183 matches found
WordPress plugin CoBlocks 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition, and Microsoft SharePoint Enterprise Server lies in the insufficient validation of requests on the server side, allowing an attacker to disclose protected information.
The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition, and Microsoft SharePoint Enterprise Server is related to insufficient testing of server-side requests. Exploiting this vulnerability can allow an attacker to disclose protected information remotely...
PT-2024-30907 · WordPress · Elementskit Pro
Name of the Vulnerable Software and Affected Versions: ElementsKit PRO plugin for WordPress versions up to, and including, 3.6.2 Description: The issue allows authenticated attackers with contributor-level permissions and above to conduct Server-Side Request Forgery via the render raw function...
PT-2024-26354 · Shortpixel · Shortpixel Adaptive Images
Name of the Vulnerable Software and Affected Versions: ShortPixel Adaptive Images versions 3.8.3 and earlier Description: A Server-Side Request Forgery SSRF issue has been identified. This allows an attacker to trick the server into making unintended requests, potentially leading to unauthorized...
PT-2024-15391 · WordPress · Google Doc Embedder
Name of the Vulnerable Software and Affected Versions: Google Doc Embedder plugin for WordPress versions up to, and including, 2.6.4 Description: The issue allows authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the w...
The vulnerability of Varnish cache servers, related to the manipulation of requests on the server side, allows attackers to compromise the integrity of the protected information.
The vulnerability of the Varnish cache server relates to the manipulation of requests on the server side. Exploiting this vulnerability allows a malicious actor to affect the integrity of the protected information through a specially crafted HTTP request...
Server Side Request Forgery
github.com/usememos/memos is vulnerable to Server-Side Request Forgery. The vulnerability exist due to an improper input validation at the /o/get/image endpoint, allowing unauthenticated users to manipulate server-side requests and retrieve images from the internal network and also leads to a...
BIT-GITLAB-2021-39935
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API...
The vulnerability of the export plugin for Better PDF Exporter, a data processing center for Atlassian Jira Server and Data Center, allows a hacker to view arbitrary PDF files.
The vulnerability of the Better PDF Exporter plugin for exporting PDF files from Atlassian Jira Server and Data Center lies in insufficient testing of server-side requests. Exploiting this vulnerability could allow attackers to view arbitrary PDF files...
GitLab 10.5 < 14.3.6 / 14.4 < 14.4.4 / 14.5 < 14.5.2 (CVE-2021-39935)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2...
CVE-2023-38343
An XXE XML external entity injection vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery...
The vulnerability of the LibreOffice office software package, related to insufficient validation of requests on the server side, allows a hacker to gain access to the file system.
The vulnerability of the LibreOffice office software package is related to insufficient testing of server-side requests. Exploiting this vulnerability could allow a malicious actor to gain access to the file system using specially crafted ODT files...
CVE-2022-34350
IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to...
Dahua software products 代码问题漏洞
Dahua software products are a family of applications from Dahua Corporation of China. A security vulnerability exists in a number of Dahua software products, which can be exploited by an attacker to access internal resources using server-side requests to forge connections to links URLs that confo...
CVE-2022-36112
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or extenal calendar in planning is subject to SSRF exploit. Server-side requests ca...
UBUNTU-CVE-2022-36112
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or extenal calendar in planning is subject to SSRF exploit. Server-side requests ca...
CVE-2022-2339
CVE-2022-2339 is a Server-Side Request Forgery (SSRF) in the nocodb/nocodb project. The vulnerability allows an attacker to make the server issue requests to internal addresses (via the Import URL flow), potentially reading sensitive internal contents. The description and connected sources confir...
CVE-2021-39935
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API...
CVE-2021-39935
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API...
Design/Logic Flaw
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API...