Lucene search
K

399 matches found

Vulnrichment
Vulnrichment
added 2025/12/16 12:14 p.m.5 views

CVE-2025-14443 Ose-openshift-apiserver: openshift api server: server-side request forgery (ssrf) vulnerability in imagestreamimport mechanism

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

6.4CVSS6AI score0.00306EPSS
Exploits0References3
CVE
CVE
added 2025/12/16 12:14 p.m.11 views

CVE-2025-14443

CVE-2025-14443 describes a vulnerability in the OpenShift API server component (ose-openshift-apiserver) where processing user-supplied image references lacks IP address and network-range validation. This enables internal network enumeration, service discovery, limited information disclosure, and...

6.4CVSS6AI score0.00306EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.12 views

PT-2025-51557

Name of the Vulnerable Software and Affected Versions ose-openshift-apiserver affected versions not specified Description A flaw exists in ose-openshift-apiserver that permits internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service DoS. Thi...

9.9CVSS6.9AI score0.22162EPSS
Exploits70References140
NVD
NVD
added 2025/12/15 9:15 p.m.5 views

CVE-2023-53893

Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter that allows attackers to bypass network restrictions. Attackers can exploit the unvalidated parameter to initiate file, service, and network enumeration by forcing the...

6.5CVSS0.00237EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/10 8:47 p.m.24 views

CVE-2020-36884 BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SSRF

BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forci...

6.9CVSS0.0083EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.5 views

BrightSign Digital Signage Diagnostic Web Server 代码问题漏洞

BrightSign Digital Signage Diagnostic Web Server is a troubleshooting and configuration tool from BrightSign USA. A code issue vulnerability exists in BrightSign Digital Signage Diagnostic Web Server version 8.2.26 and earlier, which stems from a server-side request forgery in the url parameter o...

6.9CVSS6.9AI score0.0083EPSS
Exploits0References5
NVD
NVD
added 2025/12/09 9:15 p.m.5 views

CVE-2021-47703

OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip'...

7.2CVSS0.00281EPSS
Exploits2References4
CVE
CVE
added 2025/12/09 8:36 p.m.17 views

CVE-2021-47703

OpenBMCS 2.4 is affected by CVE-2021-47703, a server-side request forgery (SSRF) vulnerability that is unauthenticated. The flaw allows an attacker to bypass firewalls and perform service and network enumeration on the internal network by providing an external domain in the ip parameter, causing ...

7.2CVSS6.7AI score0.00281EPSS
Exploits2References4Affected Software1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.5 views

OpenBMCS 代码问题漏洞

OpenBMCS is a building management and control system from OpenBMCS Australia. A code issue vulnerability exists in OpenBMCS version 2.4 that stems from a server-side request forgery issue with the ip parameter, which could lead to internal network enumeration and session hijacking...

7.2CVSS7AI score0.00281EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.6 views

PT-2025-50233

Name of the Vulnerable Software and Affected Versions OpenBMCS version 2.4 Description The software contains an unauthenticated Server-Side Request Forgery SSRF issue. This allows attackers to bypass firewalls and perform service and network enumeration on the internal network. Attackers can...

7.2CVSS6.9AI score0.00281EPSS
Exploits2References7
NVD
NVD
added 2025/12/08 10:15 p.m.6 views

CVE-2025-12832

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

4.6CVSS0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/08 9:46 p.m.27 views

CVE-2025-12832 IBM InfoSphere Information Server Server-Side Request Forgery

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

4.6CVSS0.00177EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/08 9:46 p.m.5 views

CVE-2025-12832 IBM InfoSphere Information Server Server-Side Request Forgery

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

4.6CVSS6.4AI score0.00177EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/31 12:0 a.m.3 views

IBM Concert Software Server-Side Request Forgery Vulnerability

IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. IBM Concert Software suffers from a server-side request forgery vulnerability th...

5.4CVSS7AI score0.0016EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/28 3:30 p.m.5 views

EUVD-2025-36533

IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.4CVSS6.2AI score0.0016EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/28 2:58 p.m.9 views

CVE-2025-36085 Multiple Vulnerabilities in IBM Concert Software.

IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.4CVSS0.0016EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.3 views

IBM Concert 代码问题漏洞

IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. IBM Concert Software suffers from a server-side request forgery vulnerability th...

5.4CVSS6.8AI score0.0016EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.5 views

PT-2025-44185

Name of the Vulnerable Software and Affected Versions IBM Concert versions 1.0.0 through 2.0.0 Description The software is susceptible to server-side request forgery SSRF. An authenticated attacker could potentially send unauthorized requests from the system. This could lead to network enumeratio...

5.4CVSS6.3AI score0.0016EPSS
Exploits0References5
NVD
NVD
added 2025/10/24 10:15 a.m.6 views

CVE-2025-5350

SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try-It feature, which was accessible only to administrative users. This feature accepted user-supplied URLs without proper validation, leading to server-side request forgery SSRF. Additionally, the...

5.9CVSS0.00583EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-16337

Malware in sbrugna...

5.4CVSS5.2AI score0.00488EPSS
Exploits0References3
Rows per page
Query Builder