CVE-2024-5917

A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible...

Palo Alto Networks PAN-OS 代码问题漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A code issue vulnerability exists in Palo Alto Networks PAN-OS that stems from a server-side request forgery vulnerability that could allow an unauthenticated attacker to use the...

PT-2024-37239 · Palo Alto Networks · Pan-Os

Name of the Vulnerable Software and Affected Versions: PAN-OS affected versions not specified Description: A server-side request forgery in PAN-OS software enables an attacker to use the administrative web interface as a proxy, allowing them to view internal network resources not otherwise...

Adobe Commerce 安全漏洞

Adobe Commerce is a leading global digital commerce solution for merchants and brands from Adobe. A security vulnerability exists in Adobe Commerce version 3.2.5 and prior versions, which stems from the inclusion of a server-side request forgery vulnerability that could lead to a security feature...

PT-2024-8162 · Sap · Sap Web Dispatcher

Name of the Vulnerable Software and Affected Versions: SAP Web Dispatcher versions prior to the November 2024 Patch Day Description: An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, input da...

CVE-2024-50811

hopetree izone lts c011b48 contains a server-side request forgery SSRF vulnerability in the active push function as \apps\tool\apis\bdpush.py does not securely filter user input through pushurls and geturls...

izone 安全漏洞

izone is a Django-based blogging project by the individual developer of Hopetree. A security vulnerability exists in izone, which stems from the pushurls and geturls functions in apps oolapisdpush.py containing a server-side request forgery...

Northern.tech Mender 安全漏洞

Northern.tech Mender is a secure and reliable remote update solution from Northern.tech, Inc. It is suitable for connected devices of any size. A security vulnerability exists in Northern.tech Mender versions prior to 3.6.6 and 3.7.x prior to 3.7.7 that stems from the presence of a server-side...

PT-2024-16571 · WordPress · Code Embed

Name of the Vulnerable Software and Affected Versions: Code Embed plugin for WordPress versions up to 2.5 Description: The Code Embed plugin for WordPress is vulnerable to Server-Side Request Forgery via the ce get file function. This makes it possible for authenticated attackers, with...

CVE-2024-48951

An issue was discovered in Logpoint before 7.5.0. Server-Side Request Forgery SSRF on SOAR can be used to leak Logpoint's API Token leading to authentication bypass...

Logpoint 安全漏洞

Logpoint is a network security application from the Danish company Logpoint. A security vulnerability exists in Logpoint versions prior to 7.5.0, which stems from a server-side request forgery SSRF on SOAR that can be used to disclose Logpoint's API tokens, leading to authentication bypass...

PT-2024-33293 · Logpoint · Logpoint

Name of the Vulnerable Software and Affected Versions: Logpoint versions prior to 7.5.0 Description: An issue in Logpoint allows Server-Side Request Forgery SSRF on SOAR, which can be used to leak Logpoint's API Token, leading to authentication bypass. Recommendations: For versions prior to 7.5.0...

VulnCheck KEV: CVE-2024-39713

A Server-Side Request Forgery SSRF affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1...

SUSE CVE-2024-48052

In gradio =4.42.0, the gr.DownloadButton function has a hidden server-side request forgery SSRF vulnerability. The reason is that within the saveurltocache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resourc...

Server-side Request Forgery (SSRF)

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to no restrictions on the URL, in the saveurltocache function. An attacker can access and download local resourc...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to validating the IPv4 as safe but then the request will be made to the unsafe IPv6 address, when a domain resolves to a public IPv4 and a private IPv6. PoC php enablePinDns; $pluginClient = new...

CVE-2024-51665

Server-Side Request Forgery SSRF vulnerability in Noor alam Magical Addons For Elementor allows Server Side Request Forgery.This issue affects Magical Addons For Elementor: from n/a through 1.2.1...

PT-2024-34810 · Noor Alam · Magical Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Magical Addons For Elementor versions 1.2.1 and earlier Description: A Server-Side Request Forgery SSRF vulnerability is present in Noor alam Magical Addons For Elementor, allowing Server Side Request Forgery. Recommendations: For versions...

WordPress plugin Magical Addons For Elementor 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

Gradio 安全漏洞

Gradio, an open source Python library from Gradio Open Source, is a way to demonstrate machine learning models through a friendly web interface. A security vulnerability exists in Gradio version 4.42.0, which stems from the gr.DownloadButton function containing a server-side request forgery...