CVE-2024-52579

Misskey is an open source, federated social media platform. Some APIs using HttpRequestService do not properly check the target host. This vulnerability allows an attacker to send POST or GET requests to the internal server, which may result in a SSRF attack.It allows an attacker to send POST or...

CVE-2024-52579 Server-Side Request Forgery vulnerability in various APIs in Misskey

Misskey is an open source, federated social media platform. Some APIs using HttpRequestService do not properly check the target host. This vulnerability allows an attacker to send POST or GET requests to the internal server, which may result in a SSRF attack.It allows an attacker to send POST or...

Open WebUI SSRF Vulnerability

Open WebUI is a scalable, feature-rich, user-friendly self-hosted web user interface designed to operate completely offline. Open WebUI suffers from an SSRF vulnerability that can be exploited by an attacker to potentially compromise the confidentiality, availability, and integrity of the system...

CVE-2024-6538 Openshift-console: openshift console: server-side request forgery

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

CVE-2024-6538 Openshift-console: openshift console: server-side request forgery

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

The vulnerability of the Apache OFBiz resource planning software lies in the insufficient validation of requests on the server side, allowing attackers to execute SSRF attacks.

The vulnerability of Apache OFBiz’s resource planning software lies in insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack remotely...

CVE-2024-6538

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

CVE-2024-10524 GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...

CVE-2024-10524 GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...

CVE-2024-20531

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery SSRF attack through an affected device. To exploit this vulnerability, the attacker woul...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in axios

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of axios. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol relative URLs...

Security Bulletin: Multiple Vulnerabilities in components for Cloud Pak System

Summary Vulnerabilities found in components packaged with Cloud Pak System, Node.js, Express, Axios. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: Node.js braces module is vulnerable to a denial of service, caused by the failure to limit the number of characters it can handle. leading to...

PT-2024-10337 · Unknown · Gpt Academic

Name of the Vulnerable Software and Affected Versions: GPT Academic affected versions not specified Description: The issue is related to insufficient validation of incoming requests in the data loading function from the arxiv archive of the GPT Academic machine learning application. This can allo...

CVE-2024-6763

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browser...

CVE-2024-6763

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browser...

CVE-2024-6763 Jetty URI parsing of invalid authority

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browser...

CVE-2024-6763

CVE-2024-6763 affects the Jetty project (HttpURI utility) and involves insufficient validation of the URI authority segment. The vulnerability can lead to an open redirect or SSRF when a vulnerable Jetty HttpURI is used with certain (invalid) URIs, potentially depending on browser parsing differe...

CVE-2024-6763

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browser...

Security Bulletin: A vulnerability in HashiCorp Consul affects IBM Robotic Process Automation and may result in server-side request forgery (CVE-2022-29153).

Summary A vulnerability in HashiCorp Consul affects IBM Robotic Process Automation and may result in server-side request forgery. This bulletin identifies the security fix to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-29153 DESCRIPTION: HashiCorp Consul and HashiCorp...

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...