Server-side Request Forgery (SSRF)

Overview bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the MultipartSerde. ensurefile and JSONSerde.parserequest processes. An attacker can cause the server to make arbitrary HTTP requests to...

BentoML 代码问题漏洞

BentoML is an open source modeling service library from BentoML Open Source. It is used to build high-performance and scalable artificial intelligence applications using Python. A code issue vulnerability exists in BentoML versions 1.4.0 through 1.4.19 that stems from the file upload processing...

Server-side Request Forgery (SSRF)

Overview webfinger.js is an A client library to query WebFinger records Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the WebFinger class. An attacker can cause the server to send arbitrary GET requests to internal or external hosts, including localhost...

Vulnerabilities fixed in Salesforce Tableau Server

Salesforce has fixed vulnerabilities in Salesforce Tableau Server Specifically for versions lower than 25.1.3, 2024.2.12, and 2023.3.19. The vulnerabilities include unauthorized access to data via user-controlled keys, authorization bypass, unrestricted file uploads of dangerous file types,...

SSRF Check 安全漏洞

SSRF Check is a check string for potential SSRF attacks by Felippe Regazio Personal Developer. A security vulnerability exists in versions of SSRF Check prior to 1.2.0, which stems from an incomplete IP address range denial list that could lead to server-side request forgery...

The vulnerability of the framework for creating applications based on the combination of language models (LLMs) like LangChain arises from insufficient validation of requests at the server-side level. This allows attackers to execute an SSRF attack.

The vulnerability of the framework for creating applications based on the combination of language models LLMs like LangChain is related to insufficient validation of requests at the server-side. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack...

CVE-2025-8228

A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function getPages of the file /cms/collect/getPages. The manipulation of the argument targetUrl leads to server-side request forgery. The attack may be launched remotely. Th...

Gopherus

This tool is called Gopherus and it generates gopher links for exploiting Server-Side Request Forgery SSRF and gaining Remote Code Execution RCE in various servers. The tool can be used to exploit vulnerabilities in MySQL, PostgreSQL, FastCGI, Memcached, Redis, Zabbix, and SMTP servers. The tool...

ChanCMS 代码问题漏洞

ChanCMS is a content management system by Chinese yanyutao0402 individual developer. A code issue vulnerability exists in ChanCMS 3.1.2 and earlier versions, which stems from the incorrect operation of the parameter targetUrl in the file /cms/collect/getPages, leading to server-side request forge...

CVE-2025-52455

Server-Side Request Forgery SSRF vulnerability in Salesforce Tableau Server on Windows, Linux EPS Server modules allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19...

CVE-2025-45939

Apwide Golive 10.2.0 Jira plugin allows Server-Side Request Forgery SSRF via the test webhook function...

Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability

Cisco Unified Intelligence Center is the United States Cisco Cisco company's set of Web-based reporting platform. The platform provides reports related to business data and call center data presentation capabilities. A server-side request forgery vulnerability exists in Cisco Unified Intelligence...

Salesforce Tableau 安全漏洞

Salesforce Tableau is a data visualization and analytics platform from Salesforce, Inc. A security vulnerability exists in Salesforce Tableau versions prior to 2025.1.3, prior to 2024.2.12, and prior to 2023.3.19, which stems from insufficient validation of the EPS Server module and could lead to...

Salesforce Tableau 安全漏洞

Salesforce Tableau is a data visualization and analytics platform from Salesforce, Inc. A security vulnerability exists in Salesforce Tableau versions prior to 2025.1.3, prior to 2024.2.12, and prior to 2023.3.19, which stems from insufficient validation of the Flow Data Source module and could...

Schneider Electric EcoStruxure IT Data Center Expert Server-Side Request Forgery Vulnerability

Schneider Electric EcoStruxure IT Data Center Expert is a scalable monitoring software from Schneider Electric France that collects, organizes, and distributes critical device information to provide a comprehensive view of devices. A server-side request forgery vulnerability exists in Schneider...

GHSA-9H3Q-32C7-R533 private-ip vulnerable to Server-Side Request Forgery

All versions of the package private-ip are vulnerable to Server-Side Request Forgery SSRF, where an attacker can provide an IP or hostname that resolves to a multicast IP address 224.0.0.0/4 which is not included as part of the private IP ranges in the package's source code...

CVE-2025-54445

Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics MagicINFO 9 Server allows Server Side Request Forgery.This issue affects MagicINFO 9 Server: less than 21.1080.0...

WordPress plugin Featured Image Plus – Quick & Bulk Edit with Unsplash 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Featured Image Plu...

CVE-2025-34142

An XML External Entity XXE injection vulnerability exists in ETQ Reliance on the CG legacy platform within the /resources/sessions/sso endpoint. The SAML authentication handler processes XML input without disabling external entity resolution, allowing crafted SAML responses to invoke external...

CVE-2025-54122 Manager-io/Manager allows unauthenticated full read server-side request forgery in "proxy" endpoint

Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery SSRF vulnerability has been identified in the proxy handler component of both manager Desktop and Server edition versions up to and including 25.7.18.2519. This vulnerability allows an...