USN-7218-1 python3.10, python3.8 vulnerability

It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery SSRF attack...

CVE-2025-0584

The a+HRD from aEnrich Technology has a Server-side Request Forgery, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network...

aEnrich a+HRD 代码问题漏洞

aEnrich a+HRD is a full-service human resources development solution from Acer aEnrich China. A code issue vulnerability exists in aEnrich a+HRD 7.5 and prior versions, which stems from the presence of a server-side request forgery vulnerability that allows an attacker to probe the internal netwo...

PT-2025-3975 · Aenrich Technology · A+Hrd

Name of the Vulnerable Software and Affected Versions: a+HRD from aEnrich Technology affected versions not specified Description: The issue is a Server-side Request Forgery, which allows unauthenticated remote attackers to exploit it and probe the internal network. Recommendations: At the moment,...

CVE-2024-57252

OtCMS =V7.46 is vulnerable to Server-Side Request Forgery SSRF in /admin/read.php, which can Read system files arbitrarily...

PT-2025-3422 · Otcms · Otcms

Name of the Vulnerable Software and Affected Versions: OtCMS versions =7.46 Description: The issue allows for Server-Side Request Forgery SSRF in the "/admin/read.php" API endpoint, enabling arbitrary system file reads. Recommendations: For OtCMS versions =7.46, as a temporary workaround, conside...

OTCMS 代码问题漏洞

OTCMS OTCMS is a content management system CMS for article-based websites from OTCMS. A code issue vulnerability exists in OTCMS version 7.46 and prior versions, which stems from /admin/read.php containing a server-side request forgery issue...

matrix-media-repo 代码问题漏洞

matrix-media-repo is a highly configurable multi-domain media repository for Matrix open source by t2bot.io. A code issue vulnerability exists in matrix-media-repo versions prior to v1.3.8 that stems from vulnerability to a server-side request forgery attack that, under certain conditions, serves...

gomatrixserverlib 代码问题漏洞

gomatrixserverlib is a Go library from the Matrix Foundation. It is used for common functions required by Matrix servers. A code issue vulnerability exists in Gomatrixserverlib that stems from vulnerability to server-side request forgery attacks...

PT-2025-2933 · Unknown +1 · Matrix Media Repo +1

Name of the Vulnerable Software and Affected Versions: Matrix Media Repo MMR versions prior to 1.3.8 Description: Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This issue allows MMR to serve...

PT-2025-2932 · Unknown +1 · Gomatrixserverlib +1

Name of the Vulnerable Software and Affected Versions: Gomatrixserverlib affected versions not specified Description: Gomatrixserverlib is a Go library for matrix federation. It is vulnerable to server-side request forgery, serving content from a private network it can access, under certain...

CVE-2024-57767

MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery SSRF via the component /file/download...

PT-2025-4460 · Learndash · Faizaan Gagan Course Migration For Learndash

Name of the Vulnerable Software and Affected Versions: Faizaan Gagan Course Migration for LearnDash versions 1.0.2 through n/a Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability, which allows for Server Side Request Forgery. This means an attacker can potentiall...

PT-2025-34632

Name of the Vulnerable Software and Affected Versions: PhpOffice/PhpSpreadsheet versions prior to 1.30.0 PhpOffice/PhpSpreadsheet versions prior to 2.1.12 PhpOffice/PhpSpreadsheet versions prior to 2.4.0 PhpOffice/PhpSpreadsheet versions prior to 3.10.0 PhpOffice/PhpSpreadsheet versions prior to...

WUZHI CMS 代码问题漏洞

WUZHI CMS is a PHP and MySQL based open source content management system CMS from WUZHI. A code issue vulnerability exists in WUZHI CMS version 4.1.0, which stems from the parameter sphinxhost/sphinxport being susceptible to server-side request forgery attacks...

Mysiteforme 安全漏洞

Mysiteforme is a permissions management system for wangl1989 individual developers. A security vulnerability exists in Mysiteforme versions prior to 2025.01.01, which stems from a discovery via the component /file/download that contains a server-side request forgery vulnerability...

Stripo Inc: [my.stripo.email] Blind SSRF Vulnerability in Stripo App Export via Missing Endpoints Export Email Message to Zapier

A critical Blind SSRF Server-Side Request Forgery vulnerability was identified in the export service of the Stripo app. The vulnerability existed in the endpoint /exportservice/v3/exports/WEBHOOK/accounts, where malicious input could be provided in the webhookUrl parameter, triggering SSRF and...

Veeam Backup 代码问题漏洞

Veeam Backup is a backup software from Veeam USA. A code issue vulnerability exists in Veeam Backup versions prior to 7.1.0.59 that stems from vulnerability to server-side request forgery SSRF attacks, which could allow an unauthenticated attacker to send unauthorized requests from the system...

The vulnerability of the SSH configuration function on SonicOS operating systems allows a hacker to perform an SSRF attack.

The vulnerability of the SSH configuration function in SonicOS operating systems is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Workload Automation is vulnerable to a server-side forgery attack,

Summary IBM WebSphere Application Server is used by IBM Workload Automation CVE-2024-22354 Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External...