CVE-2023-48379

Softnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response...

Softnext Technologies Mail SQR Expert Code Issue Vulnerability

Softnext Technologies Mail SQR Expert is a comprehensive email content security management system from Softnext Technologies, China. A code issue vulnerability exists in Softnext Technologies Mail SQR Expert prior to v230330, which arises from insufficient filtering of specific URL parameters in...

PT-2023-27551 · Joomla · Jcdashboards

Name of the Vulnerable Software and Affected Versions: JCDashboards component for Joomla affected versions not specified Description: The issue concerns an unauthenticated Local File Inclusion LFI and Server-Side Request Forgery SSRF in the JCDashboards component for Joomla. LFI allows an attacke...

The vulnerability in the set of tools for developing software to create Sentry-Javascript web applications arises from insufficient validation of incoming requests. This allows a hacker to perform an SSRF attack.

The vulnerability of the Sentry-Javascript software development tool for creating web applications is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

VulnCheck KEV: CVE-2021-22214

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited...

Vulnerability of the file /ipms/imageConvert/image. Smart technologies for parking management by Dahua Smart Parking Management allow a violator to carry out an SSRF attack.

The vulnerability of the /ipms/imageConvert/image component in Dahua Smart Parking Management’s smart technology for parking management is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

PYSEC-2023-277

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in file.py. This can lead to limited information disclosure. Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issu...

VulnCheck KEV: CVE-2019-16932

A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data...

PT-2023-31353 · Mindsdb · Mindsdb

Name of the Vulnerable Software and Affected Versions: MindsDB versions prior to 23.11.4.1 Description: MindsDB connects artificial intelligence models to real-time data. The issue is related to a server-side request forgery vulnerability in the file.py module. This can lead to limited informatio...

CVE-2023-46641

Server-Side Request Forgery SSRF vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.24...

CVE-2023-49746

Server-Side Request Forgery SSRF vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through 1.1.2...

CVE-2022-45362

Server-Side Request Forgery SSRF vulnerability in Paytm Paytm Payment Gateway.This issue affects Paytm Payment Gateway: from n/a through 2.7.0...

WordPress Plugin Paytm Payment Gateway Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

PT-2023-30133 · Unknown · 12 Step Meeting List

Name of the Vulnerable Software and Affected Versions: 12 Step Meeting List versions 3.14.24 and earlier Description: A Server-Side Request Forgery SSRF issue has been identified. This issue allows an attacker to forge requests from the server, potentially leading to unauthorized access to intern...

CVE-2023-48910

Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request...

CVE-2023-48910

Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request...

VulnCheck KEV: CVE-2023-27159

Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request...

DEBIAN-CVE-2023-49735

UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...

UBUNTU-CVE-2023-49735

UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...

CVE-2023-6070

A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn...