CVE-2022-26135

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user including a user who joined via the sign-up feature to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0...

Dompdf 代码问题漏洞

Dompdf is an HTML to PDF converter. A code issue vulnerability exists in Dompdf versions prior to 2.0.0 that stems from server-side request forgery SSRF...

CVE-2022-32995

Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery SSRF via the template remote download function...

CVE-2022-2216

Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 7.0.0...

CVE-2021-20544

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198931...

CVE-2022-34011

OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the parameter entryUrls...

CVE-2022-34013

OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Logo parameter under the Link module...

CVE-2022-34011

OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the parameter entryUrls...

OneBlog 代码问题漏洞

OneBlog is a Java blog. version v2.3.4 of OneBlog contains a server-side request forgery vulnerability in which the source parameter entryUrls fails to properly validate user input and can be exploited to probe the server's intranet resources...

Directus 代码问题漏洞

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A code issue vulnerability exists in Directus versions v9.0.0-beta.2 through 9.6.0, which stems from a server-side request forgery SSRF vulnerability in the media upload feature. An attacker could us...

Qlik Sense 代码问题漏洞

Qlik Sense is an application from Qlik USA. that allows users to create visualizations, charts, interactive dashboards, and analytics applications for local and offline use. A code issue vulnerability exists in Qlik Sense April 2020 patch 4, which stems from a server-side request forgery...

CVE-2022-23071

In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery SSRF, in the “Import Recipe” functionality. When an attacker enters the localhost URL, a low privileged attacker can access/read the internal file system to access sensitive information...

Gitlab vulnerable to server-side request forgery

Overview Gitlab contains a server-side request forgery vulnerability CWE-918 through the Project Import feature. Kanta Nishitani of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to the developer and coordinated. After coordination was completed, this case was reported to IPA, and...

flatCore 代码问题漏洞

flatCore is a lightweight content management system CMS based on PHP and SQLite. A security vulnerability exists in flatCore-CMS 2.0.8, which stems from an application call to a dangerous function that leads to a server-side request forgery vulnerability...

CVE-2022-23170

SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection vulnerability. Any SysAid environment that uses the Okta SSO integration might be vulnerable. An unauthenticated attacker could exploit the XXE vulnerability by sending a malformed POST request to the identity...

CVE-2022-28217

Some part of SAP NetWeaver EP Web Page Composer does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system�s Availability by...

CVE-2022-31393

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Index function in app/admin/c/PluginsController.php...

CVE-2022-31386

A Server-Side Request Forgery SSRF in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter...

CVE-2022-31390

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Update function in app/admin/c/TemplateController.php...

CVE-2022-31830

Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery SSRF via the init function at ImageCapture.class.php...