CVE-2024-32830

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a through 2.8.8...

Security update for logback

This update for logback fixes the following issues: CVE-2024-12798: Fixed arbitrary code execution via JaninoEventEvaluator bsc1234742 CVE-2024-12801: Fixed Server-Side Request Forgery in SaxEventRecorder bsc1234743 Patch Instructions: To install this SUSE update use the SUSE recommended...

OESA-2025-1027 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

PT-2024-17851 · Wisi · Wisi Tangram Gt31

Name of the Vulnerable Software and Affected Versions: WISI Tangram GT31 versions up to 20241214 Description: A server-side request forgery issue affects an unknown functionality of the component HTTP Request Handler. This issue can be exploited remotely. The vendor was contacted about this...

PT-2024-33477 · Ibm · Ibm Security Guardium

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium version 11.5 Description: The issue allows an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This is due to a server-side...

IBM Security Guardium 代码问题漏洞

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium version 11.5 suffers from a server-si...

GetSimple CMS 安全漏洞

GetSimple CMS is a content management system from GetSimple CMS open source. A security vulnerability exists in GetSimple CMS version 3.3.19, which originates from the download address of a plugin in the backend management system, and can enable server-side request forgery attacks...

python: Improper validation of IPv6 and IPvFuture addresses

A flaw was found in Python. The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery SSRF if a URL is...

PT-2024-10982 · Chatwoot · Chatwoot

Name of the Vulnerable Software and Affected Versions: chatwoot/chatwoot versions prior to 2.5.0 Description: A Server-Side Request Forgery SSRF vulnerability was discovered, allowing an attacker to upload an SVG file containing a malicious SSRF payload. When the SVG file is used as an avatar and...

WordPress plugin Responsive Filterable Portfolio 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

PT-2024-18679 · Cisco · Cisco Ise

Name of the Vulnerable Software and Affected Versions: Cisco ISE affected versions not specified Description: A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a...

Xingyuantu SparkShop 安全漏洞

Xingyuantu SparkShop is an open source shopping center from Xingyuantu, a Chinese company. A security vulnerability exists in Xingyuantu SparkShop 1.1.7 and earlier versions, which stems from vulnerability to a server-side request forgery SSRF attack that could allow an attacker to scan ports on...

CVE-2024-48232

An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curlexec execution and output, resulting in a Server-side request forgery SSRF vulnerability that can read serv...

Eclipse Jetty 安全漏洞

Eclipse Jetty is an open source, Java-based web server and Java Servlet container from the Eclipse Foundation. A security vulnerability exists in Eclipse Jetty versions 7.0.0 through 12.0.11, which stems from insufficient validation of the authority portion of the URI by the HttpURI class, which...

New Cloud MyOffice SDK Collaborative Editing Server 安全漏洞

MyOffice SDK is an office software development kit from MyOffice, Inc. A security vulnerability exists in New Cloud MyOffice SDK Collaborative Editing Server versions 2.2.2 through 2.8, which originates from a vulnerability that allows server-side request forgery to be implemented by manipulating...

GHSA-68J8-FP38-P48Q Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack

Impact The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox WstxInputFactory. A malicious XML resource can lead to network requests issued by referencevalidator and thus to a Server Side...

The vulnerability of the Apache OFBiz resource planning software lies in the insufficient validation of incoming requests, allowing a hacker to execute an SSRF attack.

The vulnerability of Apache OFBiz’s resource planning software lies in the insufficient verification of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack remotely...

PT-2024-13438 · Undefined · Undefined

SageCRM Directory Traversal, SQL Injection and Server-Side Request Forgery CVEs: CVE-2023-47300, CVE-2023-47301, CVE-2023-47302,CVE-2023-47303 https://t.co/HSou9Momct...

USN-6978-1 libxstream-java vulnerabilities

It was discovered that XStream incorrectly handled parsing of certain crafted XML documents. A remote attacker could possibly use this issue to read arbitrary files. CVE-2016-3674 Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run...

CVE-2024-7742

A vulnerability was found in wanglongcn ltcms 1.0.20. It has been classified as critical. Affected is the function multiDownload of the file /api/file/multiDownload of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. It is possible to launch...