#ssrf
#ssrf

[ follow ]

CISA: Oracle vulnerability is being actively exploited

CISA added CVE-2025-61884 (SSRF in Oracle Configurator) to its actively exploited list and mandated patches for US agencies by November 10, 2025.

Information security

fromThe Hacker News

1 week ago

Five New Exploited Bugs Land in CISA's Catalog - Oracle and Microsoft Among Targets

CISA confirmed CVE-2025-61884 SSRF in Oracle E-Business Suite is being exploited in the wild and added it to the KEV catalog.

fromThe Hacker News

1 month ago

Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services (AWS) Instance Metadata Service (IMDS). The vulnerability in question is CVE-2025-51591 (CVSS score: 6.5), which refers to a case of Server-Side Request Forgery (SSRF) that allows attackers to compromise a target system by injecting a specially crafted HTML iframe element.

Information security

fromThe Hacker News

6 months ago

How Breaches Start: Breaking Down 5 Real Vulns

Even minor vulnerabilities can lead to major breaches if exploited by skilled attackers.

[ Load more ]

#ssrf#ssrf

CISA: Oracle vulnerability is being actively exploited

Five New Exploited Bugs Land in CISA's Catalog - Oracle and Microsoft Among Targets

Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

How Breaches Start: Breaking Down 5 Real Vulns

#ssrf
#ssrf