Appspace 6.2.4 - Server-Side Request Forgery

Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. id: CVE-2021-27670 info: name: Appspace 6.2.4 - Server-Side Request Forgery author: ritikchaddha severity: critical description: Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. impact...

kkFileView 4.1.0 - Server-Side Request Forgery

kkFileView 4.1.0 is susceptible to server-side request forgery via the component cn.keking.web.controller.OnlinePreviewControllergetCorsFile. An attacker can force the application to make arbitrary requests via injection of crafted URLs into the url parameter and thereby potentially obtain...

Flyte Console <0.52.0 - Server-Side Request Forgery

FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or...

Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery

The Shibboleth Identity Provider OIDC OP plugin before 3.0.4 is vulnerable to server-side request forgery SSRF due to insufficient restriction of the requesturi parameter, which allows attackers to interact with arbitrary third-party HTTP services. id: CVE-2022-24129 info: name: Shibboleth OIDC O...

MeterSphere < 2.5.0 SSRF

MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in...

Labstack Echo 4.8.0 - Open Redirect

Labstack Echo 4.8.0 contains an open redirect vulnerability via the Static Handler component. An attacker can leverage this vulnerability to cause server-side request forgery, making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-400...

Sophos Mobile managed on-premises - XML External Entity Injection

An XML External Entity XXE vulnerability allows server-side request forgery SSRF and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. id: CVE-2022-3980 info: name: Sophos Mobile managed on-premises - XML External Entity Injection author: dabla...

HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11 are susceptible to server-side request forgery. When redirects are returned by HTTP health check endpoints, Consul follows these HTTP redirects by default. An attacker can possibly obtain sensitive information, modify data,...

XStream <1.4.18 - Server-Side Request Forgery

XStream before 1.4.18 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream with a Java runtime version 14 to 8. This makes it possible to obtain sensitive information, modify...

Geoserver - Server-Side Request Forgery

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows server-side request forgery via the option for setting a proxy host. id: CVE-2021-40822 info: name: Geoserver - Server-Side Request Forgery author: For3stCo1d,aringo-bf severity: high description: GeoServer through 2.18.5 and 2.19.x throug...

Visualizer <3.3.1 - Blind Server-Side Request Forgery

Visualizer prior to 3.3.1 suffers from a blind server-side request forgery vulnerability via the /wp-json/visualizer/v1/upload-data endpoint. id: CVE-2019-16932 info: name: Visualizer 3.3.1 - Blind Server-Side Request Forgery author: akincibor severity: critical description: | Visualizer prior to...

Oracle E-Business Suite - Blind SSRF

Oracle E-Business Suite, Application Management Pack component User Monitoring subcomponent, is susceptible to blind server-side request forgery. An attacker with network access via HTTP can gain read access to a subset of data, connect to internal services like HTTP-enabled databases, or perform...

Responsive filemanager 9.13.1 Server-Side Request Forgery

Responsive filemanager 9.13.1 is susceptible to server-side request forgery in upload.php via the url parameter. id: CVE-2018-14728 info: name: Responsive filemanager 9.13.1 Server-Side Request Forgery author: madrobot severity: critical description: Responsive filemanager 9.13.1 is susceptible t...

Anyscale Ray 2.6.3 and 2.8.0 - Server-Side Request Forgery

The Ray Dashboard API is affected by a Server-Side Request Forgery SSRF vulnerability in the url parameter of the /logproxy API endpoint. The API does not perform sufficient input validation within the affected parameter and any HTTP or HTTPS URLs are accepted as valid. id: CVE-2023-48023 info:...

GitLab Enterprise Edition - Server-Side Request Forgery

An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue. id: CVE-2019-6793 info: name: GitLab Enterprise Edition - Server-Side Request Forgery author:...

DedeCMS 5.7.109 - Server-Side Request Forgery

Manipulation of the rssurl parameter in codo.php leads to server-side request forgery in DedeCMS version 5.7.109. id: CVE-2023-3578 info: name: DedeCMS 5.7.109 - Server-Side Request Forgery author: ritikchaddha severity: critical description: | Manipulation of the rssurl parameter in codo.php lea...

Apache HTTPd Windows UNC - Server-Side Request Forgery

SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note- Existing configurations that access UNC paths will have to configure new...

PyTorch TorchServe SSRF

TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity...

Qualitor <= v8.24 - Server-Side Request Forgery

Qualitor v8.24 was discovered to contain a Server-Side Request Forgery SSRF via the component /request/viewValidacao.php. id: CVE-2024-48360 info: name: Qualitor = v8.24 - Server-Side Request Forgery author: s4e-io severity: high description: | Qualitor v8.24 was discovered to contain a Server-Si...

LocalAI - Partial Local File Read

A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https-// and file-// schemes, where the latter can lead to LFI. However, the output is limited due to the...