CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

402 matches found

CNNVD•added 2023/09/05 12:0 a.m.•2 views

Apache Axis 输入验证错误漏洞

Apache Axis is the United States Apache Apache Foundation of an open source , XML-based Web services architecture . The product contains a SOAP server implemented in Java and C++ languages , as well as a variety of utility services and APIs to generate and deploy Web services applications. Apache...

9.8CVSS6.8AI score0.01931EPSS

Exploits0References6

OSV•added 2023/09/04 5:32 p.m.•3 views

CVE-2023-41055 LibreY Server-Side Request Forgery (SSRF) vulnerability via wikipedia_language cookie

LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery SSRF vulnerability in the engines/google/text.php and engines/duckduckgo/text.php files in versions before commit...

7.5CVSS7.2AI score0.00729EPSS

Exploits1References4

CNNVD•added 2023/08/22 12:0 a.m.•2 views

Apache XML Graphics Batik 代码问题漏洞

Apache XML Graphics Batik is a Java-based application from the Apache Foundation that is primarily used for processing SVG-format images. A code issue vulnerability exists in Apache XML Graphics Batik version 1.16, which stems from the presence of a Server Request Forgery SSRF vulnerability. An...

4.4CVSS6.5AI score0.00749EPSS

Exploits0References9

CNNVD•added 2023/08/02 12:0 a.m.•1 views

Open-Xchange AppSuite Code Issue Vulnerability

Open-Xchange AppSuite is a set of Web cloud desktop environments from Open-Xchange Germany. The environment allows users to more intuitively manage email, tasks, files, and more. A code issue vulnerability exists in Open-Xchange AppSuite that stems from a Server Request Forgery SSRF vulnerability...

3.2CVSS7AI score0.00345EPSS

Exploits0References7

CNNVD•added 2023/07/17 12:0 a.m.•3 views

Mattermost 代码问题漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from an improper restriction of requests to localhost/Intranet, resulting in a Server Request Forgery SSRF vulnerability...

4.3CVSS5.2AI score0.00314EPSS

Exploits0References2

CNNVD•added 2023/06/27 12:0 a.m.•3 views

PlantUML 代码问题漏洞

PlantUML is a component that allows rapid authoring. for generating diagrams from textual descriptions. A code issue vulnerability exists in PlantUML versions prior to 1.2023.9 that stems from the presence of a Server Request Forgery SSRF vulnerability...

10CVSS7.3AI score0.00735EPSS

Exploits1References4

CNNVD•added 2023/06/15 12:0 a.m.•2 views

Adobe Commerce 代码问题漏洞

Adobe Commerce is a leading global digital commerce solution for merchants and brands from Adobe. A code issue vulnerability exists in Adobe Commerce that stems from the presence of a Server Request Forgery SSRF vulnerability. An attacker could exploit the vulnerability to read arbitrary system...

4.9CVSS5.7AI score0.00861EPSS

Exploits0References3

OSV•added 2023/06/06 7:15 p.m.•4 views

DEBIAN-CVE-2023-32683

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...

5.4CVSS6.7AI score0.00605EPSS

Exploits0References1

Vulnrichment•added 2023/06/06 6:24 p.m.•6 views

CVE-2023-32683 URL deny list bypass via oEmbed and image URLs when generating previews in Synapse

3.5CVSS6.9AI score0.00605EPSS

Exploits0References3

CNNVD•added 2023/05/16 12:0 a.m.•2 views

Davinci 代码问题漏洞

Davinci is an edp open source DVsaaS Data Visualization Service platform. A security vulnerability exists in Davinci version 0.3.0-rc, which stems from vulnerability to server request forgery SSRF attacks...

8.8CVSS7.9AI score0.006EPSS

Exploits0References3

CNNVD•added 2023/04/24 12:0 a.m.•4 views

JetBrains Hub 代码问题漏洞

JetBrains Hub is a web-based application from the Czech company JetBrains. The program is capable of integrating multiple JetBrains team tools together. A code issue vulnerability exists in versions of JetBrains Hub prior to 2023.1.15725, which stems from a lack of server request forgery protecti...

9.8CVSS8.4AI score0.00482EPSS

Exploits0References2

SUSE CVE•added 2023/02/15 4:14 a.m.•3 views

SUSE CVE-2019-9187

ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs...

7.5CVSS7.6AI score0.01699EPSS

Exploits0References3

OSV•added 2023/02/08 8:15 p.m.•5 views

UBUNTU-CVE-2023-25151

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...

7.5CVSS7AI score0.00973EPSS

Exploits1References2

CNNVD•added 2022/12/14 12:0 a.m.•31 views

WordPress 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress suffers from a code issue vulnerability that stems from unauthenticated server-side request forgery ...

5.9CVSS6.1AI score0.0315EPSS

Exploits5References3

CNNVD•added 2022/11/29 12:0 a.m.•3 views

WordPress plugin WP Affiliate Platform 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS5.9AI score0.0058EPSS

Exploits0References4

RedHat Linux•added 2022/11/03 3:14 p.m.•4 views

xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...

7.5CVSS7.3AI score0.01131EPSS

Exploits0References4

CNNVD•added 2022/11/01 12:0 a.m.•3 views

多款Hitachi产品代码问题漏洞

Hitachi Ops Center Analyzer and Hitachi Infrastructure Analytics Advisor are both products of Hitachi, Japan.Hitachi Ops Center Analyzer is a data center management software. It monitors, reports, and correlates end-to-end performance from servers to storage.Hitachi Infrastructure Analytics Advis...

9.8CVSS8.4AI score0.00621EPSS

Exploits0References3

BDU FSTEC•added 2022/10/28 12:0 a.m.•3 views

The vulnerability of the graphical interface of the FortiManager device management software and the FortiAnalyzer security event monitoring and analysis tool allows a attacker to perform an SRF attack.

The vulnerability of the graphical interface of the FortiManager device management software and the FortiAnalyzer security event monitoring and analysis tool is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SRF attack...

9CVSS6.6AI score0.00668EPSS

Exploits0References4Affected Software2