PT-2023-32496 · Esm · Esm

Name of the Vulnerable Software and Affected Versions: ESM versions prior to 11.6.8 Description: A server-side request forgery issue allows a low-privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation...

Ray Security breach

Ray is a unified framework for scaling AI and Python applications open-sourced by ray-project. A security vulnerability exists in Ray version 2.6.3, 2.8.0. An attacker exploited the vulnerability to perform a server-side request forgery attack...

CVE-2023-5974

The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery SSRF via the path parameter...

WordPress plugin WPB Show Core security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

The vulnerability of the library for working with SVG images in Apache Batik, related to insufficient validation of incoming requests, allows a hacker to perform an SSRF attack.

The vulnerability of the Apache Batik library for working with SVG images is related to insufficient validation of incoming requests. Exploiting this vulnerability can allow attackers to execute an SSRF attack...

Nextcloud Code Issues Vulnerabilities

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A code issue vulnerability exists in Nextcloud Mail versions prior to 2.2.8 and prior to 3.3.0, which can be exploited by an attacker to perform a...

BookStack Code Issues Vulnerabilities

BookStack is a simple, self-hosted, easy-to-use platform from BookStack, Inc. for organizing and storing information. A code issue vulnerability exists in BookStack version 23.10.2 that stems from allowing filtering of local text on the server, leaving the application vulnerable to SSRF...

SuiteCRM 安全漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM team. SuiteCRM suffers from a server-side request forgery vulnerability that stems from the product's failure to properly validate user input, which can be exploited by an attacker to probe server intranet resources...

VulnCheck KEV: CVE-2022-0591

The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3get AJAX action, leading to SSRF issues exploitable by unauthenticated users...

CVE-2023-41239

Server-Side Request Forgery SSRF vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.This issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6...

CVE-2023-23800

Server-Side Request Forgery SSRF vulnerability in Vova Anokhin WP Shortcodes Plugin — Shortcodes Ultimate.This issue affects WP Shortcodes Plugin — Shortcodes Ultimate: from n/a through 5.12.6...

VulnCheck KEV: CVE-2022-29153

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5...

VulnCheck KEV: CVE-2022-3980

An XML External Entity XEE vulnerability allows server-side request forgery SSRF and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4...

PT-2023-24632 · WordPress · The Poll Maker – Best Wordpress Poll Plugin

Name of the Vulnerable Software and Affected Versions: Poll Maker – Best WordPress Poll Plugin versions 4.6.2 and earlier Description: The issue is a Server-Side Request Forgery SSRF vulnerability. This means an attacker can potentially force the server to make unintended requests, leading to...

PT-2023-23240 · Unknown · Download Monitor

Name of the Vulnerable Software and Affected Versions: Download Monitor versions 4.8.1 and earlier Description: A Server-Side Request Forgery SSRF issue has been identified. This allows an attacker to trick the server into making unintended requests, potentially leading to unauthorized access to...

Discourse Security Breach

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse prior to version 3.1.3, which stems from the fact that the embedding functionality is susceptible to server-side request forgery...

PT-2023-30325 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.3 Discourse version 3.2.0.beta3 and earlier in the beta and tests-passed branches Description: Discourse is an open source platform for community discussion. The embedding feature is susceptible to server side...

CVE-2023-39301

A server-side request forgery SSRF vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network. We have already fixed the vulnerability in the following versions: QTS...

foodcoopshop Code Issues Vulnerabilities

foodcoopshop is foodcoopshop open source an open source software for food co-ops and stores. A code issue vulnerability exists in foodcoopshop versions prior to 3.6.1, which stems from vulnerability to server-side request forgery attacks...

PT-2023-25368 · Ibm · Ibm Content Navigator

Name of the Vulnerable Software and Affected Versions: IBM Content Navigator version 3.0.13 Description: The issue allows an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This is due to a server-side...