WordPress Broken Link Checker plugin < 2.4.2 - Admin+ SSRF vulnerability

Admin+ SSRF vulnerability discovered by Carlos Flores in WordPress Plugin Broken Link Checker versions 2.4.2...

IBM i 代码问题漏洞

IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. A code issue vulnerability exists in IBM i versions 7.3, 7.4, and 7.5 that stems from susceptibility to server-side request forgery SSRF, which could allow an...

PT-2024-17769 · Arctic Security · Arctic Hub

Name of the Vulnerable Software and Affected Versions: Arctic Security's Arctic Hub versions 3.0.1764 through 5.6.1877 Description: A Server-Side Request Forgery issue exists in the URL Mapper of Arctic Security's Arctic Hub, allowing an unauthenticated remote attacker to exfiltrate and modify...

GHSA-6V67-2WR5-GVF4 QOS.CH logback-core Server-Side Request Forgery vulnerability

Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files...

CVE-2024-49336

IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

Stirling-PDF 安全漏洞

Stirling-PDF is a powerful, locally hosted, web-based PDF manipulation tool using Docker, open-sourced by Stirling Tools. A security vulnerability exists in Stirling-PDF version 0.35.1, which stems from vulnerability to a server-side request forgery attack that allows an attacker to access...

PT-2024-36472 · Unknown · Stirling-Pdf

Name of the Vulnerable Software and Affected Versions: Stirling-PDF version 0.35.1 Description: A Server-Side Request Forgery SSRF issue in the endpoint "http://your-server/url-to-pdf" of Stirling-PDF allows attackers to access sensitive information via a crafted request. This enables attackers t...

logback 安全漏洞

logback is a reliable, general-purpose, fast and flexible Java logging framework open-sourced by QOS.CH. A security vulnerability exists in logback version 1.5.12, which stems from SaxEventRecorder containing a server-side request forgery issue. An attacker can exploit this vulnerability to forge...

WordPress Broken Link Checker | Finder plugin <= 2.5.0 - Authenticated (Author+) Blind Server-Side Request Forgery vulnerability

Authenticated Author+ Blind Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Broken Link Checker | Finder versions = 2.5.0...

PT-2024-36475 · Unknown · Getsimple Cms

Name of the Vulnerable Software and Affected Versions: GetSimple CMS CE version 3.3.19 Description: The issue is related to Server-Side Request Forgery SSRF in the backend plugin module. This allows an attacker to forge requests from the server, potentially leading to unauthorized access or...

GetSimple CMS 安全漏洞

GetSimple CMS is a content management system from GetSimple CMS open source. A security vulnerability exists in GetSimple CMS version 3.3.19, which stems from a vulnerability in the back-end plugin module to a server-side request forgery attack...

PT-2024-36474 · Unknown · Getsimple Cms

Name of the Vulnerable Software and Affected Versions: GetSimple CMS CE version 3.3.19 Description: The issue allows for Server-Side Request Forgery SSRF in the plug-in download address on the management page of the backend management system. This can be achieved within the GetSimple CMS CE...

WordPress plugin WP All Import Pro 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress WP All Import Pro plugin <= 4.9.3 - Authenticated (Administrator+) Server-Side Request Forgery via File Import vulnerability

Authenticated Administrator+ Server-Side Request Forgery via File Import vulnerability discovered by Ivan Kuzymchak in WordPress Plugin WP All Import Pro versions = 4.9.3...

WordPress plugin Hurrakify 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress Radio Player plugin <= 2.0.83 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Malvin Valerian Gultom Patchstack Alliance in WordPress Plugin Radio Player versions = 2.0.83...

sinatra: Open Redirect Vulnerability in Sinatra via X-Forwarded-Host Header

A flaw was found in Sinatra. This vulnerability allows an Open Redirect attack via the X-Forwarded-Host XFH header, potentially enabling Cache Poisoning or Server-Side Request Forgery SSRF when used in caching servers or reverse proxies...

WordPress Hurrakify plugin <= 2.4 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin Hurrakify versions = 2.4...

SAP NetWeaver Administrator 代码问题漏洞

SAP NetWeaver Administrator SAP NWA is a Web-based framework tool for administration, configuration, and monitoring from SAP, Germany. A server-side request forgery vulnerability exists in SAP NetWeaver Administrator, which stems from the product's failure to properly validate user input, and can...

Vulnerabilities fixed in ABB ASPECT, NEXUS Series and MATRIX Series

ABB has fixed vulnerabilities in ABB ASPECT, NEXUS Series and MATRIX Series Specifically for versions up to 3.08.02. The vulnerabilities include unauthorized access to files on the Web server, which can lead to data leakage or unauthorized data manipulation. In addition, serious vulnerabilities...