Lucene search
K

90505 matches found

Nuclei
Nuclei
added 7 hours ago78 views

Rocket.Chat - Server-Side Request Forgery (SSRF)

A Server-Side Request Forgery SSRF affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1. id: CVE-2024-39713 info: name: Rocket.Chat - Server-Side Request Forgery SSRF author: iamnoooob,rootxharsh,pdresearch severity: high description: | A Server-Side Request Forgery SSRF affects...

8.6CVSS7AI score0.03201EPSS
Exploits2References3
Nuclei
Nuclei
added 7 hours ago52 views

Gradio - Open Redirect

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting XSS, Server-Side Request Forgery SSRF, amongst others. This...

6.1CVSS6.3AI score0.01021EPSS
Exploits1References1
Nuclei
Nuclei
added 7 hours ago33 views

Journyx - XML External Entities Injection (XXE)

The "soapcgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. id: CVE-2024-6893 info: name: Journyx - XML...

7.5CVSS7AI score0.32916EPSS
Exploits3
Nuclei
Nuclei
added 7 hours ago24 views

Lightdash v0.1024.6 - Server-Side Request Forgery

Server-Side Request Forgery “SSRF” in the export dashboard functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to obtain the session cookie of any user who exports a crafted dashboard. When they are exported, dashboards containing HTML elements can trigger HTTP...

7.3CVSS6.1AI score0.01786EPSS
Exploits0References2
Nuclei
Nuclei
added 7 hours ago24 views

Qualitor <= v8.24 - Server-Side Request Forgery

Qualitor v8.24 was discovered to contain a Server-Side Request Forgery SSRF via the component /request/viewValidacao.php. id: CVE-2024-48360 info: name: Qualitor = v8.24 - Server-Side Request Forgery author: s4e-io severity: high description: | Qualitor v8.24 was discovered to contain a Server-Si...

7.5CVSS6AI score0.03905EPSS
Exploits3References3
Nuclei
Nuclei
added 7 hours ago118 views

Umbraco <7.4.0- Server-Side Request Forgery

Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index. id: CVE-2015-8813 info: name: Umbraco 7.4.0- Server-Side Request...

8.2CVSS7.1AI score0.11595EPSS
Exploits1References5
Nuclei
Nuclei
added 7 hours ago92 views

DedeCMS 5.7SP2 - Cross-Site Request Forgery/Remote Code Execution

DedeCMS 5.7SP2 is susceptible to cross-site request forgery with a corresponding impact of arbitrary code execution because the partcode parameter in a tagtestaction.php request can specify a runphp field in conjunction with PHP code. id: CVE-2018-7700 info: name: DedeCMS 5.7SP2 - Cross-Site...

8.8CVSS7.2AI score0.74842EPSS
Exploits1References5
Nuclei
Nuclei
added 7 hours ago82 views

WordPress JSmol2WP <=1.07 - Local File Inclusion

WordPress JSmol2WP plugin 1.07 is susceptible to local file inclusion via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context...

7.5CVSS6.8AI score0.13078EPSS
Exploits4References5
Nuclei
Nuclei
added 7 hours ago36 views

Visualizer <3.3.1 - Blind Server-Side Request Forgery

Visualizer prior to 3.3.1 suffers from a blind server-side request forgery vulnerability via the /wp-json/visualizer/v1/upload-data endpoint. id: CVE-2019-16932 info: name: Visualizer 3.3.1 - Blind Server-Side Request Forgery author: akincibor severity: critical description: | Visualizer prior to...

10CVSS7AI score0.39137EPSS
Exploits2References5
Nuclei
Nuclei
added 7 hours ago61 views

DedeCMS 5.7.109 - Server-Side Request Forgery

Manipulation of the rssurl parameter in codo.php leads to server-side request forgery in DedeCMS version 5.7.109. id: CVE-2023-3578 info: name: DedeCMS 5.7.109 - Server-Side Request Forgery author: ritikchaddha severity: critical description: | Manipulation of the rssurl parameter in codo.php lea...

9.8CVSS6.5AI score0.0357EPSS
Exploits1References2
Nuclei
Nuclei
added 7 hours ago42 views

NextChat - Server-Side Request Forgery

NextChat v2.12.3 suffers from a Server-Side Request Forgery SSRF and Cross-Site Scripting vulnerability due to a lack of validation of the GET parameter on the WebDav API endpoint. id: CVE-2024-38514 info: name: NextChat - Server-Side Request Forgery author: DhiyaneshDk severity: high description...

7.4CVSS6.1AI score0.02186EPSS
Exploits0References4
Nuclei
Nuclei
added 7 hours ago80 views

Apache HTTPd Windows UNC - Server-Side Request Forgery

SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note- Existing configurations that access UNC paths will have to configure new...

7.5CVSS6.7AI score0.6795EPSS
Exploits1References5
Nuclei
Nuclei
added 7 hours ago47 views

Lobe Chat <= v0.150.5 - Server-Side Request Forgery

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause...

9CVSS7AI score0.52683EPSS
Exploits2References4
Nuclei
Nuclei
added 7 hours ago93 views

Owncast - Server Side Request Forgery

Server-Side Request Forgery SSRF in GitHub repository owncast/owncast prior to 0.1.0. id: CVE-2023-3188 info: name: Owncast - Server Side Request Forgery author: DhiyaneshDk severity: medium description: | Server-Side Request Forgery SSRF in GitHub repository owncast/owncast prior to 0.1.0. impac...

8.3CVSS6.9AI score0.01356EPSS
Exploits1References2
Nuclei
Nuclei
added 7 hours ago51 views

XWiki >= 6.0-rc-1 - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.4AI score0.02081EPSS
Exploits0References2
Nuclei
Nuclei
added 7 hours ago64 views

Gradio - Server Side Request Forgery

An SSRF Server-Side Request Forgery vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the...

6.5CVSS6.7AI score0.01784EPSS
Exploits1References2
Nuclei
Nuclei
added 7 hours ago84 views

Keycloak <= 12.0.1 - request_uri Blind Server-Side Request Forgery (SSRF)

Keycloak 12.0.1 and below allows an attacker to force the server to request an unverified URL using the OIDC parameter requesturi. This allows an attacker to execute a server-side request forgery SSRF attack. id: CVE-2020-10770 info: name: Keycloak = 12.0.1 - requesturi Blind Server-Side Request...

5.3CVSS6.5AI score0.69724EPSS
Exploits5References5
Nuclei
Nuclei
added 7 hours ago44 views

Adobe Experience Manager - XML External Entity Injection

Adobe Experience Manager 6.5, 6.4, 6.3 and 6.2 are susceptible to XML external entity injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2019-8086 info: name: Adobe...

7.5CVSS7AI score0.24141EPSS
Exploits0References5
Nuclei
Nuclei
added 7 hours ago8 views

LobeHub LobeChat <= 2.1.56 - Server-Side Request Forgery

LobeHub LobeChat versions up to and including 2.1.56 are vulnerable to an unauthenticated server-side request forgery vulnerability in the /webapi/proxy endpoint. The endpoint accepts a URL in the POST request body and fetches it server-side without authentication. id: CVE-2026-54157 info: name:...

9CVSS6.1AI score0.0178EPSS
Exploits0References2
Nuclei
Nuclei
added 7 hours ago16 views

BrightSign Digital Signage 8.2.26 - Server-Side Request Forgery

Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in the BrightSign digital signage media player affecting the Diagnostic Web Server DWS. The application parses user supplied data in the 'url' GET parameter to construct a diagnostics request to the Download Speed Test service...

6.9CVSS6.1AI score0.0083EPSS
Exploits0References3
Rows per page
Query Builder