7229 matches found
CVE-2025-9805
CVE-2025-9805 affects SimStudioAI Sim up to commit 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2, with a server-side request forgery flaw in apps/sim/app/api/proxy/image/route.ts. The vulnerability can be exploited remotely after processing by the vulnerable code path; exploitation is public. Patch 34...
Linux Distros Unpatched Vulnerability : CVE-2018-1042
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moodle 3.x has Server Side Request Forgery in the filepicker. CVE-2018-1042 Note that Nessus relies on the presence of the package as reported by the vendor...
PT-2025-35519
Name of the Vulnerable Software and Affected Versions: SimStudioAI versions prior to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2 Description: A server-side request forgery issue exists due to unknown processing within the file apps/sim/app/api/proxy/image/route.ts. The attack can be performed...
Linux Distros Unpatched Vulnerability : CVE-2023-35133
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3,...
CVE-2025-9799
A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request...
CVE-2025-9799
A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request...
CVE-2025-9799 Langfuse Webhook promptRouter.ts promptChangeEventSourcing server-side request forgery
A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request...
CVE-2025-9799
CVE-2025-9799 affects Langfuse up to version 3.88.0. The vulnerability is in the Webhook Handler’s WebSocket/HTTP code path, specifically the function promptChangeEventSourcing in web/src/features/prompts/server/routers/promptRouter.ts. Manipulation of this function can lead to server-side reques...
CVE-2025-55007 Knowage vulnerable to server-side request forgery
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this...
CVE-2025-55007 Knowage vulnerable to server-side request forgery
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this...
CVE-2025-55007
Knowage (open source analytics/BI) prior to version 8.1.37 is affected by a server-side request forgery vulnerability that lets an attacker issue requests to arbitrary hosts/paths. The attacker cannot read the response, which limits impact, but the issue could be used to scan internal networks. T...
Server-Side Request Forgery (SSRF)
Liferay Portal is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper access validation due to crafted URLs in FreeMarker templates that allow template editors to bypass restrictions...
Knowage 代码问题漏洞
Knowage is an open source suite for modern business analytics on legacy resources and big data systems from Knowage, Italy. A code issue vulnerability exists in Knowage versions prior to 8.1.37 that stems from server-side request forgery and could lead to scanning of the internal network...
langfuse 代码问题漏洞
langfuse is a large language model engineering platform open-sourced by Langfuse. A code issue vulnerability exists in langfuse 3.88.0 and earlier versions, which stems from a misuse of the function promptChangeEventSourcing in the file web/src/features/prompts/server/routers/promptRouter.ts...
PT-2025-35514
Name of the Vulnerable Software and Affected Versions: Langfuse versions through 3.88.0 Description: A security flaw exists in Langfuse, potentially leading to server-side request forgery. The vulnerability is located in the promptChangeEventSourcing function within the...
PT-2025-35494
Name of the Vulnerable Software and Affected Versions: Knowage versions prior to 8.1.37 Description: Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. The impact of this vulnerability is limited as attackers cannot...
CVE-2025-9395
A vulnerability was identified in wangsongyan wblog 0.0.1. This affects the function RestorePost of the file backup.go. Such manipulation of the argument fileName leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly available and might be use...
CVE-2025-9414
A vulnerability was found in kalcaddle kodbox 1.61. Affected by this vulnerability is an unknown functionality of the file /?explorer/upload/serverDownload of the component Download from Link Handler. Performing manipulation of the argument url results in server-side request forgery. Remote...
CVE-2024-46413
Rebuild v3.7.7 was discovered to contain a Server-Side Request Forgery SSRF via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreControllerloadDataIndex method...
CVE-2025-48364
Server-Side Request Forgery SSRF vulnerability in vEnCa-X rajce rajce allows Server Side Request Forgery.This issue affects rajce: from n/a through = 0.4.2...