PT-2024-24893 · Culqi · Culqi

Name of the Vulnerable Software and Affected Versions: Culqi versions 3.0.14 and earlier Description: A Server-Side Request Forgery SSRF issue affects the software, allowing for potential unauthorized access to internal resources. Recommendations: For versions 3.0.14 and earlier, update to a...

PT-2024-24877 · Woocommerce · Superfaktura Woocommerce

Name of the Vulnerable Software and Affected Versions: SuperFaktura WooCommerce versions 1.40.3 and earlier Description: A Server-Side Request Forgery SSRF issue has been identified. This allows an attacker to trick the server into making requests to arbitrary domains, potentially leading to...

WordPress plugin Podlove Podcast Publisher 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress buddyforms plugin <= 2.8.8- Arbitrary File Read and SSRF vulnerability

WordPress buddyforms plugin = 2.8.8- Arbitrary File Read and SSRF vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin BuddyForms versions = 2.8.8...

WordPress Culqi plugin <= 3.0.14 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Culqi versions = 3.0.14...

CVE-2024-27347

Server-Side Request Forgery SSRF vulnerability in Apache HugeGraph-Hubble.This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue...

Apache HugeGraph 代码问题漏洞

Apache HugeGraph is a fast and scalable graph database from the Apache USA Foundation. Apache HugeGraph-Hubble suffers from a server-side request forgery vulnerability that can be exploited by an attacker to conduct SSRF attacks through the use of specially crafted parameters...

PT-2024-21838 · Apache · Apache Hugegraph-Hubble

Name of the Vulnerable Software and Affected Versions: Apache HugeGraph-Hubble versions 1.0.0 through 1.2.x Description: A Server-Side Request Forgery SSRF issue affects the software, allowing unauthorized access to internal resources. Users are advised to upgrade to a fixed version to resolve th...

CVE-2024-29021 SSRF into Sandbox Escape through Unsafe Default Configuration

Judge0 is an open-source online code execution system. The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery SSRF. This allows an attacker with sufficient access to the Judge0 API to obtain unsandboxed code execution as root on the...

PT-2024-22164 · Akana · Akana Api Platform +1

Name of the Vulnerable Software and Affected Versions: Akana API Platform versions prior to and including 2022.1.3 Akana Community Manager Developer Portal versions prior to and including 2022.1.3 Description: A server-side request forgery SSRF issue was discovered. This issue allows an attacker ...

PT-2024-24118 · Mintplex +1 · Anything-Llm +1

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm affected versions not specified Description: A Server-Side Request Forgery SSRF vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin...

WordPress Plugin Really Simple SSL 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A code issue vulnerability exists in WordPress Plugin...

PT-2024-23869 · Unknown · Really Simple Ssl

Name of the Vulnerable Software and Affected Versions: Really Simple SSL versions through 7.2.3 Description: The issue is a Server-Side Request Forgery SSRF vulnerability. This means an attacker can potentially trick the server into making unauthorized requests, leading to various malicious...

CVE-2024-22329

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery SSRF. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID: 279951...

WordPress Plugin feedzy-rss-feeds 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

IBM WebSphere Application Server 和 IBM WebSphere Application Server Liberty 代码问题漏洞

IBM WebSphere Application Server WAS and IBM WebSphere Application Server Liberty are both products of International Business Machines IBM.IBM WebSphere Application Server is an application server IBM WebSphere Application Server is an application server product. The product is a platform for...

PT-2024-6877

Name of the Vulnerable Software and Affected Versions Ivanti Avalanche versions prior to 6.4.5 Description A server-side request forgery issue exists in the validateAMCWSConnection function of Ivanti Avalanche. This flaw allows a remote, unauthenticated attacker to disclose sensitive information ...

PT-2024-15089 · WordPress · The Rss Aggregator By Feedzy – Feed To Post

Name of the Vulnerable Software and Affected Versions: The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress versions up to, and including, 4.4.7 Description: The plugin is vulnerable to Blind Server-Side Request Forgery via the fetc...

Vulnerabilities fixed in IBM Websphere Application Server

Vulnerabilities have been fixed in IBM WebSphere Application Server and IBM WebSphere Application Server Liberty.The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Server Side Request Forgery SSRF. Access to sensitive data IBM has releas...

GHSA-2WRP-6FG6-HMC5 Spring Framework URL Parsing with Host Validation

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...