GHSA-MPP5-2X55-49XW XSS in svg2png (NPM package)

svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an SVG document...

pikachu

It is an offensive tool for web application security training. The primary CVE ID is not explicitly mentioned, but the tool is designed to simulate various web application vulnerabilities, including but not limited to: Burt Force brute force, XSS cross-site scripting, CSRF cross-site request...

Apache Kylin 代码问题漏洞

Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. Apache kylin has a server-side request forgery vulnerability, which ste...

CVE-2022-0086

uppy is vulnerable to Server-Side Request Forgery SSRF...

Uppy 代码问题漏洞

Uppy is an open source file uploader for web browsers from Transloadit Open Source. A code issue vulnerability exists in uppy that allows an attacker to conduct server-side request forgery SSRF attacks...

OESA-2021-1473 httpd security update

Apache HTTP Server. Security Fixes: A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket...

Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier

...

GoCD 代码问题漏洞

gocd is a continuous delivery server. gocd has a server-side request forgery vulnerability in version 21.3.0, which stems from the product's failure to properly validate user input and could be exploited to probe the server's intranet resources...

AZL-7043 CVE-2021-44224 affecting package httpd for versions less than 2.4.52-1

A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...

Apache HTTP Server 代码问题漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A code issue vulnerability exists in Apache HTTP Server that stems from a null pointer reference error in the product. The...

Vmware Workspace One 代码问题漏洞

Vmware Vmware Workspace One is a platform for supporting cross-device applications for rapid delivery and management of applications from Vmware, USA. The platform, which includes VMware Horizon and VMware Horizon Cloud, integrates access control, application management, and multi-platform endpoi...

PT-2021-6848

Name of the Vulnerable Software and Affected Versions VMware Workspace ONE UEM versions 20.0.8 through 20.0.8.37 VMware Workspace ONE UEM versions 20.11.0 through 20.11.0.40 VMware Workspace ONE UEM versions 21.2.0 through 21.2.0.27 VMware Workspace ONE UEM versions 21.5.0 through 21.5.0.37...

batik: SSRF due to improper input validation by the NodePickerPanel

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

XStream: SSRF via crafted input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is...

xmlgraphics-commons: SSRF due to improper input validation by the XMPParser

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users...

ZOOM Client 代码问题漏洞

Zoom Client is a multi-platform video conferencing client application from Zoom, Inc. A server-side request forgery vulnerability exists in Zoom Client for Meetings prior to version 5.7.3, which stems from the product's failure to properly validate user input and could be exploited by attackers t...

CVE-2021-39057

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616...

CVE-2021-37940

An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly...

Enterprise Search 7.16.0 Security Update

Enterprise Search Information Disclosure issue ESA-2021-28 An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the...