UBUNTU-CVE-2021-36396

In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk...

CVE-2023-20061

Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery SSRF attack on an affected system. Cisco plans to release software updates that address these vulnerabilities...

PT-2023-20682 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 9.23.0 Description: Directus is a real-time API and App dashboard for managing SQL database content. It is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server via a POST...

AJ-Report 代码问题漏洞

AJ-Report is a completely open source BI platform. AJ-Report version 0.9.8.6 suffers from a server-side request forgery vulnerability that can be exploited by an attacker to perform a server-side request forgery attack...

Cisco Unified Intelligence Center 代码问题漏洞

Cisco Unified Intelligence Center is the United States Cisco Cisco company's set of Web-based reporting platform. The platform provides the ability to present report-related business data and call center data. A code issue vulnerability exists in Cisco Unified Intelligence Center. An attacker cou...

Cisco Unified Intelligence Center 安全漏洞

Cisco Unified Intelligence Center is the United States Cisco Cisco company's set of Web-based reporting platform. The platform provides the ability to present report-related business data and call center data. A security vulnerability exists in Cisco Unified Intelligence Center. An attacker could...

CXF: SSRF Vulnerability

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

CVE-2023-20062

Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery SSRF attack on an affected system. Cisco plans to release software updates that address these vulnerabilities...

HPE Serviceguard 代码问题漏洞

HPE Serviceguard is a high availability and disaster recovery clustering solution from HPE. A security vulnerability exists in HPE Serviceguard that stems from an unauthenticated server-side request forgery vulnerability...

PT-2023-4828 · Unknown · Request-Baskets

Name of the Vulnerable Software and Affected Versions: request-baskets versions up to v1.2.1 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability via the component "/api/baskets/name". This allows attackers to access network resources and sensitive information by...

PT-2023-6603 · Appwrite · Appwrite

Name of the Vulnerable Software and Affected Versions: Appwrite versions up to v1.2.1 Description: The issue is related to insufficient validation of incoming requests in the /v1/avatars/favicon component of the Appwrite backend platform for developing mobile and web applications. This allows a...

PT-2023-16715 · Muyucms · Muyucms

Name of the Vulnerable Software and Affected Versions: MuYuCMS version 2.2 Description: A critical vulnerability has been found in MuYuCMS, affecting an unknown part of the file /admin.php/update/getFile.html. The manipulation of the url argument leads to server-side request forgery. It is possib...

UBUNTU-CVE-2022-48321

Limited Server-Side Request Forgery SSRF in agent-receiver in Tribe29's Checkmk = 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API...

Checkmk 代码问题漏洞

Checkmk is an editor. A security vulnerability exists in Tribe29 Checkmk version 2.1.0p11 and prior versions, which stems from the discovery of a server-side request forgery vulnerability contained in the proxy receiver...

SUSE CVE-2016-6621

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...

SUSE CVE-2018-1042

Moodle 3.x has Server Side Request Forgery in the filepicker...

SUSE CVE-2018-7055

GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the url parameter...

SUSE CVE-2018-17450

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery SSRF via the Kubernetes integration, leading for example to disclosure of a GCP service token...

SUSE CVE-2018-17452

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery SSRF via a loopback address to the validatelocalhost function in urlblocker.rb...

SUSE CVE-2018-1000008

Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...