CVE-2024-51981 – Apache SOAP SSRF/HTTP Request Smuggling

June 25, 2025

CVE ID : CVE-2024-51981

Published : June 25, 2025, 8:15 a.m. | 2 hours, 42 minutes ago

Description : An unauthenticated attacker may perform a blind server side request forgery (SSRF), due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control all the HTTP data sent in the SSRF connection, but the attacker can not receive any data back from this connection.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-51982 – HP Printer PJL Variable FORMLINES Denial of Service

Next Article CVE-2024-51980 – Apache HTTP Server SSRF Vulnerability

Highlights

CVE-2025-4531 – Seeyon Zhiyuan OA Web Application System Remote Code Injection Vulnerability

May 11, 2025

CVE ID : CVE-2025-4531

Published : May 11, 2025, 6:15 a.m. | 23 minutes ago

Description : A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been rated as critical. Affected by this issue is the function postData of the file ROOTWEB-INFclassescomourswwwehrsalaryservicedataEhrSalaryPayrollServiceImpl.class of the component Beetl Template Handler. The manipulation of the argument payrollId leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2024-51981 – Apache SOAP SSRF/HTTP Request Smuggling

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

10 Best Text Expanders for Windows (And Why SmartText Tops the List)

Google’s Giving Free AI Tools and 2TB Storage to Students till 2026 – Here’s how you can avail it

CVE-2024-53026 – Nokia IMS RTCP Packet Information Disclosure Vulnerability

CVE-2025-47445 – Eventin Path Traversal Vulnerability

CVE-2025-4531 – Seeyon Zhiyuan OA Web Application System Remote Code Injection Vulnerability

What’s the mysterious Windows 11 ‘inetpub’ folder? Microsoft says you shouldn’t delete it.

Here’s How to Enable AI Actions in File Explorer in Windows 11

Microsft says Windows Hello no longer works in the dark, and it’s NOT a bug

CVE-2024-51981 – Apache SOAP SSRF/HTTP Request Smuggling

Related Posts