Lucene search
+L

76 matches found

Veracode
Veracode
added 2025/12/08 11:6 a.m.7 views

Server-Side Request Forgery (SSRF)

apache.nms.amqp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper URL resolution in the createRequestUrl function that treats paths beginning with // or \ as schema-relative URLs, which allows an attacker to override the intended base URL and force the server...

9.8CVSS7AI score0.02079EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/12/08 10:9 a.m.12 views

XML External Entity (XXE) Injection

Apache Tika is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of XFA content in PDFs within the tika-parser-pdf-module, where crafted XFA files can trigger XXE, allowing attackers to read sensitive files or make malicious internal or external reques...

9.8CVSS8.4AI score0.79807EPSS
Exploits6References5Affected Software3
Github Security Blog
Github Security Blog
added 2025/12/04 4:55 p.m.9 views

Anthropic Sandbox Runtime Incorrectly Implemented Network Sandboxing

Due to a bug in sandboxing logic, sandbox-runtime did not properly enforce a network sandbox if the sandbox policy did not configure any allowed domains. This could allow sandboxed code to make network requests outside of the sandbox. A patch for this was released in v0.0.16. Thank you to...

1.8CVSS7.2AI score0.00142EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/12/01 9:29 p.m.6 views

GHSA-569Q-MPPH-WGWW Better Auth affected by external request basePath modification DoS

Summary Affected versions of Better Auth allow an external request to configure baseURL when it isn’t defined through any other means. This can be abused to poison the router’s base path, causing all routes to return 404 for all users. This issue is only exploitable when baseURL is not explicitly...

6.3CVSS6AI score
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-25440

Malicious code in bioql PyPI...

9.1CVSS9.1AI score0.00373EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/09/26 11:23 p.m.5 views

SUSE CVE-2025-54468

A vulnerability has been identified within Rancher Manager whereby Impersonate-Extra- headers are being sent to an external entity, for example amazonaws.com, via the /meta/proxy Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses...

4.7CVSS6.7AI score0.00334EPSS
Exploits0References4
NVD
NVD
added 2025/08/21 1:15 a.m.11 views

CVE-2025-27217

A Server-Side Request Forgery SSRF in the UISP Application may allow a malicious actor with certain permissions to make requests outside of UISP Application scope...

9.1CVSS0.00373EPSS
Exploits0References1
CVE
CVE
added 2025/08/04 3:16 p.m.28 views

CVE-2025-5988

A CVE (CVE-2025-5988) affects Ansible Automation Platform’s aap-gateway, where CSRF origin checking is not performed on requests from the gateway to external components (controller, hub, eda). The issue is documented in Red Hat’s advisory RHSA-2025:12772 and Red Hat notes that automation-gateway ...

5.3CVSS6.7AI score0.00249EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 6:9 a.m.7 views

CVE-2023-25557

DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store GMS. It has been discovered that the...

9.1CVSS7.2AI score0.00684EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/03/21 3:20 p.m.112 views

Authorization Bypass in Next.js Middleware

Impact It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. Patches For Next.js 15.x, this issue is fixed in 15.2.3 For Next.js 14.x, this issue is fixed in 14.2.25 For Next.js 13.x, this issue is fixed in 13.5.9 For Next.js...

9.1CVSS7.5AI score0.99301EPSS
Exploits58References11Affected Software1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.4 views

Aim 资源管理错误漏洞

Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. Aim version 3.23.0 suffers from a Resource Management Error vulnerability that originates when certain methods of requesting data from an external server do not have a timeout set, causing the serv...

7.5CVSS7.4AI score0.00446EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/02/18 12:0 a.m.8 views

PT-2025-6606 · WordPress · Profilegrid

Name of the Vulnerable Software and Affected Versions: ProfileGrid – User Profiles, Groups and Communities plugin for WordPress versions up to, and including, 5.9.4.2 Description: The issue allows authenticated attackers with Subscriber-level access and above to make web requests to arbitrary...

5.4CVSS9.4AI score0.00352EPSS
Exploits0References10
OSV
OSV
added 2024/10/30 9:15 p.m.11 views

CVE-2024-48346

xtreme1 = v0.9.1 contains a Server-Side Request Forgery SSRF vulnerability in the /api/data/upload path. The vulnerability is triggered through the fileUrl parameter, which allows an attacker to make arbitrary requests to internal or external systems...

6.1CVSS5.9AI score0.0022EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/30 12:0 a.m.5 views

Xtreme1 安全漏洞

Xtreme1 is an all-in-one open source platform for multimodal training data open-sourced by Xtreme1. A security vulnerability exists in Xtreme1 v0.9.1 and earlier versions that stems from vulnerability to a server-side request forgery attack that allows an attacker to make arbitrary requests to...

6.1CVSS6.8AI score0.0022EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/06 12:0 a.m.10 views

PT-2024-19702 · Open Xchange Gmbh +1 · Ox App Suite

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could...

6.5CVSS7AI score0.00575EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2024/01/24 9:59 a.m.3 views

php: XML loading external entity without being enabled

A flaw was found in PHP due to inadequate validation of user-supplied XML input. By leveraging specially crafted XML code, a remote attacker could obtain sensitive information by viewing the contents of arbitrary files on the system or initiating requests to external systems. This issue may allow...

8.6CVSS7.4AI score0.0121EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/09/27 12:0 a.m.7 views

PT-2023-28780 · Moosocial · Moosocial

Name of the Vulnerable Software and Affected Versions: mooSocial version 3.1.8 Description: The issue concerns external service interaction on the post function. When executed, the server sends HTTP and DNS requests to an external server. The parameters affected are multiple, including messageTex...

6.5CVSS7AI score0.0186EPSS
Exploits2References7
GithubExploit
GithubExploit
added 2023/09/16 1:28 a.m.10 views

Exploit for External Control of System or Configuration Setting in Moosocial

mooSocial: External HTTP and DNS Service Interaction CVE-2023...

6.5CVSS7.2AI score0.0186EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2023/08/11 12:0 a.m.10 views

PT-2023-16575 · Opennms · Meridian +1

Name of the Vulnerable Software and Affected Versions: OpenNMS Horizon versions 31.0.8 through 32.0.2 Description: The issue is related to an XML external entity XXE injection vulnerability in the /rtc/post/ endpoint, which can be used to force Horizon to make arbitrary HTTP requests to internal...

6.1CVSS6.3AI score0.00489EPSS
Exploits0References22
OSV
OSV
added 2023/03/20 4:15 p.m.4 views

UBUNTU-CVE-2023-27586

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...

9.9CVSS5.8AI score0.00722EPSS
Exploits0References7
Rows per page
Query Builder