Skip to main content
CVE-2025-2691 HIGH POC PATCH This Week

Authentication bypass in nossrf JavaScript library (versions <1.0.4) enables Server-Side Request Forgery against internal network resources by circumventing the library's SSRF protection mechanism. Attackers can supply hostnames resolving to reserved IP ranges (RFC 1918 private addresses, loopback, link-local) to access internal services despite nossrf being deployed specifically to prevent SSRF attacks. Publicly available exploit code exists (Snyk advisory). EPSS score of 0.14% (34th percentile) indicates limited observed exploitation attempts despite POC availability, likely due to the library's niche usage pattern. No CISA KEV listing indicates targeted rather than widespread exploitation campaigns.

SSRF
NVD
CVSS 4.0
7.8
EPSS
0.1%
CVE-2025-27553 HIGH PATCH This Week

Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Path Traversal Commons Vfs Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2025-29795 HIGH This Month

Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Google Information Disclosure Edge Update Chrome
NVD
CVSS 3.1
7.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy