Tag

#ssrf

2 posts tagged #ssrf.

Analysis · May 14, 2026 · Colten Anderson

Vercel shipped the framework. You're shipping the patch

CVE-2026-44578 is a CVSS 8.6 SSRF in self-hosted Next.js. The fix for 13.x and 14.x users is a major-version migration, filed against your product team as a Dependabot chore.
Analysis · May 5, 2026 · Colten Anderson

Cl0p chained an Oracle EBS SSRF into a mass extortion campaign. Your patch window is 21 days.

CVE-2025-61884 is a pre-auth SSRF in Oracle E-Business Suite that Cl0p weaponized into a full RCE chain hitting 100+ organizations. Here's what patching EBS actually looks like under a KEV deadline.