CVE-2023-37230

Loftware Spectrum testDeviceConnection before 5.1 allows SSRF...

CVE-2023-37229

Loftware Spectrum before 5.1 allows SSRF...

Loftware Spectrum 安全漏洞

Loftware Spectrum is an enterprise label printing solution from Loftware, a comprehensive, cloud-based label printing platform for companies of all sizes. A security vulnerability exists in Loftware Spectrum prior to version 5.1 that stems from the inclusion of a server-side request forgery...

ELADMIN 安全漏洞

ELADMIN is a backend management system for elunez Personal Developer. A security vulnerability exists in ELADMIN v2.7 and earlier versions, which stems from vulnerability to a server-side request forgery SSRF attack that allows an attacker to execute arbitrary code via the DatabaseController.java...

PT-2024-13441 · Undefined · Undefined

SageCRM Directory Traversal, SQL Injection and Server-Side Request Forgery CVEs: CVE-2023-47300, CVE-2023-47301, CVE-2023-47302,CVE-2023-47303 https://t.co/HSou9Momct...

PT-2024-13439 · Undefined · Undefined

SageCRM Directory Traversal, SQL Injection and Server-Side Request Forgery CVEs: CVE-2023-47300, CVE-2023-47301, CVE-2023-47302,CVE-2023-47303 https://t.co/HSou9Momct...

CVE-2024-44721

SeaCMS v13.1 was discovered to a Server-Side Request Forgery SSRF via the url parameter at /adminreslib.php...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

SeaCMS 安全漏洞

SeaCMS is a free, open source web content management system written in PHP by SeaCMS, Inc. The system is primarily designed to manage video-on-demand resources. A security vulnerability exists in SeaCMS version 13.1 that stems from a server-side request forgery SSRF vulnerability in the url...

Veeam Backup & Replication 安全漏洞

Veeam Backup & Replication is a backup and replication software from Veeam USA. A security vulnerability exists in Veeam Backup & Replication version 12.1.2.172 and prior versions 12, which stems from the inclusion of a server request forgery vulnerability that allows a low-privileged user to...

PYSEC-2024-74

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contai...

DRUPAL-CONTRIB-2024-037

Open Social is a Drupal distribution for online communities, which ships with an optional module called Social Embed. This module allows a website to display embedded content such as photos or videos when a user posts a link to that resource, without having to parse the resource directly. Added...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

Lightdash 安全漏洞

Lightdash is a visual data analysis tool from Lightdash open source. A security vulnerability exists in Lightdash version 0.1024.6, which stems from a server-side request forgery SSRF issue that could allow a threat participant to obtain a user's session token when the user exports a dashboard th...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

The vulnerability of the graphical tool for creating and supporting artificial intelligence – Microsoft Copilot Studio – arises from insufficiently checking incoming requests, allowing a hacker to execute an SSRF attack.

The vulnerability of the graphical tool for creating and supporting artificial intelligence, Microsoft Copilot Studio, is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack remotely...

USN-6978-1: XStream vulnerabilities

It was discovered that XStream incorrectly handled parsing of certain crafted XML documents. A remote attacker could possibly use this issue to read arbitrary files. CVE-2016-3674 Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run...

Ubuntu 14.04 LTS / 16.04 LTS : XStream vulnerabilities (USN-6978-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6978-1 advisory. It was discovered that XStream incorrectly handled parsing of certain crafted XML documents. A remote attacker could possibly use this issue ...

PT-2024-30535 · Ckan +3 · Ckan +5

Name of the Vulnerable Software and Affected Versions: CKAN versions prior to 2.10.5 CKAN versions prior to 2.11.0 Description: CKAN is an open-source data management system for powering data hubs and data portals. There are a number of CKAN plugins, including XLoader, DataPusher, Resource proxy,...