VulnCheck KEV: CVE-2020-10770

A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter requesturi. This flaw allows an attacker to use this parameter to execute a Server-side request forgery SSRF attack...

CVE-2023-32337

IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288...

IBM Maximo Spatial Asset Management 安全漏洞

IBM Maximo Spatial Asset Management is an asset management lifecycle and workflow process management system from International Business Machines IBM. IBM Maximo Spatial Asset Management suffers from a server-side request forgery vulnerability that can be exploited by a remote attacker to submit a...

WordPress plugin Admin CSS MU code issue vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the...

PT-2024-12320 · Ibm · Ibm Maximo Spatial Asset Management

Name of the Vulnerable Software and Affected Versions: IBM Maximo Spatial Asset Management version 8.10 Description: The issue allows an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This is due to a...

PT-2024-19273 · Unknown · Whoogle Search

Name of the Vulnerable Software and Affected Versions: Whoogle Search versions 0.8.3 and prior Description: Whoogle Search is a self-hosted metasearch engine. The window endpoint does not sanitize user-supplied input from the location variable and passes it to the send method, which sends a GET...

ZhiHuiYun Code Issue Vulnerability

ZhiHuiYun is a smart campus solution from ZhiHuiYun. ZhiHuiYun 4.4.13 and earlier versions have a code issue vulnerability that stems from a server-side request forgery SSRF vulnerability in the parameter url of the downloadnetworkimage function in /app/Http/Controllers/ImageController.php...

CVE-2024-0601

A vulnerability was found in ZhongFuCheng3y Austin 1.0. It has been rated as critical. Affected by this issue is the function getRemoteUrl2File of the file src\main\java\com\java3y\austin\support\utils\AustinFileUtils.java of the component Email Message Template Handler. The manipulation leads to...

Austin security breach

Austin is a message push platform. A security vulnerability exists in Austin version 1.0, which stems from a Server Request Forgery SSRF vulnerability in the component Email Message Template Handler...

VulnCheck KEV: CVE-2024-21893

Ivanti Connect Secure ICS, formerly known as Pulse Connect Secure, Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery SSRF vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication...

WordPress Plugin JSM file_get_contents Shortcode Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...

CVE-2024-0510

A vulnerability, which was classified as critical, has been found in HaoKeKeJi YiQiNiu up to 3.1. Affected by this issue is the function httppost of the file /application/pay/controller/Api.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched...

PT-2024-15626 · Unknown · Haokekeji Yiqiniu

Name of the Vulnerable Software and Affected Versions: HaoKeKeJi YiQiNiu versions up to 3.1 Description: A critical issue has been found in the software, affecting the function http post of the file /application/pay/controller/Api.php. The manipulation of the argument url leads to server-side...

PT-2024-13739 · Unknown · Karlomikus Bar Assistant

Name of the Vulnerable Software and Affected Versions: karlomikus Bar Assistant versions prior to 3.2.0 Description: The issue is related to a Blind Server-Side Request Forgery SSRF vulnerability. It does not validate a parameter before making a request through Image::make, which could allow...

SUSE CVE-2023-51441

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis...

CVE-2024-0308

A vulnerability was found in Inis up to 2.0.1. It has been rated as critical. This issue affects some unknown processing of the file app/api/controller/default/Proxy.php. The manipulation of the argument purl leads to server-side request forgery. The attack may be initiated remotely. The exploit...

CVE-2024-0304

A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/collect.php. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely...

CVE-2024-0303

A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3. Affected is an unknown function of the file /app/api/controller/caiji.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to launch t...

Youke365 Code Issues Vulnerabilities

Youke365 Youke365 is a professional web site navigation system of China Youke365 Youke365 company. A code issue vulnerability exists in Youke365 1.5.3 and earlier versions, which stems from a Server Request Forgery SSRF vulnerability in file /app/controller/collection.php...

PT-2024-15459 · Inis · Inis

Name of the Vulnerable Software and Affected Versions: Inis versions up to 2.0.1 Description: A critical issue affects some unknown processing of the file app/api/controller/default/Proxy.php. The manipulation of the argument p url leads to server-side request forgery. The attack may be initiated...