Lucene search
+L

144 matches found

cve
cve
added 2025/09/12 6:5 a.m.88 views

CVE-2025-6454

CVE-2025-6454 affects GitLab CE/EE: authenticated users can trigger Server-Side Request Forgery by injecting crafted sequences to make unintended internal requests through proxy environments. Impacted versions are 16.11 up to 18.1.5, 18.2 up to 18.2.5, and 18.3 up to 18.3.1 (i.e., before 18.1.6, ...

8.8CVSS6.4AI score0.00645EPSS
Exploits0References3Affected Software1
osv
osv
added 2025/09/12 6:5 a.m.3 views

CVE-2025-6454 Server-Side Request Forgery (SSRF) in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences...

8.5CVSS6.3AI score0.00645EPSS
Exploits0References6
cnnvd
cnnvd
added 2025/09/12 12:0 a.m.3 views

GitLab CE和EE 代码问题漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A code issue vulnerability exists in GitLab CE and EE versions 16.11 through before...

8.8CVSS6.5AI score0.00645EPSS
Exploits0References5
veracode
veracode
added 2025/09/09 8:49 a.m.4 views

Blind Server Side Request Forgery (SSRF)

johnbillion/wp-crontrol plugin is vulnerable to Blind Server Side Request Forgery SSRF. The vulnerability is due to improper use of the wpremoterequest function, which allows an attacker with Administrator-level access to send arbitrary web requests and interact with internal services...

5.9CVSS7AI score0.00323EPSS
Exploits0References7Affected Software1
osv
osv
added 2025/09/03 10:11 p.m.3 views

GHSA-HJ6F-7HP7-XG69 Mautic vulnerable to SSRF via webhook function

Summary Users with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the partial request response is also disclosed Details When sending webhooks, the destination is not validated, causing SSRF. Impact Bypass of firewalls to interact with interna...

2.7CVSS6.7AI score0.00283EPSS
Exploits0References5
nessus
nessus
added 2025/08/27 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2021-21392

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In...

6.3CVSS6.7AI score0.00894EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/08/09 12:0 a.m.8 views

PT-2025-32427

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2025.Q1.0 through 2025.Q1.4 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q2.0 through 2024.Q2....

8.6CVSS6.7AI score0.00365EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2025/08/08 12:0 a.m.9 views

PT-2025-115: Server‑Side Request Forgery (SSRF) in FreeScout

The vulnerability was identified in FreeScout , versions 1.8.182. The discovered vulnerability allows an attacker to send HTTP requests to external and internal resources, causing data leakage and denial‑of‑service. Vulnerability status: Confirmed by vendor Date of vulnerability remediation:...

6.1CVSS5.8AI score
Exploits0References2
vulnrichment
vulnrichment
added 2025/07/08 8:49 p.m.3 views

CVE-2025-49545 ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of URLs. Exploitation...

6.2CVSS7.2AI score0.00362EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/06/14 2:24 p.m.10 views

CVE-2025-49190

The application is vulnerable to Server-Side Request Forgery SSRF. An endpoint can be used to send server internal requests to other ports...

4.3CVSS4.6AI score0.00291EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/06/12 5:6 p.m.10 views

CVE-2023-48786

A server-side request forgery vulnerability CWE-918 in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests...

4.3CVSS4.6AI score0.00283EPSS
Exploits0References1
nvd
nvd
added 2025/06/12 2:15 p.m.12 views

CVE-2025-49190

The application is vulnerable to Server-Side Request Forgery SSRF. An endpoint can be used to send server internal requests to other ports...

5.8CVSS0.00291EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2025/06/12 2:6 p.m.5 views

CVE-2025-49190 Server-Side Request Forgery

The application is vulnerable to Server-Side Request Forgery SSRF. An endpoint can be used to send server internal requests to other ports...

4.3CVSS7.2AI score0.00291EPSS
Exploits0References6
cvelist
cvelist
added 2025/06/12 2:6 p.m.20 views

CVE-2025-49190 Server-Side Request Forgery

The application is vulnerable to Server-Side Request Forgery SSRF. An endpoint can be used to send server internal requests to other ports...

4.3CVSS0.00291EPSS
Exploits0References6
cve
cve
added 2025/06/12 2:6 p.m.50 views

CVE-2025-49190

CVE-2025-49190 is associated with a Server-Side Request Forgery (SSRF) in SICK Field Analytics and SICK Media Server. The linked Sick PSIRT entry states multiple vulnerabilities in those products could affect confidentiality, integrity, and availability, with SSRF allowing an endpoint to initiate...

5.8CVSS7.2AI score0.00291EPSS
Exploits0References6Affected Software1
ptsecurity
ptsecurity
added 2025/06/12 12:0 a.m.12 views

PT-2025-25316 · Sick Ag · Sick Field Analytics

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The application is vulnerable to Server-Side Request Forgery SSRF, which allows an endpoint to be used for sending server internal requests to other ports. Recommendations: At the moment,...

4.3CVSS6.2AI score0.00291EPSS
Exploits0References9
osv
osv
added 2025/06/10 5:18 p.m.5 views

CVE-2023-48786

A server-side request forgery vulnerability CWE-918 in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests...

4.3CVSS5.8AI score0.00283EPSS
Exploits0References1
cvelist
cvelist
added 2025/06/10 4:36 p.m.27 views

CVE-2023-48786

A server-side request forgery vulnerability CWE-918 in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests...

4.3CVSS0.00283EPSS
Exploits0References1
cve
cve
added 2025/06/10 4:36 p.m.56 views

CVE-2023-48786

Fortinet FortiClientEMS contains a server-side request forgery (SSRF) vulnerability (CVE-2023-48786) affecting FortiClientEMS versions 7.4.0–7.4.2 and any versions prior to 7.2.6. An authenticated attacker could trigger internal requests via crafted HTTP/HTTPS requests. Mitigations documented in ...

4.3CVSS4.7AI score0.00283EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2025/06/10 4:36 p.m.5 views

CVE-2023-48786

A server-side request forgery vulnerability CWE-918 in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests...

4.3CVSS7.1AI score0.00283EPSS
Exploits0References1
Rows per page
Query Builder