LangChain Code Issues Vulnerabilities

LangChain builds applications using LLM through composability. A security vulnerability exists in LangChain prior to version 0.0.317, which stems from a server-side request forgery attack via documentloaders/recursiveurlloader.py, as crawling can be performed from an external server to an interna...

The vulnerability of the Generic Request and Message Generator (GRMG)/Heartbeat service on the SAP NetWeaver AS for Java software platform allows a attacker to perform an SSRF attack.

The vulnerability of the Generic Request and Message Generator GRMG/Heartbeat service on the SAP NetWeaver AS for Java software platform is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

CVE-2023-38343

An XXE XML external entity injection vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery...

VulnCheck KEV: CVE-2019-9621

Synacor Zimbra Collaboration Suite ZCS contains a server-side request forgery SSRF vulnerability via the ProxyServlet component...

Apache Superset 代码问题漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset version 2.1.0 and prior versions suffer from an authorization issue vulnerability that stems from incorrect REST API permissions. An attacker can exploit this vulnerability to cau...

Library Management System Code Issue Vulnerability

Library Management System is a library management system with QR code attendance and automatic generation of library card by King Albaracin Personal Developer. A security vulnerability exists in Senayan Library Management Systems SLIMS 9 Bulian v9.6.1, which stems from susceptibility to server-si...

PT-2023-29923 · Bookstack · Bookstack

Name of the Vulnerable Software and Affected Versions: bookstack versions prior to v23.08 Description: The issue is related to Server-Side Request Forgery SSRF in the GitHub repository bookstackapp/bookstack. This allows an attacker to make unauthorized requests on behalf of the server...

Vulnerabilities fixed in IBM Cognos Analytics

IBM has fixed vulnerabilities in Cognos Analytics. A malicious party could exploit the vulnerabilities to perform a Server-Site-Request-Forgery attack in order to collect system information without prior authorizations to collect system information. Also, a malicious party could potentially execu...

USN-6243-2 graphite-web regression

USN-6243-1 fixed vulnerabilities in Graphite-Web. It was discovered that the applied fix was incomplete. This update fixes the problem. Original advisory details: It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a...

DEBIAN-CVE-2022-41401

OpenRefine = v3.5.2 contains a Server-Side Request Forgery SSRF vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure...

OpenRefine Code Issues Vulnerabilities

OpenRefine is a Java-based open source tool. The product is mainly used for loading data, analyzing data and cleaning data. A security vulnerability exists in OpenRefine 3.5.2 and earlier versions, which stems from the presence of a Server Request Forgery SSRF vulnerability. An unauthorized...

GHSA-58QW-P7QM-5RVH Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations

From the reporter XmlParser is vulnerable to XML external entity XXE vulnerability. XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit this vulnerability in order to achieve SSRF or cause a denial of service. One possible scenario is importing a remote...

CVE-2023-3238

A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62. This issue affects some unknown processing of the file /admin/read.php?mudi=getSignal. The manipulation of the argument signalUrl leads to server-side request forgery. The attack may be initiated remotely. The...

PT-2023-23747 · Mccms · Mccms

Name of the Vulnerable Software and Affected Versions: mccms versions up to 2.6.5 Description: A critical issue has been found, affecting the pic save function of the file sys/apps/controllers/admin/Comic.php. The manipulation of the pic argument leads to server-side request forgery, which can be...

WordPress Plugin Gutenberg Blocks 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

CVE-2023-20173

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery SSRF attack through an affected device. To exploit these vulnerabilities, an attacker...

Cisco Identity Services Engine 代码问题漏洞

Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. An XML external entity injection vulnerability...

PT-2023-2778 · Cisco · Cisco Identity Services Engine

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine ISE affected versions not specified Description: The issue is related to the web-based management interface of Cisco Identity Services Engine ISE and involves multiple vulnerabilities. These vulnerabilities coul...

ManageEngine OpManager 代码问题漏洞

ZOHO ManageEngine OpManager is a comprehensive network monitoring software from ZOHO. It is used to manage routers, firewalls, servers, switches and printers. A code issue vulnerability exists in ManageEngine OpManager version 12.6.168, which stems from the presence of an XML External Entity XXE ...

Infoline Project Management System 代码问题漏洞

Infoline Project Management System is a project management system from Infoline. A code issue vulnerability exists in Infoline Project Management System versions prior to 4.09.31.125. An attacker could exploit this vulnerability to perform a server-side request forgery attack...