CVE-2024-30150

HCL MyCloud is affected by Improper Access Control - an unauthenticated privilege escalation vulnerability which may lead to information disclosure and potential for Server-Side Request Forgery SSRF and Denial of ServiceDOS attacks from unauthenticated users...

CVE-2024-13695

The Enfold theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.9 via the 'attachmentid' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

VulnCheck KEV: CVE-2024-38514

NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery SSRF vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance MKCOL, PUT and...

WordPress plugin Enfold 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

USN-7280-1 python3.10, python3.12, python3.8 vulnerability

It was discovered that Python incorrectly handled parsing domain names that included square brackets. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery SSRF attack...

WordPress Embed Any Document plugin <= 2.7.5 - Authenticated (Contributor+) Blind Server-Side Request Forgery via embeddoc Shortcode vulnerability

Authenticated Contributor+ Blind Server-Side Request Forgery via embeddoc Shortcode vulnerability discovered by theviper17y in WordPress Plugin Embed Any Document versions = 2.7.5...

Pigeon 代码问题漏洞

Pigeon is a lightweight message board/notepad/social system/blog by the individual developer Akkariin Meiko. A code issue vulnerability exists in Pigeon version 1.0.177, which stems from a parameter url in the file /pigeon/imgproxy/index.php that can lead to server-side request forgery...

Vulnerabilities fixed in SonicWall SonicOS

Sonicwall has fixed vulnerabilities in SonicOS for Gen6 and Gen7 firewalls. The first vulnerability concerns a weak pseudo-random number generator in the SSLVPN CVE-2024-40762, allowing attackers to predict authentication tokens in some cases. CVE-2024-53704 concerns improper authentication in th...

WordPress plugin ProfileGrid 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress ProfileGrid plugin <= 5.9.4.2 - Authenticated (Subscriber+) Limited Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Limited Server-Side Request Forgery vulnerability discovered by Tim Coen in WordPress Plugin ProfileGrid versions = 5.9.4.2...

CVE-2024-13879

The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.2 due to insufficient validation on the webhook feature. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to...

WordPress Responsive Plus plugin <= 3.1.4 - Authenticated (Contributor+) Blind Server-Side Request Forgery via remote_request vulnerability

Authenticated Contributor+ Blind Server-Side Request Forgery via remoterequest vulnerability discovered by Francesco Carlucci in WordPress Plugin Responsive Plus versions = 3.1.4...

PT-2025-6920 · Unknown · Filemegane

Name of the Vulnerable Software and Affected Versions: FileMegane versions 3.0.0.0 through 3.4.0.0 Description: The issue exists due to a Server-Side Request Forgery SSRF vulnerability. This could allow executing arbitrary backend Web API requests, potentially leading to rebooting the services...

PT-2025-6619 · WordPress · Stream

Name of the Vulnerable Software and Affected Versions: The Stream plugin for WordPress versions up to, and including, 4.0.2 Description: The issue is related to Server-Side Request Forgery due to insufficient validation on the webhook feature. This allows authenticated attackers with...

CVE-2024-13834

The Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.4 via the 'remoterequest' function. This makes it possible for authenticated attacker...

WordPress Stream plugin <= 4.0.2 - Authenticated (Admin+) Server-Side Request Forgery vulnerability

Authenticated Admin+ Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Stream versions = 4.0.2...

Server-side Request Forgery (SSRF)

Overview label-studio is a Label Studio annotation tool Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the s3endpoint parameter due to improper input validation. An attacker can make the application send HTTP requests to arbitrary internal services by...

SUSE CVE-2024-12801

Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML...

SUSE CVE-2024-40898

SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue...

PT-2025-7076 · Unknown · Label Studio

Name of the Vulnerable Software and Affected Versions: Label Studio versions prior to 1.16.0 Description: Label Studio's S3 storage integration feature contains a Server-Side Request Forgery SSRF vulnerability in its endpoint configuration. When creating an S3 storage connection, the application...