Exp1Orer

**Name of the Vulnerable Software and Affected Versions** Tencent Blueking CMDB versions 3.2.x through 3.9.x **Description** The issue is related to a Server-Side Request Forgery (SSRF) that affects the event subscription function. This allows attackers to access internal requests via a crafted POST request to the "/service/subscription.go" endpoint. The `event subscription function` is the vulnerable component, and the exploitation involves sending a crafted POST request. **Recommendations** For versions 3.2.x through 3.9.x, consider disabling the event subscription function until a patch is available. Restrict access to the "/service/subscription.go" endpoint to minimize the risk of exploitation. Avoid using the event subscription function in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** HummerRisk versions 1.10 through 1.4.1 **Description** An issue in HummerRisk allows an authenticated attacker to execute arbitrary code via a crafted request to the "service/LicenseService" component. **Recommendations** For versions 1.10 through 1.4.1, consider disabling access to the "service/LicenseService" component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.