Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Nuclei
Nucleiadded 2 days ago26 views

Ignite Realtime Openfire <=4.4.2 - Server-Side Request Forgery

Ignite Realtime Openfire through version 4.4.2 allows attackers to send arbitrary HTTP GET requests in FaviconServlet.java, resulting in server-side request forgery. id: CVE-2019-18394 info: name: Ignite Realtime Openfire =4.4.3 to fix this vulnerability. reference: -...

9.8CVSS7.5AI score0.9388EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2026/01/09 10:19 a.m.3 views

CVE-2019-18394

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests...

9.8CVSS7AI score0.9388EPSS
Exploits1References1
Tenable Nessus
Tenable Nessusadded 2024/07/19 12:0 a.m.22 views

Openfire SSRF (CVE-2019-18394)

The version of Openfire installed on the remote host is prior to 4.4.3. It is, therefore, affected by a server side request forgery vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests. Note that Nessus has not tested...

9.8CVSS8.7AI score0.9388EPSS
Exploits1References3
Prion
Prionadded 2022/03/18 5:15 a.m.16 views

Server side request forgery (ssrf)

An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x and in other products. An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394...

5CVSS8.5AI score0.9388EPSS
Exploits2References5Affected Software1
Circl
Circladded 2020/08/05 2:30 p.m.23 views

CVE-2019-18394

creationtimestamp| type| source ---|---|--- 2020-08-05 14:30:53+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/1539 2022-03-18 11:22:27+00:00| seen| https://t.me/cibsecurity/39191 2024-01-27 10:16:26+00:00| seen| https://t.me/ctinow/174727 2024-07-12 17:35:05+00:00|...

9.8CVSS7.3AI score0.9388EPSS
In wildExploits1References5
Gitee
Giteeadded 2020/07/24 5:46 p.m.3 views

Exploit for Path Traversal in Igniterealtime Openfire

PoC exploit for CVE-2019-18393 and CVE-2019-18394, which are related to MongoDB and Redis vulnerabilities. The repository contains information on how to exploit these vulnerabilities, including a demonstration of how an attacker can gain unauthorized access to a MongoDB database and a Redis serve...

9.8CVSS7.2AI score0.9388EPSS
Exploits1
CVE
CVEadded 2019/10/24 10:58 a.m.217 views

CVE-2019-18394

Ignite Realtime Openfire before version 4.4.3 is affected by a Server-Side Request Forgery (SSRF) in FaviconServlet.java, allowing attackers to send arbitrary HTTP GET requests. The vulnerability affects Openfire up to 4.4.2; exploitation is facilitated by the SSRF flaw in the FaviconServlet. Rem...

9.8CVSS8.5AI score0.9388EPSS
In wildExploits1References2Affected Software1
Rows per page
Query Builder