DEBIAN-CVE-2024-22262

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI Open Source. A security vulnerability exists in Open WebUI versions prior to 0.1.117, which stems from vulnerability to authenticated blind server-side request forgery attacks...

PT-2024-10052 · Ibm · Ibm Websphere Application Server +1

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 8.5, 9.0 IBM WebSphere Application Server Liberty versions 17.0.0.3 through 24.0.0.5 Description: The issue is related to incorrect restriction of XML links to external objects, which can be exploited...

Spring Framework 安全漏洞

Spring Framework is a set of open source Java, JavaEE application frameworks from the U.S. Spring team. The framework helps developers build high-quality applications. Spring Framework has a security vulnerability that stems from vulnerability to open redirection attacks or server-side request...

CVE-2024-32430

Server-Side Request Forgery SSRF vulnerability in ActiveCampaign.This issue affects ActiveCampaign: from n/a through 8.1.14...

Gradio 输入验证错误漏洞

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. Gradio suffers from an input validation error vulnerability that stems from the presence of a server-side request forgery vulnerability that allows an attacker to scan an...

WordPress Plugin Wappointment 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress Plugin ActiveCampaign 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

PT-2024-19342 · Ibm · Ibm Websphere Application Server +1

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 8.5, 9.0 IBM WebSphere Application Server Liberty versions 17.0.0.3 through 24.0.0.3 Description: The issue is related to server-side request forgery SSRF. By sending a specially crafted request, an...

WordPress Wappointment plugin <= 2.6.0 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin Wappointment versions = 2.6.0...

WordPress Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin <= 3.1.26 - Authenticated Server-Side Request Forgery (SSRF) vulnerability

Authenticated Server-Side Request Forgery SSRF vulnerability discovered by Lucio Sá in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.1.26...

PT-2024-2941 · Unknown +2 · Spring Framework +4

Name of the Vulnerable Software and Affected Versions: Spring Framework versions prior to 5.3.34 Spring Framework versions prior to 6.0.19 Spring Framework versions prior to 6.1.6 Description: The issue exists due to insufficient validation of user-input data in the UriComponentsBuilder component...

a-blog cms 安全漏洞

a-blog cms is a Japanese content management system CMS. A security vulnerability exists in a-blog cms that stems from vulnerability to server-side request forgery attacks...

PT-2024-21916 · Leantime · Leantime

Name of the Vulnerable Software and Affected Versions: Leantime version 3.0.6 Description: A Cross-Site Scripting issue exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets. This stored XSS issue c...

PT-2024-25931 · Mautic · Mautic

Name of the Vulnerable Software and Affected Versions: No specific software name or versions are mentioned in the provided descriptions. Description: The issue allows users with low privileges to perform certain AJAX actions, leading to improper access to...

CVE-2024-2343

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the formtourlaction function. This makes it possible for authenticated attackers, with contributor-level access and above, to...

CVE-2024-2223

An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux...

GHSA-V4MM-Q8FV-R2W5 WildFly Elytron: SSRF security issue

A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery SSRF vulnerabili...

CVE-2024-1233

A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery SSRF vulnerabili...

CVE-2024-27898

SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request...