CVE-2024-13195

A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been classified as critical. This affects the function getHtml of the file src/main/java/org/zdd/bookstore/rawl/HttpUtil.java. The manipulation of the argument url leads to server-side request forgery. It is possible to initia...

bookstore 安全漏洞

bookstore is an e-commerce bookstore system by donglight individual developer. A security vulnerability exists in bookstore version 1.0.0, which originates from the parameter url in the file src/main/java/org/zdd/bookstore/rawl/HttpUtil.java that can lead to a server-side request forgery attack...

WordPress plugin Greenshift 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Greenshift plugin <= 9.0.0 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross-Site Scripting vulnerability

Missing Authorization to Authenticated Subscriber+ Server-Side Request Forgery and Stored Cross-Site Scripting vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Greenshift versions = 9.0.0...

PT-2025-2053 · Unknown · Donglight Bookstore

Name of the Vulnerable Software and Affected Versions: donglight bookstore versions 1.0.0 Description: A critical issue affects the getHtml function of the file src/main/java/org/zdd/bookstore/rawl/HttpUtil.java. The manipulation of the url argument leads to server-side request forgery, allowing...

Intersec Geosafe-ea 缓冲区错误漏洞

Intersec Geosafe-ea is an application from Intersec France. A security vulnerability exists in Intersec Geosafe-ea versions 2022.12, 2022.13, and 2022.14, which stems from the presence of an XML External Entity Injection vulnerability that could allow an attacker to perform an arbitrary file read...

PT-2025-3242 · Tips Tricks Hq · Compact Wp Audio Player

Name of the Vulnerable Software and Affected Versions: Tips and Tricks HQ Compact WP Audio Player versions 1.9.14 and earlier Description: The issue is a Server-Side Request Forgery SSRF vulnerability that allows Server Side Request Forgery. This means an attacker can potentially trick the server...

PT-2025-1016 · Sonicwall · Sonicos

Name of the Vulnerable Software and Affected Versions: SonicOS affected versions not specified Description: A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logg...

I, Librarian 代码问题漏洞

I, Librarian is a library management program by Martin Kucej, a personal developer. A security vulnerability exists in I, Librarian version 5.11.1 and earlier, which stems from improper input validation in classes/security/validation.php and is vulnerable to server-side request forgery attacks...

Mysiteforme 代码问题漏洞

Mysiteforme is a permission management system for wangl1989 individual developers. A code issue vulnerability exists in Mysiteforme version 1.0, which stems from the parameter content in the file src/main/java/com/mysiteform/admin/controller/system/FileController that can lead to server-side...

PT-2025-2025 · Unknown · Mysiteforme

Name of the Vulnerable Software and Affected Versions: wangl1989 mysiteforme version 1.0 Description: A critical issue affects the doContent function of the file src/main/java/com/mysiteform/admin/controller/system/FileController. The manipulation of the content argument leads to server-side...

WordPress Compact WP Audio Player plugin <= 1.9.14 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin Compact WP Audio Player versions = 1.9.14...

WordPress plugin Photo Gallery Slideshow & Masonry Tiled Gallery 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the...

CVE-2024-13029

A vulnerability, which was classified as problematic, was found in Antabot White-Jotter up to 0.2.2. Affected is an unknown function of the file /admin/content/book of the component Edit Book Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack...

FastChat 代码问题漏洞

FastChat is LMSYS Org's is an open platform for training, deploying, and evaluating chatbots based on large language models. A code issue vulnerability exists in FastChat that stems from a server-side request forgery vulnerability in the POST/workergeneratestream API endpoint that allows an...

PT-2024-17889 · Unknown · Antabot White-Jotter

Name of the Vulnerable Software and Affected Versions: Antabot White-Jotter versions up to 0.2.2 Description: A problematic issue has been found in the Article Editor component, specifically in the /admin/content/editor file, affecting an unknown functionality. The manipulation of the articleCove...

Antabot White-Jotter 代码问题漏洞

White-Jotter is a front-end and back-end separation project developed by Antabot individual developers using Vue+Spring Boot, with a full set of development tutorials. A code issue vulnerability exists in Antabot White-Jotter version 0.2.2 and earlier versions. An attacker can exploit this...

PT-2024-17886 · Unknown · Antabot White-Jotter

Name of the Vulnerable Software and Affected Versions: Antabot White-Jotter versions up to 0.2.2 Description: A problematic issue was found in the Edit Book Handler component, affecting an unknown function of the file /admin/content/book. This leads to server-side request forgery, which can be...

PT-2024-34397 · Unknown · Smart Agent

Name of the Vulnerable Software and Affected Versions: Smart Agent version 1.1.0 Description: A Server-Side Request Forgery SSRF issue allows a remote attacker to obtain sensitive information via a crafted script to the "/FB/getFbVideoSource.php" component. This enables the attacker to access...

WISI Tangram GT31 代码问题漏洞

WISI Tangram GT31 is a module for a high-density digital platform from WISI. A code issue vulnerability exists in WISI Tangram GT31 20241214 and prior versions that stems from a component HTTP request handler that can lead to server-side request forgery...