Caddy Security Breach

Caddy is an open source, cross-platform HTTP/Web server from Caddy Inc. Caddy suffers from a security vulnerability that stems from being susceptible to server-side request forgery SSRF attacks via the X-Forwarded-Host header...

PT-2024-18913 · Unknown · Caddy-Security

Name of the Vulnerable Software and Affected Versions: github.com/greenpau/caddy-security versions all Description: The issue is related to Server-side Request Forgery SSRF via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or...

PT-2024-14075 · Grafana · Grafana

Name of the Vulnerable Software and Affected Versions: Grafana affected versions not specified Description: The issue concerns the CSV datasource plugin, a Grafana Labs maintained plugin for Grafana, which allows retrieving and processing CSV data from a remote endpoint configured by an...

PT-2024-7878 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab Enterprise Edition versions 16.8 through 17.1.7 GitLab Enterprise Edition versions 17.2 through 17.2.5 GitLab Enterprise Edition versions 17.3 through 17.3.2 Description: The issue is related to insufficient server-side request...

CVE-2023-6294

The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations...

WordPress Plugin Popup Builder Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2024-24806

...

AZL-34380 CVE-2023-42282 affecting package nodejs18 for versions less than 18.18.2-4

The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable via isPublic...

DEBIAN-CVE-2023-42282

The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable via isPublic...

PT-2024-2322

Name of the Vulnerable Software and Affected Versions ip package versions prior to 1.1.9 Description The issue is related to the improper categorization of certain IP addresses as globally routable via the isPublic function. This can lead to security issues such as Server-Side Request Forgery SSR...

CVE-2024-0628

The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to...

libuv Code Issues Vulnerabilities

libuv is a cross-platform asynchronous IO library for nodejs. The platform is used to abstract IOCP for Windows and libev for Unix. currently supported features are non-blocking; TCP sockets; non-blocking named pipes; UDP; timers; child process generation; implementation of asynchronous DNS;...

WordPress Plugin WP RSS Aggregator Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2024-14948 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: Suite CRM version 7.14.2 Description: The application is vulnerable to Server-Side Request Forgery SSRF, allowing an attacker to make arbitrary HTTP requests through the vulnerable server. Recommendations: For Suite CRM version 7.14.2, update...

PT-2024-40369 · Unknown · Remark-Images-Download

Name of the Vulnerable Software and Affected Versions: remark-images-download versions prior to 3.1.0 Description: A major blind Server-Side Request Forgery SSRF issue was found in the remark-images-download module, allowing requests to be made to neighboring servers on local IP ranges due to loo...

CVE-2023-44313

Server-Side Request Forgery SSRF vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0include. Users are recommended to upgrade to version 2.2.0, which fixes the...

Multiple vulnerabilities in SHARP Energy Management Controller with Cloud Services

Overview Energy Management Controller with Cloud Services provided by SHARP CORPORATION contains multiple vulnerabilities listed below. Improper authentication CWE-287 - CVE-2024-23783 Improper access control CWE-284 - CVE-2024-23784 Cross-site request forgery CWE-352 - CVE-2024-23785 Stored...

Ivanti Connect Secure Code Issue Vulnerability

Ivanti Connect Secure is a secure remote network connectivity tool from Ivanti Corporation, USA. A code issue vulnerability exists in Ivanti Connect Secure, Ivanti Policy Secure 9.x, 22.x series versions, and Ivanti Neurons for ZTA, which stems from a server-side request forgery vulnerability in...

Label Studio 代码问题漏洞

Label Studio is an open source data labeling tool from Heartex Open Source. Allows you to use a simple and clear UI mark audio, text, images, video and time series and other data types , and exported to a variety of model formats . A code issue vulnerability exists in Label Studio versions prior ...

Server-Side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-Side Request Forgery SSRF via the process of fetching payment or payment provider information. An attacker can gain control over the destination URL of the HttpClient used in the API classes, leading to requests to unexpected...