K000152924: Apache HTTP Server vulnerability CVE-2024-43204

Security Advisory Description SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a valu...

CVE-2025-8355

In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery SSRF...

PT-2025-106: Local file read leads to Server-Side Request Forgery (SSRF) in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to read server‑side files and issue requests to the local network, resulting in a Server‑Side Request Forgery SSRF condition. Vulnerability status: Confirmed by vendor Date of...

Xerox FreeFlow Core 安全漏洞

Xerox FreeFlow Core is a flexible and easy-to-use software from Xerox Corporation USA. A security vulnerability exists in Xerox FreeFlow Core version 8.0.4, which stems from improper handling of XML input and could lead to server-side request forgery...

PT-2025-32364 · Xerox · Xerox Freeflow Core

Name of the Vulnerable Software and Affected Versions: Xerox FreeFlow Core version 8.0.4 Description: Improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, resulting in a Server-Side Request Forgery SSRF...

Medium: php8.2

Issue Overview: fsockopen doesn't regard hostname as well, hostname is terminated at the null byte. This can cause Server Side Request Forgery in general case. CVE-2025-1220 Missing error checking could result in SQL injection and missing error handling could lead to crashes due to null pointer...

Medium: php8.3

Issue Overview: fsockopen doesn't regard hostname as well, hostname is terminated at the null byte. This can cause Server Side Request Forgery in general case. CVE-2025-1220 Missing error checking could result in SQL injection and missing error handling could lead to crashes due to null pointer...

Medium: python-pip

Issue Overview: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An...

PT-2025-116: Server‑Side Request Forgery (SSRF) in FreeScout

The vulnerability was identified in FreeScout , versions 1.8.182. The discovered vulnerability allows an attacker to issue requests to restricted‑access servers, enabling internal‑network reconnaissance and subsequent attacks. Vulnerability status: Confirmed by vendor Date of vulnerability...

CVE-2024-55399

4C Strategies Exonaut before v21.6.2.1-1 was discovered to contain a Server-Side Request Forgery SSRF...

mccms 安全漏洞

mccms Man City CMS is a rapid website builder system for individual developers of China Smokey River South chshcms. A security vulnerability exists in mccms version v2.7.0, which originates from improper handling of the pic parameter in the sysappscontrollersapiGf.php file, which may lead to SSRF...

Bottinelli Informatical Vedo Suite 安全漏洞

Bottinelli Informatical Vedo Suite is an enterprise software suite for the textile and design industry from Bottinelli Informatica, Italy. Bottinelli Informatical Vedo Suite suffers from a server-side request forgery vulnerability, which originates from the /apivedo/video/preview endpoint that do...

AI SEO Link Advisor - Less critical - Server-side Request Forgery - SA-CONTRIB-2025-095

This module enables you to provide SEO analysis and recommendations for a given URL. The module doesn't sufficiently sanitize user-supplied URLs, leading to a Server-side request forgery SSRF vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...

CVE-2025-8529

A vulnerability classified as critical was found in cloudfavorites favorites-web up to 1.3.0. Affected by this vulnerability is the function getCollectLogoUrl of the file app/src/main/java/com/favorites/web/CollectController.java. The manipulation of the argument url leads to server-side request...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URL validation process. An attacker can access internal or otherwise restricted resources by submitting a specially crafted URL that bypasses configured allowlists. Remediation Upgrade...

Vvveb 代码问题漏洞

Vvveb is a powerful and easy-to-use CMS from Givan Individual Developers for building websites, blogs or e-commerce stores. A code issue vulnerability exists in Vvveb version 1.0.5 and earlier, which stems from a server-side request forgery due to incorrect manipulation of the parameter url...

XBoot 代码问题漏洞

XBoot is a one-stop front-end and back-end separation rapid development platform for Exrick individual developers. A code issue vulnerability exists in XBoot 3.3.4 and prior versions, which stems from a server-side request forgery due to incorrect manipulation of the loginUrl parameter...

Medium: php

Issue Overview: fsockopen doesn't regard hostname as well, hostname is terminated at the null byte. This can cause Server Side Request Forgery in general case. CVE-2025-1220 Missing error checking could result in SQL injection and missing error handling could lead to crashes due to null pointer...

MedDream PACS Premium cecho.php Function Server-Side Request Forgery Vulnerability

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. A server-side request forgery vulnerability exists in the MedDream PACS Premium cecho.php function, and no detailed vulnerability details are available at this time...

GLPI 代码问题漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...