SUSE CVE-2024-39338

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs...

WordPress plugin Skitter Slideshow 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding

A server-side request forgery SSRF vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted...

PT-2024-19282 · Terminalfour · Terminalfour

Name of the Vulnerable Software and Affected Versions: Terminalfour versions 8.0.0001 through 8.3.18 XML JDBC versions up to 1.0.4 Description: The issue allows authenticated users to submit malicious XML via unspecified features, potentially leading to accessing the underlying server, remote cod...

Terminalfour 安全漏洞

Terminalfour is a digital marketing and web content management platform for higher education from US-based Terminalfour, Inc. A security vulnerability exists in versions of Terminalfour prior to 8.3.19 that stems from the presence of a server-side request forgery vulnerability that allows...

PT-2024-5990

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 18.12.16 Description The issue is related to Server-Side Request Forgery SSRF and Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This vulnerability may allow a remote...

CVE-2024-7743

A vulnerability was found in wanglongcn ltcms 1.0.20. It has been declared as critical. Affected by this vulnerability is the function downloadUrl of the file /api/file/downloadUrl of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. The attac...

CVE-2024-7740

A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical. This vulnerability affects the function download of the file /api/test/download of the component API Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack can be initiat...

httpd: Potential SSRF in mod_rewrite

A flaw was found in the modrewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the modproxy module...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

httpd: Potential SSRF in mod_rewrite

A flaw was found in the modrewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the modproxy module...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

PT-2024-38550 · Wanglongcn · Ltcms

Name of the Vulnerable Software and Affected Versions: wanglongcn ltcms version 1.0.20 Description: A critical issue has been found, affecting the multiDownload function of the /api/file/multiDownload API Endpoint. The manipulation of the file argument leads to server-side request forgery, allowi...

PT-2024-5743

Name of the Vulnerable Software and Affected Versions Microsoft Azure Health Bot affected versions not specified Description The issue is related to insufficient validation of incoming requests in Microsoft Azure Health Bot, which can be exploited by an authenticated attacker to elevate privilege...

Wanglong LTcms 代码问题漏洞

Wanglong LTcms is an enterprise website builder from China's Wanglong company. A code issue vulnerability exists in Wanglong LTcms version 1.0.20, which stems from an incorrect operation of the parameter file that can lead to server-side request forgery...

Wanglong LTcms 代码问题漏洞

Wanglong LTcms is an enterprise website builder from China's Wanglong company. A code issue vulnerability exists in Wanglong LTcms version 1.0.20, which stems from an incorrect manipulation of the parameter url that can lead to server-side request forgery...

GHSA-8HC4-VH64-CXMJ Server-Side Request Forgery in axios

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs...

DEBIAN-CVE-2024-39338

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

Axios 安全漏洞

Axios is an HTTP client based on Promise a solution for asynchronous programming from the Axios open source. Axios version 1.7.2 has a security vulnerability that stems from vulnerability to a server-side request forgery attack, where a request for a path-relative URL is processed as a...