359 matches found
CVE-2022-47872
A Server-Side Request Forgery SSRF in maccms10 v2021.1000.2000 allows attackers to force the application to make arbitrary requests via a crafted payload injected into the Name parameter under the Interface address module...
CVE-2022-40357
A security issue was discovered in Z-BlogPHP = 1.7.2. A Server-Side Request Forgery SSRF vulnerability in the zbusers/plugin/UEditor/php/actioncrawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter...
CVE-2021-20647
Cross-site request forgery CSRF vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started...
php: Configuring a proxy in a stream context might allow for CRLF injection in URIs
A flaw was found in PHP. In affected versions of PHP, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized, which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the...
php: Configuring a proxy in a stream context might allow for CRLF injection in URIs
A flaw was found in PHP. In affected versions of PHP, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized, which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the...
Server Side Request Forgery (SSRF)
shopxo/shopxo is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs in the Email Settings feature, allows attackers to manipulate the server into making arbitrary requests to internal or external resources...
CVE-2025-24372
CKAN is an open-source DMS data management system for powering data hubs and data portals. Using a specially crafted file, a user could potentially upload a file containing code that when executed could send arbitrary requests to the server. If that file was opened by an administrator, it could...
CVE-2022-3060
Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests...
CVE-2020-13569
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 commit babec93f600ff1394f91ccd512bcad85832eb6ce. A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker ca...
UBUNTU-CVE-2023-6605
A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs...
CVE-2023-6605 Ffmpeg: dash playlist ssrf vulnerability in ffmpeg
A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs...
USN-7157-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled certain inputs when processed with convert.quoted-printable decode filters. An attacker could possibly use this issue to expose sensitive information or cause a crash. CVE-2024-11233 It was discovered that PHP incorrectly handled certain HTTP request...
SUSE CVE-2024-6538
A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...
Ruijie Networks ReyeeOS 安全漏洞
Ruijie Networks ReyeeOS is a router from Ruijie Networks China. A security vulnerability exists in Ruijie Networks ReyeeOS version 2.206.x up to and including 2.320.x. An attacker can exploit this vulnerability to force Ruijie's proxy server to execute any request of the attacker's choosing...
OpenShift Console Server Side Request Forgery vulnerability
A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...
CVE-2024-6538
A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...
CVE-2024-6538 Openshift-console: openshift console: server-side request forgery
A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...
CVE-2024-6538 Openshift-console: openshift console: server-side request forgery
A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...
ROS-20241112-04
Vulnerability of http requests of CurlAsyncHTTPClient component of Tornado asynchronous network library is related to improper neutralization of CRLF sequences. Exploitation of the vulnerability could allow an attacker acting remotely to inject arbitrary headers into a request or cause an...
CVE-2023-29119
Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/dbstore.php...