Lucene search
+L

183 matches found

CNNVD
CNNVD
added 2024/07/23 12:0 a.m.5 views

WordPress plugin CoBlocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS6.9AI score0.00541EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2024/07/17 12:0 a.m.10 views

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition, and Microsoft SharePoint Enterprise Server lies in the insufficient validation of requests on the server side, allowing an attacker to disclose protected information.

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition, and Microsoft SharePoint Enterprise Server is related to insufficient testing of server-side requests. Exploiting this vulnerability can allow an attacker to disclose protected information remotely...

7.8CVSS5.4AI score0.02337EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/13 12:0 a.m.9 views

PT-2024-30907 · WordPress · Elementskit Pro

Name of the Vulnerable Software and Affected Versions: ElementsKit PRO plugin for WordPress versions up to, and including, 3.6.2 Description: The issue allows authenticated attackers with contributor-level permissions and above to conduct Server-Side Request Forgery via the render raw function...

9.6CVSS7.1AI score0.00322EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/05/13 12:0 a.m.5 views

PT-2024-26354 · Shortpixel · Shortpixel Adaptive Images

Name of the Vulnerable Software and Affected Versions: ShortPixel Adaptive Images versions 3.8.3 and earlier Description: A Server-Side Request Forgery SSRF issue has been identified. This allows an attacker to trick the server into making unintended requests, potentially leading to unauthorized...

4.4CVSS6.9AI score0.00363EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/29 12:0 a.m.6 views

PT-2024-15391 · WordPress · Google Doc Embedder

Name of the Vulnerable Software and Affected Versions: Google Doc Embedder plugin for WordPress versions up to, and including, 2.6.4 Description: The issue allows authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the w...

6.4CVSS6.6AI score0.00316EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2024/04/25 12:0 a.m.5 views

The vulnerability of Varnish cache servers, related to the manipulation of requests on the server side, allows attackers to compromise the integrity of the protected information.

The vulnerability of the Varnish cache server relates to the manipulation of requests on the server side. Exploiting this vulnerability allows a malicious actor to affect the integrity of the protected information through a specially crafted HTTP request...

7.8CVSS7.1AI score0.00936EPSS
Exploits0References7Affected Software5
Veracode
Veracode
added 2024/04/22 8:11 a.m.12 views

Server Side Request Forgery

github.com/usememos/memos is vulnerable to Server-Side Request Forgery. The vulnerability exist due to an improper input validation at the /o/get/image endpoint, allowing unauthenticated users to manipulate server-side requests and retrieve images from the internal network and also leads to a...

6.1CVSS6.1AI score0.0108EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/03/06 11:17 a.m.20 views

BIT-GITLAB-2021-39935

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API...

7.5CVSS7.3AI score0.35649EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/02/19 12:0 a.m.14 views

The vulnerability of the export plugin for Better PDF Exporter, a data processing center for Atlassian Jira Server and Data Center, allows a hacker to view arbitrary PDF files.

The vulnerability of the Better PDF Exporter plugin for exporting PDF files from Atlassian Jira Server and Data Center lies in insufficient testing of server-side requests. Exploiting this vulnerability could allow attackers to view arbitrary PDF files...

7.8CVSS7.3AI score0.00928EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/01/03 12:0 a.m.25 views

GitLab 10.5 < 14.3.6 / 14.4 < 14.4.4 / 14.5 < 14.5.2 (CVE-2021-39935)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2...

7.5CVSS7.8AI score0.35649EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/09/21 9:15 p.m.8 views

CVE-2023-38343

An XXE XML external entity injection vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery...

7.5CVSS7.1AI score0.01449EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/07/10 12:0 a.m.10 views

The vulnerability of the LibreOffice office software package, related to insufficient validation of requests on the server side, allows a hacker to gain access to the file system.

The vulnerability of the LibreOffice office software package is related to insufficient testing of server-side requests. Exploiting this vulnerability could allow a malicious actor to gain access to the file system using specially crafted ODT files...

5CVSS5.7AI score0.00782EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/02/08 8:15 p.m.5 views

CVE-2022-34350

IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to...

7.5CVSS5.9AI score0.00645EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/27 12:0 a.m.6 views

Dahua software products 代码问题漏洞

Dahua software products are a family of applications from Dahua Corporation of China. A security vulnerability exists in a number of Dahua software products, which can be exploited by an attacker to access internal resources using server-side requests to forge connections to links URLs that confo...

7.5CVSS7.3AI score0.0053EPSS
Exploits0References2
NVD
NVD
added 2022/09/14 6:15 p.m.27 views

CVE-2022-36112

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or extenal calendar in planning is subject to SSRF exploit. Server-side requests ca...

5.8CVSS0.00477EPSS
Exploits0References2
OSV
OSV
added 2022/09/14 6:15 p.m.2 views

UBUNTU-CVE-2022-36112

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or extenal calendar in planning is subject to SSRF exploit. Server-side requests ca...

5.8CVSS7.3AI score0.00477EPSS
Exploits0References4
CVE
CVE
added 2022/07/07 3:15 a.m.85 views

CVE-2022-2339

CVE-2022-2339 is a Server-Side Request Forgery (SSRF) in the nocodb/nocodb project. The vulnerability allows an attacker to make the server issue requests to internal addresses (via the Import URL flow), potentially reading sensitive internal contents. The description and connected sources confir...

9.1CVSS7.5AI score0.01841EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/12/13 4:15 p.m.3 views

CVE-2021-39935

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API...

7.5CVSS5.2AI score0.35649EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2021/12/13 4:15 p.m.12 views

CVE-2021-39935

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API...

7.5CVSS0.35649EPSS
Exploits0References4
Prion
Prion
added 2021/12/13 4:15 p.m.18 views

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API...

5CVSS7.3AI score0.35649EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder