CVE-2023-20030

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery SSRF attack through an affected device, or negatively impact the responsiveness of the...

maccms10 代码问题漏洞

maccms10 is magicblack open source PHP+MYSQL environment using a set of perfect and powerful rapid site building system . maccms10 2021.1000.2000 version of the code problematic vulnerability , the vulnerability stems from its allows attackers to achieve server-side request forgery...

dotCMS 代码问题漏洞

dotCMS is a content management system CMS from the United States dotCMS. The system supports modules such as RSS feeds, blogs, and forums, and is easy to extend and build. A security vulnerability exists in dotCMS version 5.x-22.06, which stems from TempFileAPI allowing a user to create a tempora...

PT-2023-15504 · Maccms10 · Maccms10

Name of the Vulnerable Software and Affected Versions: maccms10 version 2021.1000.2000 Description: A Server-Side Request Forgery SSRF issue allows attackers to force the application to make arbitrary requests via a crafted payload injected into the Name parameter under the Interface address...

CXF: SSRF Vulnerability

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

Paranoidhttp 代码问题漏洞

Paranoidhttp is an application for hakobe individual developers. A pre-configured http.Client is provided. A security vulnerability exists in Paranoidhttp versions prior to 0.3.0. An attacker exploited the vulnerability to perform a server-side request forgery attack...

SafeURL for Python 代码问题漏洞

SafeURL for Python is an open source library from Include Security. To help developers prevent a class of vulnerabilities called server-side request forgery . SafeURL for Python prior to version 1.2 has a security vulnerability that stems from an insufficient restriction of regular expressions in...

GitLab 代码问题漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab EE versions prior to 15.4.6, 15.5 pri...

taoCMS 代码问题漏洞

taocms is a Chinese micro CMS Content Management System. A security vulnerability exists in version v3.0.2 of taocms, which stems from the background of its website allowing attackers to implement server-side request forgery...

Vulnerabilities fixed in Lexmark Printers and Multifunctionals

Lexmark has fixed two vulnerabilities in the firmware of several printer and multifunction lines. A malicious party could exploit the vulnerabilities to grant himself elevated privileges granted on the vulnerable device, or to execute arbitrary code execute. The mitigation against brute-force log...

CVE-2023-23560

In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation...

The vulnerability of the microprogramming software of the Cisco TelePresence Collaboration Endpoint (CE) device and the Cisco RoomOS operating system, related to insufficiently tested incoming requests, allows a hacker to perform an SSRF attack.

The vulnerability of the microprogramming software of the Cisco TelePresence Collaboration Endpoint conference call control device and the Cisco RoomOS operating system is related to insufficiently tested incoming requests. Exploiting this vulnerability can allow an attacker to perform a SRF atta...

kube-apiserver: Aggregated API server can cause clients to be redirected (SSRF)

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This issue leads to the client performing unexpected actions and forwarding the client's API server credentials to third parties...

CVE-2022-3841

RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery SSRF vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes RHACM. An attacker could take advantage of this as the console API endpoint is missing an...

RSSHub 代码问题漏洞

RSSHub is an RSS feed generator written in Node.js, distributed under the MIT license and maintained by DIYgod and other GitHub users. RSSHub suffers from a code issue vulnerability that stems from susceptibility to a server-side request forgery SSRF attack, which allows an attacker to send...

CVE-2022-25026

A Server-Side Request Forgery SSRF in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy...

Rocket Software TRUfusion 代码问题漏洞

Rocket Software TRUfusion is a simple, cost-effective solution from Rocket Software USA, Inc. It is used to ensure the secure exchange of CAD files and design data in PLM systems. A security vulnerability exists in Rocket Software TRUfusion Portal version v7.9.2.1, which originates from server-si...

Cisco TelePresence Collaboration Endpoint Software 代码问题漏洞

Cisco TelePresence Collaboration Endpoint Software is a suite of collaboration endpoint software from Cisco. A code issue vulnerability exists in Cisco TelePresence Collaboration Endpoint CE, RoomOS, which arises from incorrect validation of user-supplied input and can be exploited by an attacker...

PT-2023-12775 · Rocket · Rocket Trufusion Portal

Name of the Vulnerable Software and Affected Versions: Rocket TRUfusion Portal version 7.9.2.1 Description: A Server-Side Request Forgery SSRF issue allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy...

PT-2023-1107 · Cisco · Cisco Roomos +1

Name of the Vulnerable Software and Affected Versions: Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS affected versions not specified Description: The issue is related to insufficient validation of incoming requests, which could allow an attacker to conduct a Server-Side Request...