CVE-2022-1711

Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.5...

CVE-2022-1723

Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.6...

JGraph draw.io 代码问题漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. A security vulnerability exists in JGraph draw.io prior to version 18.0.6, which stems from a server-side request forgery SSRF vulnerability in draw.io...

JGraph draw.io 代码问题漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. A security vulnerability exists in JGraph draw.io prior to version 18.0.6, which stems from a server-side request forgery SSRF vulnerability in draw.io...

Hewlett Packard Enterprise OneView 代码问题漏洞

Hewlett Packard Enterprise OneView is a software from Hewlett Packard Enterprise USA that facilitates automated device management for IT departments. A security vulnerability exists in Hewlett Packard Enterprise OneView prior to version 7.0 that stems from a request forgery vulnerability on the...

CVE-2022-23668

A remote authenticated server-side request forgery ssrf vulnerability was discovered in Aruba ClearPass Policy Manager versions: 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manage that address this security vulnerability...

CVE-2022-23668

A remote authenticated server-side request forgery ssrf vulnerability was discovered in Aruba ClearPass Policy Manager versions: 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manage that address this security vulnerability...

Aruba ClearPass Policy Manager 代码问题漏洞

Aruba ClearPass Policy Manager is an application of Aruba, Inc. that provides wireless network security access management system Aruba ClearPass Policy Manager is vulnerable to server-side request forgery, which can be exploited by remote, unauthenticated attackers to conduct server-side request...

JGraph draw.io 代码问题漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. A security vulnerability exists in JGraph draw.io versions prior to 18.0.5 that stems from a server-side request forgery vulnerability in IPv6 link-local addresses...

CVE-2022-30049

A Server-Side Request Forgery SSRF in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter...

CVE-2022-1379

URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery SSRF. This allows accessing restricted internal resources/servers or...

Server-side Request Forgery (SSRF)

Overview phpmyadmin/phpmyadmin is a web interface for MySQL and MariaDB. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the setup script. An attacker can manipulate the server to make unauthorized requests by leveraging a race condition between editin...

GHSA-53WF-VQF9-CGF2 Server-Side Request Forgery in Jenkins Git Plugin

A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a...

PlantUML 代码问题漏洞

PlantUML is a component that allows rapid authoring. for generating diagrams from textual descriptions. A security vulnerability exists in PlantUML versions prior to 1.2022.5, which can be exploited by an attacker to bypass URL restrictions and enable server-side request forgery SSRF...

CVE-2020-22983

A Server-Side Request Forgery SSRF vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery SSRF attack via the srcURL parameter to the shortURL task...

GHSA-6MV9-HCX5-7MHH Server-Side Request Forgery in Jenkins

An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response...

MicroStrategy Web SDK 代码问题漏洞

The MicroStrategy Web SDK is a JavaScript library from MicroStrategy, Inc. Interact with different CARTO APIs to build custom applications on top of deck.gl that utilize vector rendering. A security vulnerability exists in MicroStrategy Web SDK version 11.1 and prior versions, which stems from a...

OESA-2022-1649 xmlgraphics-commons security update

Apache XML Graphics Commons is a library that consists of several reusable components used by Apache Batik and Apache FOP. Many of these components can easily be used separately outside the domains of SVG and XSL-FO. You will find components such as a PDF library, an RTF library, Graphics2D...

php: SSRF bypass in FILTER_VALIDATE_URL

A flaw was found in php. Currently, php's FILTERVALIDATEURL check doesn't recognize some non-compliant RFC 3986 URLs and returns them as valid. This flaw allows an attacker to craft URLs, which depending on how the URL filter checking is used on the application side, lead to Server Side Request...

CVE-2022-1592

Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...