WordPress TablePress plugin <= 2.3 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebind vulnerability

Authenticated Author+ Server-Side Request Forgery via DNS Rebind vulnerability discovered by Tobias Weißhaar kun19 in WordPress Plugin TablePress versions = 2.3.1...

WordPress plugin TablePress Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding

A server-side request forgery SSRF vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted...

springframework: URL Parsing with Host Validation

A flaw was found in the Spring Framework. Applications that use UriComponentsBuilder to parse an externally provided URL, for example, through a query parameter, and perform validation checks on the host of the parsed URL may be vulnerable to an open redirect attack or an SSRF attack if the URL i...

CVE-2024-4177

A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on premise...

PrivateGPT Security Vulnerabilities

PrivateGPT is an AI project. A security vulnerability exists in PrivateGPT version 0.5.0 that stems from susceptibility to a server-side request forgery SSRF attack that allows an attacker to send crafted requests that result in unauthorized access and potentially sensitive information...

Gradio Code Issue Vulnerability

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. A code issue vulnerability exists in Gradio version 4.21.0, which stems from a server-side request forgery vulnerability due to insufficient validation of values retrieve...

LoLLMs Code Issue Vulnerability

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. LoLLMs suffers from a code issue vulnerability that stems from not adequately validating user-entered URLs and a server-side request forgery SSRF vulnerability that could allow an attacker to...

Quivr Code Issue Vulnerability

Quivr is an artificial intelligence application open-sourced by Quivr. A code issue vulnerability exists in Quivr that stems from a server-side request forgery vulnerability in the crawlendpoint function...

PT-2024-24130 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions prior to 1.0.0 Description: The issue is due to improper input validation in several endpoints, allowing an attacker to escalate privileges from a default user role to an admin role, read and delete arbitra...

CVE-2024-4084

A Server-Side Request Forgery SSRF vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192, 172...

EAP: wildfly-elytron has a SSRF security issue

A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery SSRF vulnerabili...

cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding

A server-side request forgery SSRF vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted...

cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding

A server-side request forgery SSRF vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted...

EAP: wildfly-elytron has a SSRF security issue

A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery SSRF vulnerabili...

CVE-2024-35635

Server-Side Request Forgery SSRF vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.9...

GHSA-2P57-RM9W-GVFP ip SSRF improper categorization in isPublic

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1 are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282...

WordPress WP STAGING plugin < 3.5.0 - Admin+ SSRF vulnerability

Admin+ SSRF vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP STAGING – Backup Duplicator & Migration versions 3.5.0...

WordPress plugin Auto Featured Image security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

The vulnerability of the Apache ServiceComb service for detecting and managing microservices is related to insufficient validation of requests on the server side. This allows a malicious actor to execute an SSRF attack.

The vulnerability of the Apache ServiceComb service for detection and management of microservices is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack remotely...