WordPress plugin Starter Templates 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Progress Software WhatsUp Gold 代码问题漏洞

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A code issue vulnerability exists in Progress Software WhatsUp Gold versions prior to...

PT-2024-25519 · Linqi · Linqi

Name of the Vulnerable Software and Affected Versions: linqi versions prior to 1.4.0.1 Description: An issue in linqi allows for Server-Side Request Forgery SSRF via Document template generation. This can be achieved through remote images in process creation, file inclusion, and PDF document...

ZEIT Next.js代码问题漏洞

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. A code issue vulnerability exists in ZEIT Next.js versions 13.4 through prior to 14.1.1 that stems from the presence of a server-side request forgery SSRF vulnerability...

WordPress plugin ShortPixel Adaptive Images 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

Lobe Chat Security Vulnerability

Lobe Chat is an open source, high performance chatbot framework. A security vulnerability exists in Lobe Chat versions prior to 0.150.6, which stems from an unauthorized server-side request forgery vulnerability that allows an attacker to construct a malicious request without logging in, resultin...

linqi 安全漏洞

linqi is a process digitization program from linqi, Inc. A security vulnerability exists in linqi versions prior to 1.4.0.1 that stems from the presence of server-side request forgery...

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition and Community Edition. A malicious party could exploit them to cause a denial-of-service, access gain access to and manipulate system data, or launch a Server-Side Request Forgery SSRF exploit. Such an attack can lead to execution of...

WordPress ShortPixel Adaptive Images plugin <= 3.8.3 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin ShortPixel Adaptive Images versions = 3.8.3...

PT-2024-32383 · Lobe Chat · Lobe Chat

Name of the Vulnerable Software and Affected Versions: Lobe Chat versions prior to 1.19.13 Description: The issue concerns a server-side request forgery protection bypass in Lobe Chat, an open-source artificial intelligence chat framework. This protection, implemented in src/app/api/proxy/route.t...

PT-2024-25011 · Lobe Chat · Lobe Chat

Name of the Vulnerable Software and Affected Versions: Lobe Chat versions prior to 0.150.6 Description: The issue is related to an unauthorized Server-Side Request Forgery SSRF vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause SSRF without logging in,...

GHSA-FR5H-RQP8-MJ6G Next.js Server-Side Request Forgery in Server Actions

Impact A Server-Side Request Forgery SSRF vulnerability was identified in Next.js Server Actions by security researchers at Assetnote. If the Host header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js...

WordPress Starter Templates plugin <= 4.1.6 - Authenticated (Contributor+) Server-Side Request Forgery vulnerability

Authenticated Contributor+ Server-Side Request Forgery vulnerability discovered by Lucio Sá in WordPress Plugin Starter Templates versions = 4.1.6...

CVE-2024-33857

An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery...

Logpoint 安全漏洞

Logpoint is a network security application from the Danish company Logpoint. A security vulnerability exists in Logpoint versions prior to 7.4.0, which stems from a lack of input validation of URLs in threat intelligence, and allows an attacker with low-level access to the system to trigger...

apache: cxf: org.apache.cxf:cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter

A Server-side request forgery SSRF vulnerability has been identified in Apache CXF in the WADL service description. The flaw allows an attacker to perform SSRF-style attacks on REST web services. The attack only applies if a custom stylesheet parameter is configured...

CVE-2024-34453

TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api&method=readdata&type=connectivitytest which reaches /system/api.php...

TwoNav 安全漏洞

TwoNav is an open source and free bookmark navigation management program from tznb1 open source. A security vulnerability exists in TwoNav version 2.1.13, which stems from a server-side request forgery vulnerability in the url parameter...

WordPress ZD YouTube FLV Player plugin <= 1.2.6 - Server-Side Request Forgery vulnerability

Server-Side Request Forgery vulnerability discovered by Mike in WordPress Plugin ZD YouTube FLV Player versions = 1.2.6...

WordPress Google Doc Embedder plugin <= 2.6.4 - Authenticated (Contributor+) Blind Server Side Request Forgery vulnerability

Authenticated Contributor+ Blind Server Side Request Forgery vulnerability discovered by István Márton in WordPress Plugin Google Document Embedder versions = 2.6.4...