PT-2024-11539 · Mautic · Mautic

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 4.4.12 Mautic versions prior to 5.0.4 Description: An authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery SSRF vulnerability...

Cisco Identity Services Engine 代码问题漏洞

Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco USA. The ISE collects real-time information from the network, users, and devices to develop and enforce policies to regulate the network. A security vulnerability exists in the Cisco Identi...

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is Mobile Security Framework open source an automated all-in-one mobile application . Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...

PYSEC-2024-278

A vulnerability was found in LangChain langchaincommunity 0.0.26. It has been classified as critical. Affected is the function loadlocal in the library libs/community/langchaincommunity/retrievers/tfidf.py of the component TFIDFRetriever. The manipulation leads to server-side request forgery. It ...

RWS WorldServer Security Vulnerability

RWS WorldServer is a flexible, enterprise-class translation management system from RWS UK. A security vulnerability exists in RWS WorldServer prior to version 11.7.3 that originates from an authenticated, remote attacker who can perform a blind server-side request forgery SSRF attack that results...

OESA-2024-1200 libuv security update

libuv is a multi-platform support library with a focus on asynchronous I/O. It was primarily developed for use by Node.js, but it’s also used by Luvit, Julia, pyuv, and others. Security Fixes: libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function i...

DEBIAN-CVE-2024-22243

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...

PT-2024-20277 · Xxl-Job · Xxl-Job

Name of the Vulnerable Software and Affected Versions: xxl-job versions prior to 2.4.1 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability. This vulnerability allows low-privileged users to control the executor, potentially leading to Remote Code Execution RCE...

Apache ServiceComb Service-Center Code Issue Vulnerability

Apache ServiceComb Service-Center is a Restful-based service registry from the Apache Foundation that provides microservice discovery and microservice management. A code issue vulnerability exists in Apache ServiceComb Service-Center 2.1.0 and earlier versions, which stems from a server-side...

UBUNTU-CVE-2023-51441

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis...

VulnCheck KEV: CVE-2018-15517

The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ U...

GHSA-59V3-898R-QWHJ MLflow Server-Side Request Forgery (SSRF)

A malicious user could use this issue to access internal HTTPs servers and in the worst case ie: aws instance it could be abused to get a remote code execution on the victim machine...

CVE-2023-46265

An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery SSRF...

Wavelink Avalanche Security Vulnerability

Wavelink Avalanche is a mobile device management system from Wavelink, Inc. in the United States. A security vulnerability exists in Wavelink Avalanche version 6.4.2. An attacker can exploit this vulnerability to cause server-side request forgery SSRF in a remote control server by sending a...

PT-2023-8278 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche affected versions not specified Description: The issue is related to a Server-Side Request Forgery SSRF in the Ivanti Avalanche Remote Control server. An unauthenticated attacker could send a specifically crafted web request ...

PT-2023-31314 · Apache +1 · Apache Tiles +1

Name of the Vulnerable Software and Affected Versions: Apache Tiles versions 2 onwards Description: The issue arises from the lack of validation of the value set as the DefaultLocaleResolver.LOCALE KEY attribute on the session while resolving XML definition files. This can lead to possible path...

Apache Tiles Path Traversal Vulnerability

Apache Tiles is a page layout framework for JavaEE applications from the Apache Foundation. A path traversal vulnerability exists in Apache Tiles prior to version 2.0.0, which stems from failing to validate the value of the DefaultLocaleResolver.LOCALEKEY attribute set on a session when parsing a...

PT-2023-8432 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 25.0.0 through 25.0.10 Nextcloud Server versions 26.0.0 through 26.0.5 Nextcloud Server versions prior to 27.1.0 Nextcloud Enterprise Server versions 22.0.0 through 22.2.10.15 Nextcloud Enterprise Server versions...

Nextcloud Code Issues Vulnerabilities

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. A code issue exists in Nextcloud Server versions prior to 25.0.11, 26.0.6, and 27.1.0, as well as Nextcloud Enterprise Server versions prior to 22.2.10.16,...

PT-2025-1562 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.5 through 16.9.7 GitLab CE/EE versions 16.10 through 16.10.5 GitLab CE/EE versions 16.11 through 16.11.2 Description: The issue is related to Server Side Request Forgery SSRF in GitLab CE/EE. An attacker can exploit...