GitLab CE/EE 代码问题漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab CE/EE, which stems from its Web...

CVE-2022-41412

An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery SSRF attacks...

PT-2022-25849 · Perfsonar · Perfsonar

Name of the Vulnerable Software and Affected Versions: perfSONAR versions 4.4.5 and prior Description: An issue in the graphData.cgi component allows attackers to access sensitive data and execute Server-Side Request Forgery SSRF attacks. Recommendations: For versions 4.4.5 and prior, consider...

UBUNTU-CVE-2022-45152

A blind Server-Side Request Forgery SSRF vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a...

PT-2022-25573 · Ndk Design · Ndkadvancedcustomizationfields

Name of the Vulnerable Software and Affected Versions: ndk design NdkAdvancedCustomizationFields version 3.5.0 Description: The issue is related to Server-side request forgery SSRF via the rotateimg.php file. This allows for potential unauthorized access to internal resources. Recommendations: Fo...

Appsmith 代码问题漏洞

Appsmith is an open source platform for building, deploying and maintaining in-house applications from Appsmith Open Source. A server-side request forgery vulnerability exists in Appsmith versions prior to 1.8.2, which can be exploited by an attacker to perform authenticated server-side request...

WordPress plugin Better Messages 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Siemens syngo Dynamics 代码问题漏洞

Siemens syngo Dynamics is a cardiovascular imaging and information solution from Siemens, Germany. Designed to be a centralized digital hub for complete cardiovascular services, Siemens syngo Dynamics is vulnerable to server-side request forgery, which can be exploited by attackers to cause NTLM ...

XXL-JOB 代码问题漏洞

XXL-JOB is a distributed task scheduling platform based on the java language from the Xu Xueli XXL-JOB community.A security vulnerability exists in versions prior to XXL-JOB v2.3.1, which stems from a vulnerability found via the component /admin/controller/JobLogController.java containing...

kkFileView 代码问题漏洞

Keking kkFileView is China's Keking Technology Keking company's Spring-Boot to build a file document online preview project . A security vulnerability exists in kkFileView v4.1.0, which stems from the component cn.keking.web.controller.OnlinePreviewControllergetCorsFile containing server-side...

PT-2022-26771 · Unknown · Kkfileview

Name of the Vulnerable Software and Affected Versions: kkFileView version 4.1.0 Description: The issue allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter. This is achieved through a Server-Side Request Forgery SSRF in the...

PT-2022-26648 · Siemens · Syngo Dynamics

Name of the Vulnerable Software and Affected Versions: syngo Dynamics versions prior to VA40G HF01 Description: A Server-Side Request Forgery SSRF vulnerability was identified in one of the web services exposed on the syngo Dynamics application. This could allow for the leaking of NTLM credential...

PT-2022-24997 · Sophos · Sophos Mobile

Name of the Vulnerable Software and Affected Versions: Sophos Mobile versions 5.0.0 through 9.7.4 Description: An XML External Entity XEE vulnerability allows server-side request forgery SSRF and potential code execution in Sophos Mobile managed on-premises. This issue may lead to significant...

KubeVela 代码问题漏洞

KubeVela is a modern application delivery platform open-sourced by KubeVela. A code issue vulnerability exists in KubeVela. An attacker exploits this vulnerability to perform a server-side request forgery attack...

Jenkins Plugin CCCC 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A code issue vulnerability...

Jenkins Plugin OSF Builder Suite :: XML Linter 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin A code issu...

The vulnerability in the web interface of the Cisco BroadWorks CommPilot Application Software allows a attacker to perform an SSRF attack.

The vulnerability of the Cisco BroadWorks CommPilot Application Software’s web interface is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack using a specially crafted HTTP request...

OpenSearch Project 代码问题漏洞

OpenSearch Project is OpenSearch Project open source a community-driven, Apache 2.0 licensed open source search and analytics suite. Making it easy to access, search, visualize and analyze data. A code issue vulnerability exists in OpenSearch Project Notifications, which stems from the fact that...

WordPress plugin All in One SEO Pro 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A server-side request forge...

CVE-2022-20951

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an authenticated, remote attacker to perform a server-side request forgery SSRF attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An...