#jobs #incident #vulnerability #patch-management #security-tools #ai #detection-engineering #exploit #breach #malware #ransomware #phishing #cloud #zero-day #authentication
Articles tagged with: #ssrf Clear filter
Oracle EBS CVE-2025-61882

Oracle EBS CVE-2025-61882

cybersecurity www.reddit.com

Curious if anyone has patched this and seen a change in their webserver behavior. I was testing against my companies exposed sites that use EBS this morning, just doing the initial SSRF portion that caused the target webserver to reach out to an arbitrary external domain. I never tried to reach RCE as I don't have any infra outside the org to actually serve back the JSP/XSL that would contain the b64 encoded code to open a reverse shell. After applying the patch, the SSRF still happens exactly...

#rce #vulnerability #patch-management #ssrf
Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

The Hacker News thehackernews.com

Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services (AWS) Instance Metadata Service (IMDS). The vulnerability in question is CVE-2025-51591 (CVSS score: 6.5), which refers to a case of Server-Side Request Forgery (SSRF) that allows attackers to

#aws #cloud #vulnerability #incident #ssrf
Hitachi Energy Asset Suite

Hitachi Energy Asset Suite

All CISA Advisories www.cisa.gov

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Hitachi Energy Equipment : Asset Suite Vulnerabilities : Server-Side Request Forgery (SSRF), Deserialization of Untrusted Data, Cleartext Storage of Sensitive Information, Uncontrolled Resource Consumption, URL Redirection to Untrusted Site ('Open Redirect'), Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to trigger resource...

#vulnerability #incident #exploit #authentication #ssrf
Exploiting LFI/SSRF Vulnerabilities to Enumerate Local Linux Processes

Exploiting LFI/SSRF Vulnerabilities to Enumerate Local Linux Processes

cybersecurity www.reddit.com

Hey folks, I just wrote my first blog about an easy but often missed method to list Linux processes using LFI/SSRF-like vulnerabilities. Instead of just reading /etc/passwd , this article shows how to see which processes are running, who owns them, and the commands they're executing. It's practical and includes a one-liner exploit to demonstrate the technique. Read the full guide here: https://medium.com/@RandomFlawsFinder/escalating-lfi-ssrf-via-linux-local-processes-enumeration-e522d0ffd6df...

#vulnerability #incident #exploit #ssrf
GitLab Patches Multiple Vulnerabilities That Enables Denial Of Service and SSRF Attacks

GitLab Patches Multiple Vulnerabilities That Enables Denial Of Service and SSRF Attacks

Cyber Security News cybersecuritynews.com

GitLab has released urgent security patches for its Community (CE) and Enterprise (EE) editions, addressing multiple vulnerabilities, including two high-severity flaws that could lead to Server-Side Request Forgery (SSRF) and Denial of Service (DoS) attacks. The company is strongly advising all administrators of self-managed GitLab installations to upgrade immediately to the newly released versions: 18.3.2,

#vulnerability #ssrf
Rockwell Automation ThinManager

Rockwell Automation ThinManager

All CISA Advisories www.cisa.gov

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ThinManager Vulnerability : Server-Side Request Forgery (SSRF) 2. RISK EVALUATION Successful exploitation of this vulnerability could expose the ThinServer service account NTLM hash. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports the following versions of ThinManager, a thin client management software, are affected: ThinManager:...

#vulnerability #patch-management #incident #exploit #ssrf
Collaborator Everywhere v2

Collaborator Everywhere v2

Compass Security Blog blog.compass-security.com

Collaborator Everywhere is a well-known extension for Burp Suite Professional to probe and detect out-of-band pingbacks. We developed an upgrade to the existing extension with several new exiting features. Payloads can now be edited, interactions are displayed in a separate tab and stored with the project file. This makes it easier to detect and analyze any out-of-band communication that typically occurs with SSRF or Host header vulnerabilities.

#vulnerability #ssrf
PhpSpreadsheet Library Vulnerability Enables Attackers to Feed Malicious HTML Input

PhpSpreadsheet Library Vulnerability Enables Attackers to Feed Malicious HTML Input

Cyber Security News cybersecuritynews.com

A high-severity Server-Side Request Forgery (SSRF) vulnerability has been identified in the widely used PhpSpreadsheet library, potentially allowing attackers to exploit internal network resources and compromise server security. The vulnerability, tracked as CVE-2025-54370, affects multiple versions of the phpoffice/phpspreadsheet package and carries a CVSS v4.0 score of 8.7. Key Takeaways1. SSRF in PhpSpreadsheet's Worksheet\Drawing::setPath via

#vulnerability #patch-management #incident #exploit #ssrf
[Showcase/Research] I'm 15 and built a small Exploitation & C2 learning framework (Elaina-Cute)

[Showcase/Research] I'm 15 and built a small Exploitation & C2 learning framework (Elaina-Cute)

cybersecurity www.reddit.com

r/cybersecurity r/programming r/netsecstudents Hi everyone, I'm 15 years old and passionate about cybersecurity. Over the past months, I've been working on a small personal project called Elaina-Cute - an Exploitation & Command-and-Control (C2) framework made purely for learning purposes. Features (research-focused): Web & infrastructure exploitation (Web, LDAP, ADCS, WinRM, SSRF, etc.) Beacon/implant management over HTTP(S) TOR & Burp Suite integration for attack chains PyQt5 GUI + CLI Basic...

#security-tools #incident #exploit #ssrf
Windows Docker Desktop Vulnerability Leads to Full Host Compromise

Windows Docker Desktop Vulnerability Leads to Full Host Compromise

Cyber Security News cybersecuritynews.com

A newly disclosed vulnerability in Docker Desktop for Windows has revealed how a simple Server-Side Request Forgery (SSRF) attack could lead to complete host system compromise. CVE-2025-9074, discovered by Felix Boulet and reported on August 21, 2025, affects all Docker Desktop versions prior to 4.44.3 and demonstrates how container isolation can be completely bypassed through

#vulnerability #incident #docker #container #ssrf