CVE-2023-20062

Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery SSRF attack on an affected system. Cisco plans to release software updates that address these vulnerabilities...

SUSE CVE-2018-1000010

Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...

SUSE CVE-2020-11987

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

Splunk 代码问题漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...

PT-2023-16375 · Yugabyte · Yugabyte Managed

Name of the Vulnerable Software and Affected Versions: Yugabyte Managed versions 2.0.0.0 through 2.13.0.0 Description: The issue affects Yugabyte Managed, allowing accessing functionality not properly constrained by ACLs, communication channel manipulation, and authentication abuse due to...

Vulnerabilities fixed in Cisco Identity Services Engine (ISE).

Cisco has fixed vulnerabilities in Identity Services Engine ISE. A malicious person with access to the Web-based management environment could exploit the vulnerabilities to gain access to sensitive data via a Same Server Request Forgery to gain access to sensitive data. It is good practice not to...

Netcad KEOS 代码问题漏洞

Netcad KEOS is Netcad's local management solution that responds to e-municipal needs with secure, integrated data production and management capabilities. A security vulnerability exists in Netcad KEOS version 1.0 that stems from vulnerability to XML External Entity XXE attacks, which can lead to...

PT-2023-19589 · Jenkins · Jenkins Semantic Versioning Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Semantic Versioning Plugin versions 1.14 and earlier Description: The issue allows attackers who can control agent processes to have Jenkins parse a crafted file, potentially leading to the extraction of secrets from the Jenkins...

CXF: SSRF Vulnerability

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

CVE-2022-39039

aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTPs request to launch Server-Side Request Forgery SSRF attack, to perform arbitrary system command or disrupt service...

Esri Portal For ArcGIS 代码问题漏洞

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A code issue vulnerability exists in Esri Portal for ArcGIS 10.9.1 and prior versions...

IBM Cognos Analytics 代码问题漏洞

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A server-side request forgery...

JetBrains IntelliJ IDEA 代码问题漏洞

JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from the Czech company JetBrains. A security vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2022.3, which stems from an XXE attack that can be performed via a request to a custom plugi...

perfSONAR 代码问题漏洞

perfSONAR is a widely deployed test and measurement infrastructure used by scientific networks and facilities around the world to monitor and ensure network performance. A security vulnerability exists in perfSONAR v4.4.5 and earlier versions, which stems from a problem with the graphData.cgi...

CVE-2022-42894

A vulnerability has been identified in syngo Dynamics All versions VA40G HF01. An unauthenticated Server-Side Request Forgery SSRF vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for the leaking of NTLM credentials as well as loca...

PT-2022-24943 · Kubevela · Kubevela

Name of the Vulnerable Software and Affected Versions: KubeVela versions 1.5 through 1.5.7 KubeVela versions 1.6 through 1.6.0 Description: KubeVela is an open source application delivery platform. Users using the VelaUX APIServer could be affected by this issue. When using Helm Chart as the...

PHP Point of Sale 代码问题漏洞

PHP Point of Sale is an online point of sale system for small retail businesses by PHP Point of Sale, Inc. A security vulnerability exists in PHP Point of Sale LLC version 19.0 that stems from the application's susceptibility to a server-side request forgery attack that allows a back-end server t...

CVE-2022-32533

Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no...

Vulnerability fixed in Atlassian Jira

Atlassian has fixed a vulnerability in Jira. A authenticated malicious person could exploit the vulnerability to execute a server-side request-forgery attack. This enables the malicious party to gain access to sensitive data or information about the system. The vulnerability is located in a plug-...

PT-2022-18882 · Sap · Sap Netweaver

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver EP Web Page Composer affected versions not specified Description: The issue arises from insufficient validation of an XML document accepted from an untrusted source. This allows an adversary to exploit unprotected XML parking at...