PT-2024-23382 · Brave · Brave Popup Builder

Name of the Vulnerable Software and Affected Versions: Brave Popup Builder versions 0.6.5 and earlier Description: A Server-Side Request Forgery SSRF issue affects the Brave Popup Builder, allowing unauthorized access to internal resources. No information is provided about the estimated number of...

CVE-2023-45705

An administrative user of WebReports may perform a Server Side Request Forgery SSRF exploit through SMTP configuration options...

CVE-2024-29090

Server-Side Request Forgery SSRF vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4...

CVE-2023-39313

Server-Side Request Forgery SSRF vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1...

CVE-2023-36679

Server-Side Request Forgery SSRF vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6...

WordPress Plugin Spectra 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

HCL BigFix Platform 代码问题漏洞

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platforms from HCL Technologies, USA. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in the HCL BigFix Platform that originates from ...

Sysaid Technologies SysAid 代码问题漏洞

Sysaid Technologies SysAid is a suite of IT service management solutions from Sysaid Technologies, Israel. A code issue vulnerability exists in Sysaid Technologies SysAid versions prior to 23.2.14 b18, which stems from the presence of server-side request forgery SSRF, which could allow exposing t...

WordPress Plugin Astra 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress Plugin Gutenberg Blocks by Kadence Blocks 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress Plugin AI Engine 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...

WordPress Plugin CMP 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress Plugin Avada 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...

PT-2024-22030 · Sysaid · Sysaid

Name of the Vulnerable Software and Affected Versions: SysAid versions prior to 23.2.14 b18 Description: The issue allows for Server-Side Request Forgery SSRF, which may expose the local OS user's NTLMv2 hash. Recommendations: For versions prior to 23.2.14 b18, update to version 23.2.14 b18 or...

CVE-2024-28435

The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload...

PT-2024-22435 · Twenty · Twenty

Name of the Vulnerable Software and Affected Versions: Twenty version 0.3.0 Description: The CRM platform is vulnerable to server-side request forgery SSRF via file upload. This issue allows an attacker to potentially access internal resources or make unauthorized requests. Recommendations: For...

Twenty 安全漏洞

Twenty is an open source CRM platform from Twenty. A security vulnerability exists in Twenty version 0.3.0, which stems from an easy server-side request forgery attack via file uploads...

PYSEC-2024-257

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also ...

CVE-2024-2828

A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Affected is the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the argument url leads to server-side request forgery. I...

CVE-2024-2827

A vulnerability, which was classified as critical, has been found in lakernote EasyAdmin up to 20240315. This issue affects some unknown processing of the file /ureport/designer/saveReportFile. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploi...