Refit 注入漏洞

Refit is a library in the ReactiveUI open source. Refit suffers from an injection vulnerability that stems from failing to check for CRLF characters in the header value, making it vulnerable to server-side request forgery attacks...

WordPress Magical Addons For Elementor plugin <= 1.2.1 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Magical Addons For Elementor versions = 1.2.1...

Server-side Request Forgery (SSRF)

Overview fastagency is a The fastest way to bring multi-agent workflows to production Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the OAuth2PasswordBearer class's gettoken method, where the tokenurl is constructed from unvalidated OpenAPI schema...

Qualitor 安全漏洞

Qualitor is a managed service process and centralized service platform from Qualitor, Inc. A security vulnerability exists in Qualitor version v8.24, which originates from the component /request/viewValidacao.php and is vulnerable to server-side request forgery attacks...

CVE-2024-48346

xtreme1 = v0.9.1 contains a Server-Side Request Forgery SSRF vulnerability in the /api/data/upload path. The vulnerability is triggered through the fileUrl parameter, which allows an attacker to make arbitrary requests to internal or external systems...

PT-2024-33086 · Xtreme1 · Xtreme1

Name of the Vulnerable Software and Affected Versions: xtreme1 versions prior to 0.9.2 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability. It is triggered through the fileUrl parameter in the "/api/data/upload" API endpoint, allowing an attacker to make arbitrar...

ELADMIN 安全漏洞

ELADMIN is a backend management system for elunez individual developers. A security vulnerability exists in ELADMIN v2.7 and earlier versions, which stems from a server-side request forgery in the HTTP Body ip parameter...

Xtreme1 安全漏洞

Xtreme1 is an all-in-one open source platform for multimodal training data open-sourced by Xtreme1. A security vulnerability exists in Xtreme1 v0.9.1 and earlier versions that stems from vulnerability to a server-side request forgery attack that allows an attacker to make arbitrary requests to...

CVE-2024-48107

SparkShop =1.1.7 is vulnerable to server-side request forgery SSRF. This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server...

CVE-2024-48178

newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery SSRF via the goodsCoverImg parameter...

newbee-mall 安全漏洞

newbee-mall is an e-commerce system. A security vulnerability exists in newbee-mall v1.0.0, which originates from a server-side request forgery SSRF vulnerability via the goodCoverImg parameter...

PT-2024-33012 · Unknown · Newbee-Mall

Name of the Vulnerable Software and Affected Versions: newbee-mall version 1.0.0 Description: The issue allows for Server-Side Request Forgery SSRF via the goodsCoverImg parameter. Recommendations: For version 1.0.0, avoid using the goodsCoverImg parameter until the issue is resolved...

mipjz 安全漏洞

mipjz is a content management system based on Baidu Mobile Accelerator MIP developed by sansanyun individual developer. mipjz 5.0.5 version of a security vulnerability, the vulnerability stems from the app agcontrollerApiAdminTag.php in the push method of the postAddress parameter is not handled...

CVE-2024-20274

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due ...

Cisco Secure Firewall Management Center 安全漏洞

Cisco Secure Firewall Management Center is a powerful network security management tool from Cisco. Cisco Secure Firewall Management Center suffers from a server-side request forgery vulnerability that stems from improper validation of user-supplied data. An attacker could use this vulnerability t...

WordPress plugin Edwiser Bridge 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress plugin Mapplic and Mapplic Lite 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress Edwiser Bridge plugin <= 3.0.7 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin Edwiser Bridge versions = 3.0.7...

libuv: Improper Domain Lookup that potentially leads to SSRF attacks

A server-side request forgery SSRF flaw was found in the libuv package due to how the hostnameascii variable is handled in uvgetaddrinfo and uvidnatoascii. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result, attackers may be able to access...

UBUNTU-CVE-2024-6763

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browser...