Sharp JH-RV11 Security Vulnerability

Sharp JH-RV11 is an energy management controller for cloud services from Sharp Japan. A security vulnerability exists in Sharp JH-RV11 Ver.B0.1.9.1 version and earlier versions. An attacker could exploit this vulnerability to perform a server-side request forgery attack...

Appwrite Code Issue Vulnerability

Appwrite is Appwrite open source an end-to-end backend server . It is used to package web, mobile, native or backend applications as a set of Docker microservices. A security vulnerability exists in Appwrite v1.4.13 and earlier versions, which stems from a discovery via the /v1/avatars/favicon...

CVE-2023-4554

Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder's XML processor is vulnerable to XML External Entity Processing XXE, allowing an authenticated user to upload specially...

PT-2024-16118 · Rebuild · Rebuild

Name of the Vulnerable Software and Affected Versions: Rebuild versions up to 3.5.5 Description: A critical issue has been found in the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched...

Rebuild Security Vulnerability

Rebuild is a highly customizable enterprise management system. A security vulnerability exists in Rebuild version 3.5.5 due to a server-side request forgery vulnerability in the url parameter of the readRawText function of the HTTP Request Handler component...

CVE-2024-0945

A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotel...

CVE-2024-0946

A vulnerability classified as critical was found in 60IndexPage up to 1.8.5. This vulnerability affects unknown code of the file /apply/index.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. Th...

LyLme Spage Code Issue Vulnerability

LyLme Spage six zero navigation page is China's six zero LyLme open source a navigation page . Committed to simple and efficient advertising-free Internet navigation and search portal , support for background links , custom search engine , precipitate the most valuable links , no commercial...

LyLme Spage Code Issue Vulnerability

LyLme Spage six zero navigation page is China's six zero LyLme open source a navigation page . Committed to simple and efficient advertising-free Internet navigation and search portal , support for background links , custom search engine , precipitate the most valuable links , no commercial...

PT-2024-15926 · Unknown · 60Indexpage

Name of the Vulnerable Software and Affected Versions: 60IndexPage versions up to 1.8.5 Description: A critical issue has been found in the Parameter Handler component of the affected software, specifically in the file /include/file.php. The manipulation of the url argument leads to server-side...

WordPress plugin Contact Form 7 Extension For Mailchimp Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the...

CVE-2023-52331

A post-authenticated server-side request forgery SSRF vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...

PYSEC-2024-18

Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the window endpoint does not sanitize user-supplied input from the location variable and passes it to the send method which sends a GET request on lines 339-343 in request.py, which leads to a server-side request...

Trend Micro Apex Central Security Vulnerability

Trend Micro Apex Central is a web-based console from Trend Micro. Trend Micro Apex Central 2019 has a security vulnerability that stems from an authenticated server-side request forgery SSRF vulnerability. An attacker exploits the vulnerability to interact directly with internal or local services...

Trend Micro Apex Central Security Vulnerability

Trend Micro Apex Central is a web-based console from Trend Micro. Trend Micro Apex Central 2019 has a security vulnerability that stems from an authenticated server-side request forgery SSRF vulnerability. It may allow an attacker to interact directly with internal or local services...

Trend Micro Apex Central Security Vulnerability

Trend Micro Apex Central is a web-based console from Trend Micro. Trend Micro Apex Central 2019 has a security vulnerability that stems from an authenticated server-side request forgery SSRF vulnerability. It may allow an attacker to interact directly with internal or local services...

whoogle-search Code Issue Vulnerability

whoogle-search is a software application. Self-hosted, ad-free, privacy-respecting meta-search engine A code issue vulnerability exists in whoogle-search versions prior to 0.8.4, which stems from the element method in app/routes.py that does not validate user-controlled srctype and elementurl...

Trend Micro Apex Central Security Vulnerability

Trend Micro Apex Central is a web-based console from Trend Micro, Inc. A security vulnerability exists in Trend Micro Apex Central that stems from an authenticated server-side request forgery SSRF vulnerability. It could allow an attacker to interact directly with internal or local services...

whoogle-search Code Issue Vulnerability

whoogle-search is a software application. Self-hosted, ad-free, privacy-respecting meta-search engine A code issue vulnerability exists in versions prior to whoogle-search 0.8.4 that stems from a window endpoint that does not clean up user-supplied input from the location variable and passes it t...

VulnCheck KEV: CVE-2020-5775

Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains...