MyBB 安全漏洞

MyBB MyBulletinBoard is a free and web-based forum software developed by MYBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. A server request forgery vulnerability exists in MyBB versions prior to 1.8.38, which stems from the...

Akana API Platform 安全漏洞

Akana API Platform is one of Akana's easiest ways to accelerate the digital transformation of your organization. A security vulnerability exists in Akana API Platform version 2022.1.3 and earlier, which stems from the presence of a Server Request Forgery SSRF vulnerability...

OESA-2024-1386 ignition security update

Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote URL, network...

Multiple vulnerabilities in a-blog cms

Overview a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in Entry editing pages CWE-79 - CVE-2024-30419 Server-side request forgery CWE-918 - CVE-2024-30420 Directory traversal CWE-22 - CVE-2024-31394 Stored cross-site...

Ping Identity PingFederate 代码问题漏洞

Ping Identity PingFederate is a flagship software-based federation server in the United States. It is used for identity management. Ping Identity PingFederate has a code issue vulnerability that stems from the presence of a Server Request Forgery SSRF vulnerability...

CVE-2024-20332

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP...

Import WP < 2.13.1 - Admin+ Server-side Request Forgery

Description The plugin does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations. 1. As an admin, create a new importer in /wp-admin/tools.php?page=importwp 2. Visit /wp-admin/admin-ajax.php?action=rest-nonce and...

71cms 安全漏洞

71CMS is a smart party building system open source by xiaocheng-keji. A security vulnerability exists in 71cms v1.0.0, which stems from the presence of a Server Request Forgery SSRF vulnerability...

Rebuild 安全漏洞

Rebuild is a highly customizable enterprise management system. A security vulnerability exists in Rebuild v.3.5 that stems from the presence of a Server Request Forgery SSRF vulnerability. The vulnerability can be exploited by an attacker to obtain sensitive information and execute arbitrary code...

NextChat Code Issue Vulnerability

NextChat is a program for rapid deployment of private ChatGPT web applications. A security vulnerability exists in NextChat 2.11.2 and earlier versions, which stems from the presence of a server request forgery SSRF and cross-site scripting XSS vulnerability. An attacker can exploit the...

WonderCMS installUpdateThemePluginAction Function Server Request Forgery Vulnerability

WonderCMS is an open source PHP-based content management system CMS. A server request forgery vulnerability exists in the WonderCMS installUpdateThemePluginAction function, which can be exploited by an attacker to conduct an SSRF attack, thereby forcing the application to make arbitrary requests...

WonderCMS 安全漏洞

WonderCMS is an open source PHP-based content management system CMS. A server request forgery vulnerability exists in the WonderCMS installUpdateThemePluginAction function, which can be exploited by an attacker to conduct an SSRF attack, thereby forcing the application to make arbitrary requests...

ChatGPT-wechat-personal Security Vulnerability

ChatGPT-wechat-personal is to realize the function of ChatGPT chatbot in WeChat personal subscription number by calling OpenAI latest interface and gpt-3.5-turbo model. A security vulnerability exists in ChatGPT-wechat-personal version a0857f6, which stems from a Server Request Forgery SSRF...

CVE-2023-5122

Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests t...

Mobileiron Sentry Code Issue Vulnerability

Mobileiron Sentry is a Smart Gateway product from Mobileiron, Inc. A code issue vulnerability exists in Mobileiron Sentry versions prior to 9.1.0 through 24.1.2 that stems from a server request forgery vulnerability in Phabricator...

Critical: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps 1.10.2 security update

An update is now available for Red Hat OpenShift GitOps v1.10.2. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Critical: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps 1.11.1 security update

An update is now available for Red Hat OpenShift GitOps v1.11. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

CVE-2024-21893

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication...

CVE-2024-22424

CVE-2024-22424 affects Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 (and related 2.7.16 per some advisories). The root cause is failure to validate that requests carry the correct content type, allowing bypass of browser CORS preflight checks and enabling CSRF via cross-origin...

Youke365 Security Breach

Youke365 Youke365 is a professional web site navigation system of China Youke365 Youke365 company. A security vulnerability exists in Youke365 1.5.3 and earlier versions, which stems from a Server Request Forgery SSRF vulnerability in the file /app/controller/caiji.php...