PT-2024-28573 · Edubin · Edubin

Name of the Vulnerable Software and Affected Versions: Edubin versions 9.2.0 and earlier Description: The issue is a Server Side Request Forgery SSRF vulnerability. This means an attacker can potentially trick the server into making unauthorized requests, which could lead to various security...

CVE-2024-6980

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise...

YouDianCMS 代码问题漏洞

YouDianCMS YouDian CMS is a website builder from China YouDian Company. A code issue vulnerability exists in YouDianCMS version 7, which stems from the parameter url in the file curlexec /App/Core/Extend/Function/ydLib.php that can lead to server-side request forgery...

PT-2024-29352 · Wondercms · Wondercms

Name of the Vulnerable Software and Affected Versions: WonderCMS version 3.4.3 Description: A Server-Side Request Forgery SSRF issue in the Plugins Page allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...

WonderCMS 安全漏洞

WonderCMS is a PHP-based open source content management system CMS from WonderCMS. A server-side request forgery vulnerability exists in WonderCMS version 3.4.3, which stems from a failure to properly validate user input in the Plugins Page, and can be exploited by an attacker to force the...

The vulnerability of the GLPI system’s handling of requests and incidents, related to the possibility of falsifying requests on the server side, allows a perpetrator to redirect users to any arbitrary URL address.

The vulnerability in the GLPI system for handling requests and incidents is related to the possibility of forged requests on the server side. Exploiting this vulnerability allows a malicious actor to redirect users to an arbitrary URL address...

CVE-2024-6922: Automation Anywhere Automation 360 Server-Side Request Forgery

Automation 360 Robotic Process Automation suite v21-v32 is vulnerable to unauthenticated Server-Side Request Forgery SSRF. SSRF occurs when the server can be induced to perform arbitrary requests on behalf of an attacker. An attacker with unauthenticated access to the Automation 360 Control Room...

PT-2024-29274 · Pypi · Streamlit-Geospatial

Name of the Vulnerable Software and Affected Versions: streamlit-geospatial versions prior to commit c4f81d9616d40c60584e36abb15300853a66e489 Description: The issue allows for blind server-side request forgery due to the url variable taking user input, which is then used by the get wms layer meth...

PT-2024-29276

Name of the Vulnerable Software and Affected Versions streamlit-geospatial versions prior to commit c4f81d9616d40c60584e36abb15300853a66e489 Description The issue arises from the url variable in the pages/9 🔲 Vector Data Visualization.py file, which takes user input. This input is then passed to...

streamlit-geospatial 代码问题漏洞

streamlit-geospatial is an Open Geospatial Solutions open source streamlit multi-page application for geospatial applications. A code issue vulnerability exists in streamlit-geospatial that stems from pages/7? The url variable in WebMapService.py accepts user input that is passed to the getlayers...

streamlit-geospatial 代码问题漏洞

streamlit-geospatial is an Open Geospatial Solutions open source streamlit multi-page application for geospatial applications. A code issue vulnerability exists in streamlit-geospatial that stems from pages/9? The url variable in VectorDataVisualization.py accepts user input, which is then passed...

CVE-2024-41664 Blind SSRF via Canarytoken Webhook

Canarytokens help track activity and actions on a network. Prior to sha-8ea5315, Canarytokens.org was vulnerable to a blind SSRF in the Webhook alert feature. When a Canarytoken is created, users choose to receive alerts either via email or via a webhook. If a webhook is supplied when a Canarytok...

httpd: Potential SSRF in mod_rewrite

A flaw was found in the modrewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the modproxy module...

cBioPortal 安全漏洞

cBioPortal is an application of cBioPortal open source. It is used to provide visualization, analysis, and download of large-scale cancer genomics datasets. A security vulnerability exists in cBioPortal that originates when running a publicly available proxy endpoint without authentication...

WordPress AI ENGINE plugin <= 2.4.7 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Yuchen Ji Patchstack Alliance in WordPress Plugin AI Engine versions = 2.4.7...

CVE-2024-37942

Server-Side Request Forgery SSRF vulnerability in Berqier Ltd BerqWP.This issue affects BerqWP: from n/a through 1.7.5...

PT-2024-27847 · Berqwp · Berqwp

Name of the Vulnerable Software and Affected Versions: BerqWP versions 1.7.5 and earlier Description: The issue is a Server-Side Request Forgery SSRF vulnerability. This means an attacker can potentially trick the server into making unauthorized requests, leading to various malicious outcomes...

PT-2024-28169 · Unknown · Bernhard Kux Json Content Importer

Name of the Vulnerable Software and Affected Versions: Bernhard Kux JSON Content Importer versions 1.5.6 and earlier Description: A Server-Side Request Forgery SSRF issue has been identified. This allows an attacker to forge requests from the server, potentially leading to unauthorized access to...

The vulnerability in the web client of IBM Datacap software for document collection and processing allows a hacker to perform an SSRF attack due to insufficient validation of incoming requests.

The vulnerability in the web-based client of IBM Datacap software for document collection and processing involves insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

PT-2024-28199 · Wapppress · Wapppress

Name of the Vulnerable Software and Affected Versions: WappPress versions through 6.0.4 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability. This means an attacker could potentially force the server to make unintended requests, leading to various security issues...