399 matches found
CVE-2025-14443 Ose-openshift-apiserver: openshift api server: server-side request forgery (ssrf) vulnerability in imagestreamimport mechanism
A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...
CVE-2025-14443
CVE-2025-14443 describes a vulnerability in the OpenShift API server component (ose-openshift-apiserver) where processing user-supplied image references lacks IP address and network-range validation. This enables internal network enumeration, service discovery, limited information disclosure, and...
PT-2025-51557
Name of the Vulnerable Software and Affected Versions ose-openshift-apiserver affected versions not specified Description A flaw exists in ose-openshift-apiserver that permits internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service DoS. Thi...
CVE-2023-53893
Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter that allows attackers to bypass network restrictions. Attackers can exploit the unvalidated parameter to initiate file, service, and network enumeration by forcing the...
CVE-2020-36884 BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SSRF
BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forci...
BrightSign Digital Signage Diagnostic Web Server 代码问题漏洞
BrightSign Digital Signage Diagnostic Web Server is a troubleshooting and configuration tool from BrightSign USA. A code issue vulnerability exists in BrightSign Digital Signage Diagnostic Web Server version 8.2.26 and earlier, which stems from a server-side request forgery in the url parameter o...
CVE-2021-47703
OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip'...
CVE-2021-47703
OpenBMCS 2.4 is affected by CVE-2021-47703, a server-side request forgery (SSRF) vulnerability that is unauthenticated. The flaw allows an attacker to bypass firewalls and perform service and network enumeration on the internal network by providing an external domain in the ip parameter, causing ...
OpenBMCS 代码问题漏洞
OpenBMCS is a building management and control system from OpenBMCS Australia. A code issue vulnerability exists in OpenBMCS version 2.4 that stems from a server-side request forgery issue with the ip parameter, which could lead to internal network enumeration and session hijacking...
PT-2025-50233
Name of the Vulnerable Software and Affected Versions OpenBMCS version 2.4 Description The software contains an unauthenticated Server-Side Request Forgery SSRF issue. This allows attackers to bypass firewalls and perform service and network enumeration on the internal network. Attackers can...
CVE-2025-12832
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
CVE-2025-12832 IBM InfoSphere Information Server Server-Side Request Forgery
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
CVE-2025-12832 IBM InfoSphere Information Server Server-Side Request Forgery
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
IBM Concert Software Server-Side Request Forgery Vulnerability
IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. IBM Concert Software suffers from a server-side request forgery vulnerability th...
EUVD-2025-36533
IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
CVE-2025-36085 Multiple Vulnerabilities in IBM Concert Software.
IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
IBM Concert 代码问题漏洞
IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. IBM Concert Software suffers from a server-side request forgery vulnerability th...
PT-2025-44185
Name of the Vulnerable Software and Affected Versions IBM Concert versions 1.0.0 through 2.0.0 Description The software is susceptible to server-side request forgery SSRF. An authenticated attacker could potentially send unauthorized requests from the system. This could lead to network enumeratio...
CVE-2025-5350
SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try-It feature, which was accessible only to administrative users. This feature accepted user-supplied URLs without proper validation, leading to server-side request forgery SSRF. Additionally, the...
EUVD-2021-16337
Malware in sbrugna...