CVE-2024-6784

Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...

VulnCheck KEV: CVE-2022-45835

Server-Side Request Forgery SSRF vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15...

ABB ASPECT 安全漏洞

ABB ASPECT is a scalable building energy management and control solution from ABB Switzerland. ABB ASPECT has a security vulnerability that stems from the inclusion of a server-side request forgery vulnerability...

python: Improper validation of IPv6 and IPvFuture addresses

A flaw was found in Python. The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery SSRF if a URL is...

QNAP Notes Station 3 Server-Side Request Forgery Vulnerability

QNAP Notes Station 3 is a private cloud notes software that runs on QNAP NAS devices and supports real-time multi-person collaboration, version control, data encryption and snapshot backup. A server-side request forgery vulnerability exists in QNAP Notes Station 3. The vulnerability stems from th...

Server-side Request Forgery (SSRF)

Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Server-side...

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...

WordPress Asset CleanUp: Page Speed Booster plugin <=1.3.9.8 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Zaidan Rizaki Patchstack Alliance in WordPress Plugin Asset CleanUp: Page Speed Booster versions = 1.3.9.8...

Lobe Chat 代码问题漏洞

Lobe Chat is an open source, high-performance chatbot framework open-sourced by LobeHub. A code issue vulnerability exists in Lobe Chat versions prior to 1.19.13, which stems from vulnerability to server-side request forgery attacks that could allow an attacker to launch an attack without logging...

The vulnerability of the Butterfly web application development tool lies in the improper restriction on the path to the restricted catalog, which allows a hacker to perform an SSRF attack.

The vulnerability of the Butterfly web application development tool is related to an incorrect limitation on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to perform a SSRF attack remotely...

CVE-2024-38645

A server-side request forgery SSRF vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to read application data. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later...

PT-2024-17139 · Ipc · Ipc Unigy Management System

Name of the Vulnerable Software and Affected Versions: IPC Unigy Management System version 04.03.00.08.0027 Description: A critical issue was found in the HTTP Request Handler component, which can lead to server-side request forgery. This issue can be exploited remotely. The exploit has been...

IPC Unigy Management System 安全漏洞

IPC Unigy Management System is an integrated trading platform from IPC Inc. It is used to monitor, manage and maintain the trading communications infrastructure. A security vulnerability exists in IPC Unigy Management System version 04.03.00.08.0027. An attacker could exploit this vulnerability t...

The vulnerability of the HttpURI class in Eclipse Jetty’s server container allows a attacker to perform an SSRF attack.

The vulnerability of the HttpURI class in Eclipse Jetty’s server container is related to improper syntax validation during input processing. Exploiting this vulnerability allows an attacker to perform an SSRF attack remotely...

The vulnerability of the Apache OFBiz resource planning software lies in improper code generation management, which allows attackers to execute SSRF attacks.

The vulnerability of Apache OFBiz’s resource planning software lies in improper code generation management. Exploiting this vulnerability allows a remote attacker to execute an SSRF attack...

Red Hat OpenShift Console 代码问题漏洞

Red Hat OpenShift Console is an OpenShift console from Red Hat USA. A code issue vulnerability exists in Red Hat OpenShift Console, which stems from the vulnerability of the component openshift4/ose-console to a server-side request forgery attack, which allows an authenticated user to make the...

PT-2024-40094 · Vm2 +1 · Vm2 +1

Name of the Vulnerable Software and Affected Versions: Flowise affected versions not specified Description: The issue allows developers to inject configuration into the Chainflow during execution through the overrideConfig option, which is supported in both the frontend web integration and the...

PT-2024-8600 · Apache · Apache Ofbiz

Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions prior to 18.12.17 Description: The issue is related to Server-Side Request Forgery SSRF and Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This vulnerability may allow a remote...

DEBIAN-CVE-2021-3902

An improper restriction of external entities XXE vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery SSRF and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to...

Dompdf 代码问题漏洞

Dompdf is a Dompdf open source HTML to PDF converter . A code issue vulnerability exists in Dompdf versions prior to 2.0.0, which stems from the presence of an improper restriction of the External Entity XXE vulnerability, which could lead to server-side request forgery SSRF and deserialization...