The vulnerability of the Passwork password manager, related to insufficient validation of incoming requests, allows attackers to execute SSRF attacks.

The vulnerability of the Passwork password manager is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute an SSRF attack using specially crafted HTTP requests...

SonicWALL SMA1000 代码问题漏洞

SonicWALL SMA1000 is a family of secure mobile access solutions from SonicWALL, Inc. simplifies end-to-end secure remote access to enterprise resources hosted across local, cloud and hybrid data centers. A code issue vulnerability exists in SonicWALL SMA1000 12.4.3-02676 and prior versions, which...

Plane 安全漏洞

Plane is an open source, self-hosted project planning tool from Plane Open Source. A security vulnerability exists in Plane versions prior to v0.23.0, which stems from the use of wildcards to support the retrieval of an image from any hostname, which could allow an attacker to induce server-side...

Server-side Request Forgery (SSRF)

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the asyncsaveurltocache function in the /queue/join endpoint. An attacker can send HTTP requests to...

Server-side Request Forgery (SSRF)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to improper input sanitization, allowing it's exploitation via injection of arbitrary URLs. An attacker can read arbitrary files on the...

Adobe Commerce 代码问题漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce suffers from a server-side request forgery vulnerability that can be exploited by an attacker to cause arbitrary file system reads...

CVE-2024-47008

Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information...

Ada.cx 安全漏洞

Ada.cx is a SaaS platform from Ada.cx, Inc. Ada.cx has a security vulnerability that stems from a data capture endpoint that allows blind server-side request forgery...

PT-2024-39615 · Ada.Cx · Ada.Cx

Name of the Vulnerable Software and Affected Versions: Ada.cx affected versions not specified Description: The issue concerns a blind server-side request forgery SSRF vulnerability in Ada.cx's Sentry configuration. This vulnerability is exploited through a data scraping endpoint, allowing for SSR...

httpd: SSRF in Apache HTTP Server on Windows

A flaw was found in httpd on Windows systems. This issue potentially allows NTLM hashes to be leaked to a malicious server via Server-side request forgery SSRF and malicious requests or content...

PT-2024-30853 · Unknown · Firsh Justified Image Grid

Name of the Vulnerable Software and Affected Versions: Firsh Justified Image Grid versions through 4.6.1 Description: A Server-Side Request Forgery SSRF issue affects Firsh Justified Image Grid, allowing for Server Side Request Forgery. Recommendations: For versions through 4.6.1, consider...

apache: cxf: org.apache.cxf:cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter

A Server-side request forgery SSRF vulnerability has been identified in Apache CXF in the WADL service description. The flaw allows an attacker to perform SSRF-style attacks on REST web services. The attack only applies if a custom stylesheet parameter is configured...

VulnCheck KEV: CVE-2017-0929

DNN aka DotNetNuke before 9.2.0 suffers from a Server-Side Request Forgery SSRF vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources...

VulnCheck KEV: CVE-2015-8813

The PageLoad function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery SSRF attacks via the url parameter...

PT-2024-32318 · Unknown · Referencevalidator +1

Name of the Vulnerable Software and Affected Versions: referencevalidator versions prior to 2.5.1 Description: The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox WstxInputFactory. A...

File Handling and Storage Helper 安全漏洞

File Handling and Storage Helper is a file handling and storage helper from the individual developer Conrad Carpenter. A security vulnerability exists in File Handling and Storage Helper versions prior to 1.5.0 and 2.x prior to 2.3.0, which stems from a failure to properly validate URLs within...

GHSA-G26J-5385-HHW3 LiteLLM Server-Side Request Forgery (SSRF) vulnerability

A Server-Side Request Forgery SSRF vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the apibase parameter when making requests to POST /chat/completions, causing the application to send the request to the domain specified by apibase. This request...

LiteLLM 代码问题漏洞

LiteLLM is an open source application from LiteLLM. All LLM APIs can be called using the OpenAI format. A code issue vulnerability exists in LiteLLM version 1.38.10, which stems from vulnerability to a server-side request forgery attack, where a user can specify parameters when sending a request,...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...