144 matches found
CVE-2025-6454
CVE-2025-6454 affects GitLab CE/EE: authenticated users can trigger Server-Side Request Forgery by injecting crafted sequences to make unintended internal requests through proxy environments. Impacted versions are 16.11 up to 18.1.5, 18.2 up to 18.2.5, and 18.3 up to 18.3.1 (i.e., before 18.1.6, ...
CVE-2025-6454 Server-Side Request Forgery (SSRF) in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences...
GitLab CE和EE 代码问题漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A code issue vulnerability exists in GitLab CE and EE versions 16.11 through before...
Blind Server Side Request Forgery (SSRF)
johnbillion/wp-crontrol plugin is vulnerable to Blind Server Side Request Forgery SSRF. The vulnerability is due to improper use of the wpremoterequest function, which allows an attacker with Administrator-level access to send arbitrary web requests and interact with internal services...
GHSA-HJ6F-7HP7-XG69 Mautic vulnerable to SSRF via webhook function
Summary Users with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the partial request response is also disclosed Details When sending webhooks, the destination is not validated, causing SSRF. Impact Bypass of firewalls to interact with interna...
Linux Distros Unpatched Vulnerability : CVE-2021-21392
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In...
PT-2025-32427
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2025.Q1.0 through 2025.Q1.4 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q2.0 through 2024.Q2....
PT-2025-115: Server‑Side Request Forgery (SSRF) in FreeScout
The vulnerability was identified in FreeScout , versions 1.8.182. The discovered vulnerability allows an attacker to send HTTP requests to external and internal resources, causing data leakage and denial‑of‑service. Vulnerability status: Confirmed by vendor Date of vulnerability remediation:...
CVE-2025-49545 ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of URLs. Exploitation...
CVE-2025-49190
The application is vulnerable to Server-Side Request Forgery SSRF. An endpoint can be used to send server internal requests to other ports...
CVE-2023-48786
A server-side request forgery vulnerability CWE-918 in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests...
CVE-2025-49190
The application is vulnerable to Server-Side Request Forgery SSRF. An endpoint can be used to send server internal requests to other ports...
CVE-2025-49190 Server-Side Request Forgery
The application is vulnerable to Server-Side Request Forgery SSRF. An endpoint can be used to send server internal requests to other ports...
CVE-2025-49190 Server-Side Request Forgery
The application is vulnerable to Server-Side Request Forgery SSRF. An endpoint can be used to send server internal requests to other ports...
CVE-2025-49190
CVE-2025-49190 is associated with a Server-Side Request Forgery (SSRF) in SICK Field Analytics and SICK Media Server. The linked Sick PSIRT entry states multiple vulnerabilities in those products could affect confidentiality, integrity, and availability, with SSRF allowing an endpoint to initiate...
PT-2025-25316 · Sick Ag · Sick Field Analytics
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The application is vulnerable to Server-Side Request Forgery SSRF, which allows an endpoint to be used for sending server internal requests to other ports. Recommendations: At the moment,...
CVE-2023-48786
A server-side request forgery vulnerability CWE-918 in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests...
CVE-2023-48786
A server-side request forgery vulnerability CWE-918 in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests...
CVE-2023-48786
Fortinet FortiClientEMS contains a server-side request forgery (SSRF) vulnerability (CVE-2023-48786) affecting FortiClientEMS versions 7.4.0–7.4.2 and any versions prior to 7.2.6. An authenticated attacker could trigger internal requests via crafted HTTP/HTTPS requests. Mitigations documented in ...
CVE-2023-48786
A server-side request forgery vulnerability CWE-918 in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests...