Lucene search
+L

359 matches found

redhatcve
redhatcve
added 2025/05/23 12:59 a.m.14 views

CVE-2022-47872

A Server-Side Request Forgery SSRF in maccms10 v2021.1000.2000 allows attackers to force the application to make arbitrary requests via a crafted payload injected into the Name parameter under the Interface address module...

8.8CVSS7AI score0.00873EPSS
Exploits1
redhatcve
redhatcve
added 2025/05/22 11:27 p.m.4 views

CVE-2022-40357

A security issue was discovered in Z-BlogPHP = 1.7.2. A Server-Side Request Forgery SSRF vulnerability in the zbusers/plugin/UEditor/php/actioncrawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter...

9.8CVSS9.1AI score0.01208EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 8:58 p.m.4 views

CVE-2021-20647

Cross-site request forgery CSRF vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started...

6.5CVSS7.4AI score0.00497EPSS
Exploits0References1
redhat
redhat
added 2025/05/13 2:0 p.m.6 views

php: Configuring a proxy in a stream context might allow for CRLF injection in URIs

A flaw was found in PHP. In affected versions of PHP, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized, which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the...

7.2CVSS5.8AI score0.01132EPSS
Exploits1References5
redhat
redhat
added 2025/04/28 3:19 p.m.208 views

php: Configuring a proxy in a stream context might allow for CRLF injection in URIs

A flaw was found in PHP. In affected versions of PHP, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized, which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the...

7.2CVSS5.8AI score0.01132EPSS
Exploits1References5
veracode
veracode
added 2025/04/11 3:25 a.m.4 views

Server Side Request Forgery (SSRF)

shopxo/shopxo is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs in the Email Settings feature, allows attackers to manipulate the server into making arbitrary requests to internal or external resources...

6.3CVSS7.1AI score0.00265EPSS
Exploits1References3Affected Software1
redhatcve
redhatcve
added 2025/02/07 6:18 p.m.7 views

CVE-2025-24372

CKAN is an open-source DMS data management system for powering data hubs and data portals. Using a specially crafted file, a user could potentially upload a file containing code that when executed could send arbitrary requests to the server. If that file was opened by an administrator, it could...

7.3CVSS7.7AI score0.00442EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/06 12:55 a.m.5 views

CVE-2022-3060

Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests...

7.3CVSS6.4AI score0.00895EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/05 1:43 p.m.13 views

CVE-2020-13569

A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 commit babec93f600ff1394f91ccd512bcad85832eb6ce. A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker ca...

8.8CVSS6.9AI score0.03029EPSS
Exploits1
osv
osv
added 2025/01/06 5:15 p.m.8 views

UBUNTU-CVE-2023-6605

A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs...

7.2CVSS6.7AI score0.00274EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2025/01/06 4:42 p.m.8 views

CVE-2023-6605 Ffmpeg: dash playlist ssrf vulnerability in ffmpeg

A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs...

7.2CVSS6.8AI score0.00274EPSS
Exploits0References1
ubuntu
ubuntu
added 2024/12/13 4:59 p.m.256 views

USN-7157-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain inputs when processed with convert.quoted-printable decode filters. An attacker could possibly use this issue to expose sensitive information or cause a crash. CVE-2024-11233 It was discovered that PHP incorrectly handled certain HTTP request...

9.8CVSS7.5AI score0.02286EPSS
Exploits4
susecve
susecve
added 2024/12/12 7:17 a.m.3 views

SUSE CVE-2024-6538

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

5.3CVSS6.5AI score0.00569EPSS
Exploits0References3
cnnvd
cnnvd
added 2024/12/06 12:0 a.m.9 views

Ruijie Networks ReyeeOS 安全漏洞

Ruijie Networks ReyeeOS is a router from Ruijie Networks China. A security vulnerability exists in Ruijie Networks ReyeeOS version 2.206.x up to and including 2.320.x. An attacker can exploit this vulnerability to force Ruijie's proxy server to execute any request of the attacker's choosing...

9.8CVSS9.5AI score0.00605EPSS
Exploits0References1
github
github
added 2024/11/25 9:30 a.m.21 views

OpenShift Console Server Side Request Forgery vulnerability

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

5.3CVSS6.5AI score0.00569EPSS
Exploits0References9Affected Software1
prion
prion
added 2024/11/25 7:15 a.m.8 views

CVE-2024-6538

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

5.3CVSS0.00569EPSS
Exploits0References2
cvelist
cvelist
added 2024/11/25 6:15 a.m.24 views

CVE-2024-6538 Openshift-console: openshift console: server-side request forgery

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

5.3CVSS0.00569EPSS
Exploits0References7
osv
osv
added 2024/11/25 6:15 a.m.2 views

CVE-2024-6538 Openshift-console: openshift console: server-side request forgery

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

5.3CVSS6.2AI score0.00569EPSS
Exploits0References11
redos
redos
added 2024/11/13 12:0 a.m.23 views

ROS-20241112-04

Vulnerability of http requests of CurlAsyncHTTPClient component of Tornado asynchronous network library is related to improper neutralization of CRLF sequences. Exploitation of the vulnerability could allow an attacker acting remotely to inject arbitrary headers into a request or cause an...

7.2AI score
Exploits0
nvd
nvd
added 2024/11/05 4:15 p.m.23 views

CVE-2023-29119

Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/dbstore.php...

9.6CVSS0.00326EPSS
Exploits0References1
Rows per page
Query Builder