2 matches found
EXNESS: SSRF in graphQL query (pwapi.ex2b.com)
An SSRF vulnerability was discovered in the GraphQL query for allTicks on the pwapi.ex2b.com website. This vulnerability allowed an attacker to set the source parameter to perform arbitrary GET requests, potentially compromising internal services exposed to internal network requests...
Nord Security: Blind SSRF on debug.nordvpn.com due to misconfigured sentry instance
Summary: The debug subdomain uses Sentry for application monitoring and error tracking. This software comes with a feature known as source code scraping turned on by default which makes it is possible to make blind get requests from the server on which it is running. Steps To Reproduce: add detai...