ssrf

Microsoft’s security tracking shows CVE-2026-26121 as a server‑side request forgery (SSRF) / spoofing vulnerability in Azure IoT Explorer, and the vendor has flagged it as a real, actionable issue that administrators should treat with urgency. Multiple independent vulnerability aggregators and...

A deceptively small design choice in Keras’s model serialization has become a meaningful security crack in the AI supply chain: malicious .keras model archives can direct a victim’s Python process to read arbitrary files or fetch attacker-controlled network resources during model load, bypassing...

A half‑blind Server‑Side Request Forgery (SSRF) has been disclosed in the Kubernetes kube‑controller‑manager that specifically affects clusters using the in‑tree Portworx StorageClass; the flaw can be triggered by any actor who can create pods that request Portworx volumes and can leak data from...

Hitachi Energy’s Asset Suite — a widely deployed enterprise asset management platform in the energy sector — was the subject of a republished security advisory that consolidates multiple open‑source component vulnerabilities with serious operational impact potential, and operators must act now...

Rockwell Automation’s ThinManager has been flagged for a high-severity Server-Side Request Forgery (SSRF) flaw that can expose an industrial control system’s ThinServer service account NTLM credentials, according to a federal advisory reissued on September 9, 2025. The vulnerability—tracked...

Schneider Electric’s EcoStruxure Power Monitoring Expert (PME) has been flagged in a coordinated advisory for a cluster of high‑impact vulnerabilities that, together, create multiple realistic attack paths into industrial monitoring infrastructure—issues that matter to Windows administrators...

Schneider Electric’s EcoStruxure IT Data Center Expert has long been positioned as a central hub in the critical infrastructure monitoring landscape, relied upon worldwide by manufacturing, energy, and data-driven industries for its real-time insight and robust automation capabilities. However...

ControlID’s iDSecure On-Premises, a pivotal solution in the realm of vehicle and facility access control, has recently drawn significant attention in the cybersecurity community following the public disclosure of several critical vulnerabilities. These weaknesses, which affect all versions up to...

A new vulnerability that has captured the attention of IT professionals and cybersecurity enthusiasts is the CVE-2025-21177, affecting Microsoft Dynamics 365 Sales. This vulnerability, characterized as a Server-Side Request Forgery (SSRF), provides an avenue for an authenticated attacker to...

In the latest cybersecurity revelation, a devastating series of vulnerabilities has been unearthed within Azure DevOps, Microsoft’s widely-used platform for CI/CD (Continuous Integration/Continuous Deployment). These vulnerabilities, if exploited, could spell disaster for organizations relying...

Microsoft has started 2025 with a new cybersecurity advisory addressing a vulnerability tracked as CVE-2025-21385. The issue lies in their Microsoft Purview product and involves a Server-Side Request Forgery (SSRF) vulnerability. If you have Microsoft Purview in your IT arsenal, buckle up—this...

On October 3, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released an alert about vulnerabilities affecting Subnet Solutions Inc.'s PowerSYSTEM Center. This equipment is vital in sectors such as critical manufacturing and energy, and the vulnerabilities can expose...

On August 13, 2024, the Microsoft Security Response Center reported a significant security vulnerability identified as CVE-2024-38109, affecting the Azure Health Bot service. This vulnerability can potentially allow authenticated attackers to exploit a Server-Side Request Forgery (SSRF)...