Lucene search
K

396 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:56 a.m.7 views

CVE-2022-34269

An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/loaddtd?systemid= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution...

8.8CVSS7.3AI score0.01712EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:0 a.m.8 views

CVE-2022-24449

Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document...

9.8CVSS6.9AI score0.01877EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:29 p.m.9 views

CVE-2022-1239

The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the editposts capability by default contributor and above to perform SSRF attacks...

8.8CVSS6.7AI score0.01413EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:12 p.m.5 views

CVE-2022-1188

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible...

5.3CVSS6.5AI score0.01012EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:2 p.m.6 views

CVE-2022-0136

A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature...

8.1CVSS6.3AI score0.00828EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:30 p.m.11 views

CVE-2021-21288

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for...

4.3CVSS6.4AI score0.01173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:12 p.m.18 views

CVE-2021-39497

eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote function...

9.8CVSS6.7AI score0.02358EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:44 p.m.12 views

CVE-2021-43296

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor...

7.5CVSS6.8AI score0.02617EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:48 p.m.10 views

CVE-2021-42079

An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests. POC Step 1: Prepare the SSRF with a request like this: GET /qstorapi/alertConfigSet?senderEmailAddress=a=BURPCOLLABHOST=25=a=1=1=1=1=1=1=1=http://=1=1=1=http:...

6.2CVSS5.4AI score0.00574EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:54 p.m.11 views

CVE-2020-25820

BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field...

6.5CVSS6.3AI score0.08825EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/05/22 3:52 p.m.9 views

CVE-2020-17513

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old Flask-admin based UI were vulnerable for SSRF attack...

5.3CVSS6.8AI score0.04325EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:16 a.m.6 views

CVE-2018-1000825

FreeCol version = nightly-2018-08-22 contains a XML External Entity XXE vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file...

10CVSS6.9AI score0.01937EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:15 a.m.7 views

CVE-2018-1000124

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity XXE vulnerability in line 154 of importmetadata.phpsimplexmlloadstring that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter...

10CVSS6.8AI score0.01832EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:58 a.m.4 views

CVE-2019-20872

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services...

5.5CVSS6.8AI score0.00306EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:56 a.m.6 views

CVE-2018-1000838

autopsy version = 4.9.0 contains a XML External Entity XXE vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted CaseMetadata...

10CVSS6.9AI score0.02502EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/16 7:21 p.m.26 views

Security Bulletin: Vulnerabilities in Pivota Spring Framework, VMware Tanzu Spring Framework, VMware Spring Framework might affect IBM Storage Defender Copy Data Management.

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Pivota Spring Framework, VMware Tanzu Spring Framework, VMware Spring Framework. Vulnerabilities include an attacker and remote attacker could exploit these vulnerabilities to execute arbitrary code on the...

9.8CVSS8.8AI score0.32257EPSS
Exploits8Affected Software1
OSV
OSV
added 2025/05/07 7:11 p.m.2 views

RLSA-2024:4247 Moderate: libuv security update

libuv is a multi-platform support library with a focus on asynchronous I/O. Security Fixes: libuv: Improper Domain Lookup that potentially leads to SSRF attacks CVE-2024-24806 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.3CVSS7.7AI score0.02003EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/05/06 12:0 a.m.7 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.10 : Python vulnerabilities (USN-7488-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7488-1 advisory. It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker coul...

7.8CVSS7.4AI score0.02203EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.8 views

PT-2025-18685

Name of the Vulnerable Software and Affected Versions Stirling-PDF versions prior to 0.45.0 Description Stirling-PDF is a locally hosted web application that allows users to perform various operations on PDF files. The application is vulnerable to SSRF-induced arbitrary file read due to WeasyPrin...

8.7CVSS5.6AI score0.00417EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2025/04/29 12:0 a.m.5 views

PT-2025-29479 · Gnu · Snappy

Уязвимость библиотеки PHP Snappy связана с недостаточной проверкой запросов на стороне сервера. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, осуществить SSRF-атаку путем отправки специально созданного HTTP-запроса...

5CVSS7.3AI score
Exploits0References2
Rows per page
Query Builder