Ssrf

🔴 Critical | Source: The Hacker News Cisco has patched a server-side request forgery (SSRF) vulnerability in Unified Communications Manager (Unified CM) that allows an unauthenticated network attacker to write arbitrary files to the system and escalate privileges to root. The flaw is tracked as CVE-2026-20230 and public proof-of-concept exploit code is already available, significantly lowering the barrier to exploitation. Cisco’s PSIRT has not confirmed active exploitation in the wild, but the availability of working PoC code makes patching urgent. ...

🟡 Medium | Source: Microsoft Security Response Center CVE-2020-8561 is a vulnerability in the Kubernetes API server (kube-apiserver) that allows an attacker to redirect webhook traffic, potentially enabling server-side request forgery (SSRF) against internal network resources. By manipulating admission webhook configurations, a malicious actor could cause the API server to make requests to arbitrary internal endpoints, bypassing network controls. This affects Azure Kubernetes Service (AKS) and any Kubernetes environment where untrusted users can modify webhook configurations. ...