Vulnerabilities fixed in Apache HTTP Server

Two vulnerabilities have been fixed in Apache HTTP server 2.4. The first vulnerability CVE-2024-40725 can lead to source code leakage when files are accessed indirectly. The second vulnerability CVE-2024-40898 involves a Server Side Request Forgery SSRF that can be abused by a malicious person to...

PT-2024-18941

Name of the Vulnerable Software and Affected Versions github.com/gotenberg/gotenberg/v8/pkg/gotenberg versions prior to 8.1.0 github.com/gotenberg/gotenberg/v8/pkg/modules/chromium versions prior to 8.1.0 github.com/gotenberg/gotenberg/v8/pkg/modules/webhook versions prior to 8.1.0 Description Th...

Apache HTTP Server 代码问题漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that can be exploited by an attacker to disclose NTLM...

PT-2024-24331 · Apache · Apache Streampipes

Name of the Vulnerable Software and Affected Versions: Apache StreamPipes versions through 0.93.0 Description: A Server-Side Request Forgery SSRF issue exists in Apache StreamPipes during the installation process of pipeline elements. The software allowed users to configure custom endpoints for...

PT-2024-12282 · Unknown · Fluid Topics

Name of the Vulnerable Software and Affected Versions: Fluid Topics versions prior to 4.3 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability, where an authenticated user can force the server to make arbitrary requests to internal and external resources...

CVE-2024-39739

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 296008...

PublicCMS Code Issues Vulnerabilities

PublicCMS is an open source content management system CMS written in Java by PublicCMS China. A code issue vulnerability exists in PublicCMS version v4.0.202302.e, which stems from vulnerability to server-side request forgery attacks...

PT-2024-28908 · Publiccms · Publiccms

Name of the Vulnerable Software and Affected Versions: PublicCMS version 4.0.202302.e Description: The issue is related to a Server-Side Request Forgery SSRF that can be exploited via the component /admin/ueditor?action=catchimage. This allows an attacker to forge requests from the server...

PublicCMS Code Issues Vulnerabilities

PublicCMS is an open source content management system CMS written in Java by PublicCMS China. A code issue vulnerability exists in PublicCMS version v4.0.202302.e, which stems from vulnerability to server-side request forgery attacks...

WordPress MakeStories (for Google Web Stories) plugin <= 3.0.3 - Arbitrary File Download and SSRF vulnerability

Arbitrary File Download and SSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin MakeStories for Google Web Stories versions = 3.0.3...

WordPress Seraphinite Post .DOCX Source plugin <= 2.16.9 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Seraphinite Post .DOCX Source versions = 2.16.9...

WordPress Get Use APIs – JSON Content Importer plugin <= 1.5.6 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin JSON Content Importer versions = 1.5.6...

CVE-2024-37171

SAP Transportation Management Collaboration Portal allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application. This will trigger the application handler to send a request to an unintended service, which may reveal information about that...

CVE-2024-31897

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the...

PT-2024-9896 · Sap · Sap Transportation Management

Name of the Vulnerable Software and Affected Versions: SAP Transportation Management Collaboration Portal affected versions not specified Description: The issue allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application, triggering the...

PT-2024-24272 · Ibm · Ibm Cloud Pak For Business Automation

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Business Automation versions 18.0.0 through 23.0.2 Description: The issue allows an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other...

WordPress plugin WP Scraper code issue vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

PT-2024-27425 · Foxiz · Foxiz

Name of the Vulnerable Software and Affected Versions: Foxiz versions 2.3.5 and earlier Description: A Server-Side Request Forgery SSRF vulnerability has been identified in Theme-Ruby Foxiz. This issue allows for unauthorized access to internal resources, potentially leading to sensitive data...

PT-2024-27376 · WordPress · Wp Scraper

Name of the Vulnerable Software and Affected Versions: WP Scraper versions 5.7 and earlier Description: A Server-Side Request Forgery SSRF issue has been identified. This issue allows an attacker to forge requests from the server, potentially leading to unauthorized access to internal resources...

Personal Management System security breach

Personal Management System is a web application for managing personal data by Dariusz Personal Developer. A security vulnerability exists in Personal Management System version 1.4.64, which stems from the presence of a server-side request forgery SSRF vulnerability that causes the server to make...