Lucene search
K

7462 matches found

OSV
OSV
added 2021/09/27 6:15 a.m.3 views

CVE-2021-41385

The third party intelligence connector in Securonix SNYPR 6.3.1 Build 1842950302 allows an authenticated user to obtain access to server configuration details via SSRF...

6.5CVSS5.8AI score0.00675EPSS
Exploits0References1
OSV
OSV
added 2021/09/24 3:15 p.m.3 views

CVE-2021-41586

In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password...

7.5CVSS7.1AI score0.00756EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/09/24 12:0 a.m.5 views

PT-2021-23350 · Gradle · Gradle Enterprise

Name of the Vulnerable Software and Affected Versions: Gradle Enterprise versions prior to 2021.1.3 Description: The issue allows an attacker with the ability to perform Server-Side Request Forgery SSRF attacks to potentially discover credentials for other resources. SSRF is a type of attack wher...

7.5CVSS7.4AI score0.00904EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/09/24 12:0 a.m.4 views

Gradle 代码问题漏洞

Gradle Enterprise improves developer productivity by accelerating builds, improving build reliability, and speeding up build debugging.A server-side request forgery vulnerability exists in versions of Gradle Enterprise prior to 2021.1.3. An attacker could use this vulnerability to discover...

7.5CVSS7.4AI score0.00904EPSS
Exploits0References2
OSV
OSV
added 2021/09/23 12:15 p.m.5 views

CVE-2021-21993

The vCenter Server contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosur...

6.5CVSS7.3AI score0.00908EPSS
Exploits0References1
Gitee
Gitee
added 2021/09/23 10:37 a.m.4 views

Gopherus

This is an analysis of the provided repository, specifically focusing on the Gopherus tool. Classification: The Gopherus tool is a proof-of-concept exploit for various vulnerabilities, including SSRF Server-Side Request Forgery and RCE Remote Code Execution. Primary Vulnerability: The primary...

6.8AI score
Exploits0
CNNVD
CNNVD
added 2021/09/23 12:0 a.m.5 views

Discourse 代码问题漏洞

Discourse is an open source community discussion platform. The platform includes community, email and chat room features.Discourse in versions 2.3.2 and 2.6 has a server-side request forgery vulnerability that can be exploited by attackers to upload images from remote websites when writing emails...

5.3CVSS5.8AI score0.01025EPSS
Exploits1References3
OSV
OSV
added 2021/09/22 11:15 a.m.3 views

CVE-2021-39339

The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the /bypass.php file due to a user-supplied URL request value that gets called by a curl requests. This affects versions up to, and including, 1.8.0...

5.3CVSS6.1AI score0.01333EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/09/22 12:0 a.m.3 views

WordPress 插件 代码问题漏洞

WordPress Plugin is an open source application plugin for WordPress. A code issue vulnerability exists in the WordPress plugin, which stems from a user-supplied URL request value being invoked by a curl request, making the Telefication plugin susceptible to open proxies and server-side request...

5.8CVSS5.9AI score0.01333EPSS
Exploits0References4
OSV
OSV
added 2021/09/21 1:15 p.m.4 views

CVE-2021-37419

Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF...

7.5CVSS5.8AI score0.02372EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/09/21 12:0 a.m.3 views

Vmware VMware vCenter Server 代码问题漏洞

Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. vCenter Server is vulnerable to...

6.5CVSS7.5AI score0.00908EPSS
Exploits0References9
CNNVD
CNNVD
added 2021/09/21 12:0 a.m.6 views

ADSelfService Plus 代码问题漏洞

Zoho ManageEngine ADSelfService Plus is a web-based self-service application that enables end-users to perform tasks such as password reset, account unlocking, profile information update, etc. without relying on the help desk. A server-side request forgery vulnerability exists in Zoho ManageEngin...

7.5CVSS7.4AI score0.02372EPSS
Exploits1References4
OSV
OSV
added 2021/09/20 8:45 p.m.1 views

GHSA-6Q3P-36F4-CWXV Server-Side Request Forgery in UReport

UReport v2.2.9 contains a Server-Side Request Forgery SSRF in the designer page which allows attackers to detect intranet device ports...

5.3CVSS5.9AI score0.00823EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/09/16 12:0 a.m.6 views

Apache HTTP Server 代码问题漏洞

Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server in version 2.4.48 and earlier is vulnerable to server-side request forgery, which stems from a failure of the modproxy module to properly validate user input and can be exploited to forward requests to ...

9CVSS7.5AI score0.99999EPSS
Exploits5References64
OSV
OSV
added 2021/09/15 7:15 p.m.6 views

CVE-2021-33690

Server-Side Request Forgery SSRF vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the...

9.9CVSS7.2AI score0.67699EPSS
Exploits0References2
OSV
OSV
added 2021/09/15 1:15 p.m.3 views

CVE-2021-30137

Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application allows users to send JSON or XML data to the server. It was possible to inject malicious XML data through several access points...

8.2CVSS5.8AI score0.00793EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2021/09/15 12:0 a.m.25 views

The vulnerability of the import function implementation (/wp-admin/tools.php?page=rsvpmaker_export_screen) of the RSVPMaker plugin for WordPress content management system allows a hacker to perform an SSRF attack.

The vulnerability of the import function implementation /wp-admin/tools.php?page=rsvpmakerexportscreen of the RSVPMaker plugin for WordPress’s content management system is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to perfo...

9.3CVSS5.3AI score0.01012EPSS
Exploits2References6Affected Software1
Snyk
Snyk
added 2021/09/13 10:54 a.m.2 views

Server-side Request Forgery (SSRF)

Overview ssrf-agent is a prevent SSRF in https request Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the defaultIpChecker function. It fails to properly validate if the IP requested is private. PoC by Sayooj B Kumar // run a service on your localhost con...

7.5CVSS6.8AI score0.01564EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/09/07 12:0 a.m.5 views

EyouCms代码问题漏洞

EyouCms is a free and open source enterprise content management system based on the TP5.0 framework and focused on the needs of enterprise website builders.EyouCMS version 1.5.4 is vulnerable to server-side request forgery. The vulnerability stems from the lack of validation of input data in...

9.8CVSS5.7AI score0.02358EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/09/07 12:0 a.m.4 views

Misskey 代码问题漏洞

Misskey is a micro-blogging platform, and a code issue vulnerability exists in Misskey due to a server-side request forgery vulnerability in the software's "upload from URL" and remote attachment handling. This could lead to the disclosure of non-public information on the intranet. No details of...

7.7CVSS5.7AI score0.01062EPSS
Exploits0References5
Rows per page
Query Builder