PT-2024-28626 · Fedify · Fedify

Name of the Vulnerable Software and Affected Versions: Fedify versions prior to 0.9.2, 0.10.1, or 0.11.1 Description: The issue is related to a Server Side Request Forgery attack. When Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the...

PT-2024-22859 · Unknown · Volmarg Personal Management System

Name of the Vulnerable Software and Affected Versions: Volmarg Personal Management System version 1.4.64 Description: The Volmarg Personal Management System is vulnerable to Server Side Request Forgery SSRF via uploading a SVG file. This allows the server to make unintended HTTP and DNS requests ...

libuv: Improper Domain Lookup that potentially leads to SSRF attacks

A server-side request forgery SSRF flaw was found in the libuv package due to how the hostnameascii variable is handled in uvgetaddrinfo and uvidnatoascii. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result, attackers may be able to access...

Vulnerabilities fixed in Apache HHTP server

Apache Software Foundation has fixed vulnerabilities in the Apache HTTP Server. A malicious party can exploit the vulnerabilities to cause a denial-of-service, manipulate traffic via Server-Side-Request-Forgery SSRF, or execute code within the Web server, which the malicious party is not initiall...

MESbook 安全漏洞

MESbook is a web-based system from MESbook Inc. connects to factory machines and converts data into information for real-time management. MESbook has a server-side request forgery vulnerability that can be exploited by an attacker to read the source code of a web file, read internal files or acce...

CVE-2023-50952

IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 275774...

Apache Santuario Security Vulnerability

Apache Santuario is a set of major security standards for implementing XML from the Apache Foundation in the U.S. It contains two libraries: Apache XML Security for Java and Apache XML Security for C++. A security vulnerability exists in Apache Santuario that stems from protection against...

CVE-2024-5014

In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML form...

PT-2024-33971 · Ipswitch · Whatsup Gold

Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2023.1.3 Description: A Server Side Request Forgery issue exists in the GetASPReport feature, allowing any authenticated user to retrieve ASP reports from an HTML form. Recommendations: For versions prior to...

UBUNTU-CVE-2023-45195

Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4...

PT-2024-27967

Name of the Vulnerable Software and Affected Versions cyclonedx-core-java versions prior to 9.0.4 Description The CycloneDX core module provides a model representation of SBOMs and utilities for creating, validating, and parsing them. Before deserializing CycloneDX Bill of Materials in XML format...

The vulnerability of Apache CXF web services arises from insufficient validation of user input data, allowing attackers to execute SSRF attacks.

The vulnerability of Apache CXF web services arises due to insufficient validation of data entered by users through Aegis DataBinding. Exploiting this vulnerability can allow a malicious actor to perform an SSRF attack remotely...

CVE-2024-5746

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise...

WordPress WP Scraper plugin <= 5.7 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin WP Scraper versions = 5.7...

WordPress BlossomThemes Email Newsletter plugin <= 2.2.6 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Yuchen Ji Patchstack Alliance in WordPress Plugin BlossomThemes Email Newsletter versions = 2.2.6...

PT-2024-27764 · Strapi · Strapi

Name of the Vulnerable Software and Affected Versions: Strapi version 4.24.4 Description: The issue allows attackers to scan for open ports or access sensitive information via a crafted GET request to the "/strapi.io/ next/image" component. This is a Server-Side Request Forgery SSRF vulnerability...

PT-2024-15054 · WordPress · The Popup Builder

Name of the Vulnerable Software and Affected Versions: The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress versions up to, and including, 4.3.1 Description: The issue arises from a missing capability check on several functions, allowing unauthorize...

Wordpress ElementsKit Pro plugin <= 3.6.2 - Authenticated (Contributor+) Server-Side Request Forgery vulnerability

Authenticated Contributor+ Server-Side Request Forgery vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin ElementsKit Pro versions = 3.6.2...

The vulnerability of the webhook component of the Grafana OnCall notification system allows a hacker to perform an SSRF attack.

The vulnerability of the webhook component in the Grafana OnCall notification system is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

SuiteCRM Security Breach

SuiteCRM is a customer relationship management system from the SuiteCRM team. A security vulnerability exists in SuiteCRM. An attacker exploiting this vulnerability could perform a server-side request forgery attack...