45 matches found
CVE-2026-0560
Summary of the vulnerability (CVE-2026-0560): In parisneo/lollms
CVE-2026-32110
SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and...
CVE-2025-56589
A Local File Inclusion LFI and a Server-Side Request Forgery SSRF vulnerability was found in the InsertFromHtmlString function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or...
CVE-2019-18394
A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests...
CVE-2022-27873
An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain...
EUVD-2023-58828
Malicious code in bioql PyPI...
EUVD-2023-2851
Malicious code in bioql PyPI...
EUVD-2023-58628
Malicious code in bioql PyPI...
EUVD-2024-44173
Malicious code in bioql PyPI...
EUVD-2024-16199
Malicious code in bioql PyPI...
EUVD-2022-32361
Malicious code in bioql PyPI...
Server-side Request Forgery (SSRF)
Overview johnbillion/wp-crontrol is a package that allows you to take control of the cron events on your WordPress website. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the wpremoterequest function. An attacker can send arbitrary HTTP requests from the...
CVE-2025-54381 BentoML is Vulnerable to an SSRF Attack Through File Upload Processing
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make arbitrary HTTP...
CVE-2025-34051 AVTECH DVR Devices Server-Side Request Forgery
A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgiquery endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests...
CVE-2025-34051 AVTECH DVR Devices Server-Side Request Forgery
A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgiquery endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests...
HTTP Request Smuggling (HRS)
webrick is vulnerable to HTTP Request Smuggling. The vulnerability is due to inconsistent parsing of HTTP header terminators in the readheaders method, which allows attackers to smuggle arbitrary HTTP requests when deployed behind certain HTTP proxies...
CVE-2024-45206
A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources...
CVE-2022-2428
A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests...
CVE-2022-1386
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the...
CVE-2020-5562
Server-side request forgery SSRF vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function...