CVE-2024-27565

A Server-Side Request Forgery SSRF in weixin.php of ChatGPT-wechat-personal commit a0857f6 allows attackers to force the application to make arbitrary requests...

CVE-2024-27564

pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy of pictureproxy.php from its original GitHub location, but the repository name might later change because it is misleading...

WonderCMS Security Breach

WonderCMS is an open source PHP-based content management system CMS. A security vulnerability exists in WonderCMS v3.1.3, which stems from a Server Request Forgery SSRF vulnerability in the getFileFromRepo function. An attacker can exploit this vulnerability by injecting a specially crafted URL...

ChatGPT Code Issue Vulnerability

ChatGPT is a visual interface site based on the OpenAI ChatGPT project API. A code issue vulnerability exists in ChatGPT version f9f4bbc, which stems from the presence of a Server Request Forgery SSRF vulnerability. An attacker could use this vulnerability to force an application to perform...

PT-2024-21949 · Unknown · Chatgpt-Wechat-Personal

Name of the Vulnerable Software and Affected Versions: ChatGPT-wechat-personal affected versions not specified Description: A Server-Side Request Forgery SSRF issue in weixin.php of ChatGPT-wechat-personal allows attackers to force the application to make arbitrary requests. This enables attacker...

Medium: libuv

Issue Overview: libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c, truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to...

IBM QRadar WinCollect Agent 资源管理错误漏洞

IBM QRadar WinCollect Agent is an agent program from International Business Machines IBM for collecting and sending Windows event logs. A resource management error vulnerability exists in IBM QRadar WinCollect Agent that stems from vulnerability to server-side request forgery attacks. No detailed...

PYSEC-2024-278

A vulnerability was found in LangChain langchaincommunity 0.0.26. It has been classified as critical. Affected is the function loadlocal in the library libs/community/langchaincommunity/retrievers/tfidf.py of the component TFIDFRetriever. The manipulation leads to server-side request forgery. It ...

CVE-2024-27949

Server-Side Request Forgery SSRF vulnerability in sirv.Com Image Optimizer, Resizer and CDN – Sirv.This issue affects Image Optimizer, Resizer and CDN – Sirv: from n/a through 7.2.0...

Recipes Code Issue Vulnerability

Recipes is an application for managing recipes, planning meals, creating shopping lists, and more! A code issue vulnerability exists in Recipes version 1.5.10 that stems from allowing arbitrary HTTP requests to be made through the server and is vulnerable to server-side request forgery SSRF attac...

CVE-2024-1568

The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApiHtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to...

WordPress Plugin Seraphinite Accelerator Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Plugin SuperFaktura WooCommerce Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

AnythingLLM Code Issue Vulnerability

AnythingLLM is a document chatbot that meets business requirements. AnythingLLM has a code issue vulnerability that stems from the presence of a server-side request forgery vulnerability. The vulnerability can be exploited to obtain AWS server data...

GHSA-CCGV-VJ62-XF9H Spring Web vulnerable to Open Redirect or Server Side Request Forgery

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation checks...

UBUNTU-CVE-2024-22243

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /convert/html endpoint when a request is made to a file via localhost, such as . By exploiting this vulnerability, an attacker can achieve local file inclusion, allowing of sensitive files read o...

Discourse Code Issue Vulnerability

Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. A security vulnerability exists in Discourse discourse-ai that stems from vulnerability to server-side request forgery SSRF attacks...

USN-6643-1 node-ip vulnerability

Emre Durmaz discovered that NPM IP package incorrectly distinguished between private and public IP addresses. A remote attacker could possibly use this issue to perform Server-Side Request Forgery SSRF attacks...

The vulnerabilities of the My Cloud OS, cloud storage services My Cloud Home and My Cloud Home Duo, as well as SanDisk iBI, are related to insufficiently checked incoming requests. This allows attackers to perform SSRF attacks.

The vulnerabilities of the My Cloud OS for network storage devices, as well as the My Cloud Home and My Cloud Home Duo cloud storage services, and the SanDisk iBeacon device, are related to insufficiently checked incoming requests. Exploiting these vulnerabilities can allow attackers to execute...