328 matches found
Multiple vulnerabilities in a-blog cms
Overview a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in Entry editing pages CWE-79 - CVE-2024-30419 Server-side request forgery CWE-918 - CVE-2024-30420 Directory traversal CWE-22 - CVE-2024-31394 Stored cross-site...
Ping Identity PingFederate 代码问题漏洞
Ping Identity PingFederate is a flagship software-based federation server in the United States. It is used for identity management. Ping Identity PingFederate has a code issue vulnerability that stems from the presence of a Server Request Forgery SSRF vulnerability...
CVE-2024-20332
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP...
Import WP < 2.13.1 - Admin+ Server-side Request Forgery
Description The plugin does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations. 1. As an admin, create a new importer in /wp-admin/tools.php?page=importwp 2. Visit /wp-admin/admin-ajax.php?action=rest-nonce and...
71cms 安全漏洞
71CMS is a smart party building system open source by xiaocheng-keji. A security vulnerability exists in 71cms v1.0.0, which stems from the presence of a Server Request Forgery SSRF vulnerability...
Rebuild 安全漏洞
Rebuild is a highly customizable enterprise management system. A security vulnerability exists in Rebuild v.3.5 that stems from the presence of a Server Request Forgery SSRF vulnerability. The vulnerability can be exploited by an attacker to obtain sensitive information and execute arbitrary code...
NextChat Code Issue Vulnerability
NextChat is a program for rapid deployment of private ChatGPT web applications. A security vulnerability exists in NextChat 2.11.2 and earlier versions, which stems from the presence of a server request forgery SSRF and cross-site scripting XSS vulnerability. An attacker can exploit the...
WonderCMS installUpdateThemePluginAction Function Server Request Forgery Vulnerability
WonderCMS is an open source PHP-based content management system CMS. A server request forgery vulnerability exists in the WonderCMS installUpdateThemePluginAction function, which can be exploited by an attacker to conduct an SSRF attack, thereby forcing the application to make arbitrary requests...
WonderCMS 安全漏洞
WonderCMS is an open source PHP-based content management system CMS. A server request forgery vulnerability exists in the WonderCMS installUpdateThemePluginAction function, which can be exploited by an attacker to conduct an SSRF attack, thereby forcing the application to make arbitrary requests...
ChatGPT-wechat-personal Security Vulnerability
ChatGPT-wechat-personal is to realize the function of ChatGPT chatbot in WeChat personal subscription number by calling OpenAI latest interface and gpt-3.5-turbo model. A security vulnerability exists in ChatGPT-wechat-personal version a0857f6, which stems from a Server Request Forgery SSRF...
CVE-2023-5122
Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests t...
Mobileiron Sentry Code Issue Vulnerability
Mobileiron Sentry is a Smart Gateway product from Mobileiron, Inc. A code issue vulnerability exists in Mobileiron Sentry versions prior to 9.1.0 through 24.1.2 that stems from a server request forgery vulnerability in Phabricator...
Critical: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps 1.10.2 security update
An update is now available for Red Hat OpenShift GitOps v1.10.2. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Critical: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps 1.11.1 security update
An update is now available for Red Hat OpenShift GitOps v1.11. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
CVE-2024-21893
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication...
CVE-2024-22424
CVE-2024-22424 affects Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 (and related 2.7.16 per some advisories). The root cause is failure to validate that requests carry the correct content type, allowing bypass of browser CORS preflight checks and enabling CSRF via cross-origin...
Youke365 Security Breach
Youke365 Youke365 is a professional web site navigation system of China Youke365 Youke365 company. A security vulnerability exists in Youke365 1.5.3 and earlier versions, which stems from a Server Request Forgery SSRF vulnerability in the file /app/controller/caiji.php...
Inis Code Issues Vulnerabilities
Inis is a web application. A code issue vulnerability exists in Inis 2.0.1 and earlier versions, which stems from a server request forgery SSRF vulnerability in the file app/api/controller/default/Proxy.php...
WordPress Plugin affiliate-toolkit Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...
Audiobookshelf Code Issue Vulnerability
Audiobookshelf is a self-hosted audiobook and podcast server from audiobookshelf open source. A code issue vulnerability exists in Audiobookshelf versions prior to 2.7.0, which stems from a Server Request Forgery SSRF vulnerability in Auth.js...