CVE-2023-7253

The Import WP WordPress plugin before 2.13.1 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations...

PT-2024-15253 · WordPress · Import Wp

Name of the Vulnerable Software and Affected Versions: Import WP WordPress plugin versions prior to 2.13.1 Description: The issue allows users with the administrator role to conduct SSRF attacks, which may be a problem in multisite configurations. This is due to the lack of prevention of pinging ...

Oracle Primavera Unifier Open Redirect (April 2024 CPU)

The versions of Primavera Unifier installed on the remote host are affected by an open redirect vulnerability as referenced in the April 2024 CPU advisory. Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter and perform validation checks o...

CVE-2024-22262

A flaw was found in the Spring Framework. Applications that use UriComponentsBuilder to parse an externally provided URL, for example, through a query parameter, and perform validation checks on the host of the parsed URL may be vulnerable to an open redirect attack or an SSRF attack if the URL i...

Spring Framework URL Parsing with Host Validation

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...

CVE-2024-22262 CVE-2024-22262: Spring Framework URL Parsing with Host Validation

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...

CVE-2024-27477

Leantime 3.0.6 is affected by a stored XSS in the ticket/title field that can be exploited to trigger SSRF. The issue affects the ticket creation/modification workflow and is documented across multiple sources (NVD/Red Hat/OSV) indicating a Cross‑Site Scripting vulnerability that could enable SSR...

K000139218: CVE-2024-22243 Spring Framework vulnerability

Security Advisory Description Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to...

CVE-2024-20332

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP...

CVE-2024-20332

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP...

CVE-2024-20332

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP...

CVE-2024-20332

The CVE-2024-20332 issue affects Cisco Identity Services Engine (ISE) web-based management interface. It is a server-side request forgery (SSRF) caused by improper input validation in specific HTTP requests, enabling an authenticated attacker to cause the ISE to make arbitrary network requests so...

PT-2024-20803 · 71Cms · 71Cms

Name of the Vulnerable Software and Affected Versions: 71cms version 1.0.0 Description: The issue allows remote unauthenticated attackers to obtain sensitive information. This is achieved via the getweather.html endpoint, which is vulnerable to Server Side Request Forgery SSRF. SSRF is a type of...

MGASA-2024-0079 Updated libuv packages fix security vulnerability

It was discovered that the uvgetaddrinfo function in libuv, an asynchronous event notification library, incorrectly truncated certain hostnames, which may result in bypass of security measures on internal APIs or SSRF attacks. CVE-2024-24806...

CVE-2024-27098

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13...

CVE-2024-22259

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...

CVE-2024-22259

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...

CVE-2024-22259

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...

Security Bulletin: Potential Vulnerability in Apache Solr affects IBM Operations Analytics - Log Analysis

Summary There is a potential XXE vulnerability in Apache Solr. This has been addressed. Vulnerability Details IBM X-Force ID: 261776 DESCRIPTION: Eclipse Jetty is vulnerable to server-side request forgery, caused by improper handling of XML external entity XXE declarations by the XmlParser. By...

CVE-2024-27927 RSSHub vulnerable to SSRF in /mastodon, /zjoi, and /m4

RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service DoS attacks. The attacker ca...