PT-2024-22378 · Unknown · Lakernote Easyadmin

Name of the Vulnerable Software and Affected Versions: lakernote EasyAdmin versions up to 20240315 Description: A critical issue was found in the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the argument url leads to...

Easyadmin 代码问题漏洞

Easyadmin is a simple, lightweight backend management system scaffolding by laker individual developers. A code issue vulnerability exists in EasyAdmin version 20240315 and prior versions, which stems from an incorrect manipulation of the parameter url that can lead to server-side request forgery...

PT-2024-22372 · Unknown · Lakernote Easyadmin

Name of the Vulnerable Software and Affected Versions: lakernote EasyAdmin up to 20240315 Description: A critical issue has been found in lakernote EasyAdmin, affecting some unknown processing of the file "/ureport/designer/saveReportFile". The manipulation leads to server-side request forgery. T...

Likeshop 安全漏洞

Likeshop is a complete solution for social commerce strategies from Likeshop Open Source. A security vulnerability exists in Likeshop versions prior to 2.5.7 that stems from the presence of a server-side request forgery SSRF vulnerability that allows an attacker to view sensitive information via...

batik: Server-Side Request Forgery vulnerability

A flaw was found in Apache Batik 1.0 - 1.16. This issue occurs due to a malicious SVG triggering external resources loading by default, causing resource consumption or in some cases information disclosure...

GLPI Security Vulnerabilities

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

PT-2024-21648 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.13 Description: GLPI is a Free Asset and IT Management Software package that includes features such as data center management, ITIL Service Desk, licenses tracking, and software auditing. An authenticated user can...

GHSA-HGJH-9RJ2-G67J Spring Framework URL Parsing with Host Validation Vulnerability

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...

UBUNTU-CVE-2024-22259

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...

GHSA-QMGX-J96G-4428 SSRF vulnerability using the Aegis DataBinding in Apache CXF

A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings including the default databinding are not impacted...

PaperCut NG Security Vulnerability

PaperCut NG is a suite of next-generation printer control software from PaperCut Australia. A security vulnerability exists in PaperCut NG/MF that stems from the presence of a server-side request forgery SSRF vulnerability that allows an attacker to trick a server-side application into making HTT...

PT-2024-18391 · Papercut · Papercut Ng/Mf

Name of the Vulnerable Software and Affected Versions: PaperCut NG/MF affected versions not specified Description: This is a Server-Side Request Forgery SSRF vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests ...

CVE-2024-2049

Server-Side Request Forgery SSRF in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP...

PT-2024-2325 · Citrix · Citrix Sd-Wan Standard/Premium Editions

Name of the Vulnerable Software and Affected Versions: Citrix SD-WAN Standard/Premium Editions versions 11.4.0 through 11.4.4.46 Description: The issue is related to Server-Side Request Forgery SSRF and is caused by insufficient validation of requests on the server side. This allows an attacker t...

PT-2024-22332 · Drawio +1 · Drawio +1

Name of the Vulnerable Software and Affected Versions: OpenOlat versions prior to 18.1.6 OpenOlat versions prior to 18.2.2 Description: OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using...

CVE-2024-28215

nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery...

PT-2024-21999 · Hcengineering · Hcengineering Huly Platform

Name of the Vulnerable Software and Affected Versions: hcengineering Huly Platform version 0.6.202 Description: The issue allows attackers to run arbitrary code via the upload of a crafted SVG file, exploiting a Server Side Request Forgery SSRF vulnerability. Recommendations: For version 0.6.202,...

PT-2024-22342 · Ngrinder · Ngrinder

Name of the Vulnerable Software and Affected Versions: nGrinder versions prior to 3.5.9 Description: The issue is caused by a lack of access control, allowing an attacker to obtain the results of webhook requests. This could lead to information disclosure and limited Server-Side Request Forgery...

PT-2024-22341 · Ngrinder · Ngrinder

Name of the Vulnerable Software and Affected Versions: nGrinder versions prior to 3.5.9 Description: The issue is related to a lack of access control, allowing an attacker to create or update webhook configuration. This could lead to information disclosure and limited Server-Side Request Forgery...

nGrinder Security Vulnerabilities

nGrinder is a stress testing platform that enables you to perform script creation, test execution, monitoring and results report generator simultaneously. A security vulnerability exists in nGrinder versions prior to 3.5.9 that stems from a lack of access control and allows an attacker to obtain...