20 matches found
CVE-2019-16932
A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data...
EUVD-2021-25854
Malware in sbrugna...
EUVD-2021-28800
Malicious code in bioql PyPI...
EUVD-2025-2774
Malicious code in bioql PyPI...
EUVD-2024-39120
Malicious code in bioql PyPI...
EUVD-2024-20181
Malicious code in bioql PyPI...
EUVD-2023-49459
Malicious code in bioql PyPI...
webfinger.js Blind SSRF Vulnerability
Description The lookup function takes a user address for checking accounts as a feature, however, as per the ActivityPub spec https://www.w3.org/TR/activitypub/security-considerations, on the security considerations section at B.3, access to Localhost services should be prevented while running in...
GHSA-8XQ3-W9FX-74RV webfinger.js Blind SSRF Vulnerability
Description The lookup function takes a user address for checking accounts as a feature, however, as per the ActivityPub spec https://www.w3.org/TR/activitypub/security-considerations, on the security considerations section at B.3, access to Localhost services should be prevented while running in...
CVE-2024-22648
A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment...
CVE-2022-39383
KubeVela is an open source application delivery platform. Users using the VelaUX APIServer could be affected by this vulnerability. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability. Users who're...
CVE-2025-22399
Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Server-side request forgery...
CVE-2025-22399
Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Server-side request forgery...
CVE-2025-22399
Dell UCC Edge 2.3.0 is affected by a Blind SSRF in the Add Customer SFTP Server component. The vulnerability allows an unauthenticated, locally located attacker to trigger server-side requests, impacting confidentiality, integrity, and availability as indicated by CVSS metrics (high impact, local...
CVE-2024-22648
A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment...
CVE-2023-45966
The CVE-2023-45966 entry concerns umputun remark42 (versions 1.12.1 and earlier) with a Blind Server-Side Request Forgery (SSRF) vulnerability. Affected component: remark42; root cause is SSRF that is not fully exposed in the provided details. Impact per CVSS indicates high confidentiality impact...
Moodle 3.9.x < 3.9.18 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.9.x prior to 3.9.18, 3.11.x prior to 3.11.11 or 4.0.x prior to 4.0.5. It is, therefore, affected by multiple vulnerabilities: - An information disclosure due to a user CSRF token being unnecessarily included in the URL during the redirection...
GO-2022-1113 Server-side request forgery in github.com/oam-dev/kubevela
When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability...
Nextcloud: Mail app - blind SSRF via smtpHost parameter
A blind SSRF vulnerability was discovered in the Nextcloud Mail application, allowing an attacker to retrieve services running locally on the server and scan the internal network for information. The vulnerability was found in the smtpHost parameter and could be exploited by any user with the mai...
CVE-2022-30579 TIBCO Spotfire Server Blind SSRF vulnerability
The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Server Side Request Forgery SSRF on the affect...