Enables an Attacker to Execute Malicious Payload | A new vulnerability in Angular allows attackers to execute malicious payloads. This vulnerability poses a security risk as it can be exploited by attackers to compromise systems running Angular applications. It is crucial for users and developers to be aware of this issue and take necessary precautions to mitigate the risk of exploitation. Stay informed about security updates and patches released by Angular to protect against potential attacks leveraging this vulnerability. |
| 2026-01-13 | XSS | New Angular Vulnerability Enables Attackers to Execute Malicious Payloads | A new vulnerability in Angular allows attackers to execute malicious payloads. This security flaw poses a risk as it can be exploited by cybercriminals to compromise systems using Angular. Organizations using Angular should be aware of this vulnerability and take necessary precautions to protect their systems from potential attacks. It is crucial to stay informed about security threats and promptly apply patches or updates to mitigate the risk of exploitation. |
| 2026-01-13 | XSS | New Angular Vulnerability Allows Attackers to Execute Malicious Payloads | A new vulnerability in Angular has been discovered, enabling attackers to execute malicious payloads. This security flaw poses a risk to systems using Angular, potentially allowing unauthorized code execution. Organizations using Angular should be vigilant and apply patches or updates to mitigate this vulnerability. It is crucial to stay informed about security risks and promptly address any vulnerabilities to protect systems and data from exploitation by malicious actors. |
| 2026-01-13 | SSRF | New Writeup Alert! "Bypassing SSRF Protections: A $10000 Lesson from Slack" by Abhishek meena is now live on IW! Check it out hereinfosecwriteups.com/6cff022a44a6OE #infosec #bugbountytips #ssrf #hacking #bugbounty | The content announces a new writeup titled "Bypassing SSRF Protections: A $10,000 Lesson from Slack" by Abhishek Meena on IW. It discusses bypassing SSRF protections and shares insights from a Slack-related incident. The writeup is available at the provided link. It covers topics related to information security, bug bounty tips, SSRF, hacking, and bug bounty programs. The content aims to provide valuable lessons and knowledge in the cybersecurity field. |
| 2026-01-12 | SSRF | Attackers Targeting LLMs In Widespread Campaign | The content discusses a widespread campaign where attackers are targeting LLMs (Large Language Models). The details of the attack and specific methods used are not provided in the summary. |
| 2026-01-12 | SSRF | Hackers Exploit SSRF Flaws for Free Access to OpenAI Anthropic LLMs | Hackers are taking advantage of Server-Side Request Forgery (SSRF) vulnerabilities to gain unauthorized access to OpenAI's Anthropic Large Language Models (LLMs). This exploitation allows hackers to access these powerful AI models for free. SSRF flaws are being targeted by cybercriminals to bypass security measures and exploit valuable resources. The unauthorized access to OpenAI's LLMs poses a significant risk to data security and privacy. It is crucial for organizations to address and patch SSRF vulnerabilities to prevent such unauthorized access and protect sensitive information. |
| 2026-01-12 | SSRF | Critical Apache Struts 2 Flaw Could Let Attackers Steal Sensitive Data | A critical vulnerability in Apache Struts 2 has been identified, allowing attackers to potentially steal sensitive data. The flaw poses a significant security risk and could lead to data breaches if exploited. Users of Apache Struts 2 are advised to update their systems immediately to patch the vulnerability and prevent potential attacks. Vigilance and prompt action are crucial to safeguard sensitive information and protect against unauthorized access. |
| 2026-01-11 | SSRF | 3/ The Lesson: Never trust a URL after you've checked it. Pin the IP or use a whitelist. Full write-up coming soon on my Medium! Stay tuned. #SSRF #HackingTips | The content emphasizes the importance of not trusting a URL after checking it, suggesting to pin the IP or use a whitelist for security. A detailed write-up on this topic will be available soon on the author's Medium platform. The post mentions the hashtags #SSRF and #HackingTips, indicating a focus on security and hacking-related advice. Stay tuned for more information. |
| 2026-01-09 | XSS | OWASP CRS Vulnerability Enables Charset Validation Bypass | The content discusses a vulnerability in the OWASP CRS (Core Rule Set) that allows attackers to bypass charset validation. This vulnerability could potentially be exploited by malicious actors to evade security measures and launch attacks. It highlights the importance of addressing and patching vulnerabilities promptly to enhance cybersecurity defenses and protect systems from potential threats. |