CVE-2020-6308

SAP BusinessObjects Business Intelligence Platform Web Services versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker c...

CVE-2020-6282

SAP NetWeaver AS JAVA IIOP service SERVERCORE, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA IIOP service CORE-TOOLS, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usually use...

Exploit for Open Redirect in Grafana

PoC exploit for CVE-2025-4123, an XSS and Full-Read SSRF vulnera...

CVE-2025-36560

Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may gain access to sensitive information by sending a specially crafted request...

appleple a-blog cms 代码问题漏洞

appleple a-blog cms is a content management system from appleple, Inc. A code issue vulnerability exists in appleple a-blog cms, which stems from server-side request forgery and could lead to the acquisition of sensitive information...

Multiple vulnerabilities in a-blog cms

Overview a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Path traversal CWE-22 CVE-2025-27566 This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege Cross-site scripting CWE-79...

The vulnerability of the CommuniGate Pro mail server, which stems from insufficient validation of incoming requests, allows attackers to carry out SSRF attacks.

The vulnerability of the CommuniGate Pro mail server is related to insufficient checking of incoming requests. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack remotely...

CVE-2025-45887

Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery SSRF in /api/file/getRemoteContent...

Microsoft Power Apps 代码问题漏洞

Microsoft Power Apps is a low-code development platform from Microsoft Corporation USA designed to help users easily build customized enterprise applications. A code issue vulnerability exists in Microsoft Power Apps, which stems from vulnerability to server-side request forgery attacks that coul...

Microsoft Azure 代码问题漏洞

Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from Microsoft Corporation USA. A code issue vulnerability exists in Microsoft Azure that stems from server-side request forgery and could lead to spoofing attacks...

CVE-2025-47635

Server-Side Request Forgery SSRF vulnerability in WPWebinarSystem WebinarPress allows Server Side Request Forgery. This issue affects WebinarPress: from n/a through 1.33.27...

CVE-2025-47548

Server-Side Request Forgery SSRF vulnerability in Varun Dubey Wbcom Designs - Activity Link Preview For BuddyPress allows Server Side Request Forgery. This issue affects Wbcom Designs - Activity Link Preview For BuddyPress: from n/a through 1.4.4...

WordPress plugin WP Pipes 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress plugin Easy Replace Image 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress plugin Solace Extra 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

USN-7488-1 python vulnerabilities

It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery SSRF attack. This issue only affected python 2.7 and python3.4 on Ubuntu 14.04 LTS; python2.7 on Ubuntu 16.04 LTS; python2.7,...

mrdoc 安全漏洞

mrdoc is a python based online documentation system by the individual developer of zmister2016. A security vulnerability exists in mrdoc 0.9.5 and earlier versions, which stems from the validateurl function leading to server-side request forgery...

IBM Concert 代码问题漏洞

IBM Concert is a new tool from International Business Machines IBM, Inc. that uses generative AI to help manage complex cloud-native applications. A code issue vulnerability exists in IBM Concert 1.0.5 and prior versions that stems from the presence of server-side request forgery, which could...

CVE-2024-13845

The Gravity Forms WebHooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.0 via the 'processfeed' method of the GFWebhooks class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web...

Sematell ReplyOne 安全漏洞

Sematell ReplyOne is an artificial intelligence-based reply management software from Sematell. A security vulnerability exists in Sematell ReplyOne version 7.4.3.0 that stems from the presence of a server-side request forgery that could result in sending unauthorized requests...