TIBCO Software Spotfire Analytics Platform for AWS Marketplace 代码问题漏洞

TIBCO Software Spotfire Analytics Platform for AWS Marketplace is a suite of data visualization and analytics platforms for the cloud application store AWS from TIBCO Software, USA. A security vulnerability exists in TIBCO Software Spotfire Analytics Platform for AWS Marketplace version 12.0.0 an...

CVE-2022-2912

The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites SSRF...

CVE-2022-2900

Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...

parse-url 代码问题漏洞

parse-url is an advanced url parser with git url support by the individual developer Ionică Bizău. A security vulnerability exists in parse-url versions prior to 8.1.0. An attacker exploited the vulnerability to perform a server-side request forgery attack...

CVE-2022-38342

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity XXE vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery SSRF attacks...

CVE-2022-38292

SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php...

Appsmith 代码问题漏洞

Appsmith is an open source platform for building, deploying and maintaining on-premise applications from Appsmith Open Source. A security vulnerability exists in Appsmith version v1.7.11 that stems from a vulnerability that allows an attacker to perform authenticated server-side request forgery...

Slims9 Bulian 代码问题漏洞

Slims9 Bulian is a free and open source software from the Indonesian Slims community. It is used for library resource management e.g. books, journals, digital files and other library materials and administration. A security vulnerability exists in Slims9 Bulian version v9.4.2, which originates fr...

CVE-2022-36376

Server-Side Request Forgery SSRF vulnerability in Rank Math SEO plugin = 1.0.95 at WordPress...

PT-2022-23336 · WordPress · Rank Math Seo

Name of the Vulnerable Software and Affected Versions: Rank Math SEO plugin versions = 1.0.95 Description: A Server-Side Request Forgery SSRF issue affects the Rank Math SEO plugin at WordPress, allowing for potential exploitation. SSRF is a type of attack where an attacker can trick a server int...

CVE-2022-2633

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the /public/video.php file in versions up to, and including 2.6.0. This makes it possible for unauthenticated users to download sensiti...

CVE-2022-2633

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the /public/video.php file in versions up to, and including 2.6.0. This makes it possible for unauthenticated users to download sensiti...

Gluu 代码问题漏洞

Gluu is a cloud-hosted identity platform from the US-based Gluu organization. A security vulnerability exists in Gluu Oxauth versions prior to v4.4.1, which can be exploited by an attacker to perform a server-side request forgery SSRF attack via a crafted requesturi parameter...

WordPress plugin All-in-One Video Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

Databasir 代码问题漏洞

Databasir is a team-oriented document management platform for relational database models. A code issue vulnerability exists in Databasir versions prior to 1.0.7 that stems from a server-side request forgery SSRF vulnerability by providing a jdbcDriverFileUrl that returns a non-200 response code,...

PublicCMS 代码问题漏洞

PublicCMS is an open source content management system CMS written in Java by PublicCMS, China. publicCMS 4.0.202011.b previous versions exist server-side request forgery vulnerability, the vulnerability stems from the file parameter for access to the IP and domain name is not restricted. An...

PT-2022-20605 · Databasir · Databasir

Name of the Vulnerable Software and Affected Versions: Databasir versions 1.06 and earlier Description: The issue allows attackers to perform Server-Side Request Forgery SSRF by sending a single HTTP POST request to create a databaseType. This is achieved by supplying a jdbcDriverFileUrl that...

DEBIAN-CVE-2022-35949

undici is an HTTP/1.1 client, written from scratch for Node.js.undici is vulnerable to SSRF Server-side Request Forgery when an application takes in user input into the path/pathname option of undici.request. If a user specifies a URL such as http://127.0.0.1 or //127.0.0.1 js const undici =...

undici 代码问题漏洞

undici is an HTTP/1.1 client. A code issue vulnerability exists in undici. An attacker could exploit this vulnerability to perform a server-side request forgery attack...

CVE-2022-36802

The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a...