Lucene search
K

267 matches found

Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.8 views

CVE-2024-11040

...

7.6AI score
Exploits0
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.10 views

CVE-2024-12376 Server Side Request Forgery in lm-sys/fastchat

A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...

7.5CVSS0.00703EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:17 a.m.7 views

CVE-2024-5186

A Server-Side Request Forgery SSRF vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information. Specifically,...

8.3CVSS6.7AI score0.00344EPSS
Exploits1References1
NVD
NVD
added 2024/12/18 8:15 p.m.28 views

CVE-2024-52579

Misskey is an open source, federated social media platform. Some APIs using HttpRequestService do not properly check the target host. This vulnerability allows an attacker to send POST or GET requests to the internal server, which may result in a SSRF attack.It allows an attacker to send POST or...

6.4CVSS0.00211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/18 7:22 p.m.11 views

CVE-2024-52579 Server-Side Request Forgery vulnerability in various APIs in Misskey

Misskey is an open source, federated social media platform. Some APIs using HttpRequestService do not properly check the target host. This vulnerability allows an attacker to send POST or GET requests to the internal server, which may result in a SSRF attack.It allows an attacker to send POST or...

6.4CVSS6.7AI score0.00211EPSS
Exploits0References1
NVD
NVD
added 2024/12/10 1:15 a.m.9 views

CVE-2024-47580

An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment. By specifying the file to be an internal server file and subsequently downloading the generated PDF, the attacker can read any file on the server with no effect on integrity or...

6.8CVSS0.00524EPSS
Exploits0References2
CVE
CVE
added 2024/12/10 12:12 a.m.90 views

CVE-2024-47580

CVE-2024-47580 affects SAP NetWeaver AS Java (Adobe Document Service). An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment; by forcing the file to be an internal server file and downloading the PDF, they can read arbitrary server...

6.8CVSS6.5AI score0.00524EPSS
Exploits0References2
Citrix
Citrix
added 2024/10/07 12:0 a.m.7 views

Hotfix XS82ECU1074 - For Citrix Hypervisor 8.2 Cumulative Update 1

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2 Cumulative Update 1. Note: This hotfix is available only to customers on theCustomer Success Servicesprogram. Where To Get This Hotfix Download Citrix Hypervisor 8.2 Cumulative Update 1 hotfixes from...

7.2AI score
Exploits0
Citrix
Citrix
added 2024/07/13 12:0 a.m.9 views

Applications in StoreFront Fail to Enumerate

When using Citrix Receiver running in Mac 11 to log on to StoreFront, the applications fail to enumerate. An internal server error occurs in the client device. The following is the log trace of the issue in StoreFront server: Log Name: Citrix Delivery ServicesSource: WebApplicationDate: 06/02/201...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/06/13 12:0 a.m.5 views

PT-2024-27348 · Microsoft +1 · Azure Blob Storage +1

Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions 2.1.0 through 2.14.3 Description: The issue allows an attacker with a CVAT account to exploit a feature by specifying custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob...

8.5CVSS7AI score0.00347EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.22 views

RHEL 5 : kdelibs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - kdelibs: kssl incorrect verification of SSL certificate with NUL in subjectAltName CVE-2009-2702 - kf5-ki...

5.5CVSS6.5AI score0.0198EPSS
Exploits0References3
NVD
NVD
added 2024/05/22 5:15 a.m.21 views

CVE-2024-30420

Server-side request forgery SSRF vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may obtain...

4.4CVSS6.5AI score0.00317EPSS
Exploits0References2
CVE
CVE
added 2024/05/22 4:35 a.m.68 views

CVE-2024-30420

CVE-2024-30420 is an SSRF flaw in a-blog cms affecting the 3.0.x (prior to 3.0.32) and 3.1.x (prior to 3.1.12) series. The vulnerability allows a user with administrator or higher privileges who can log in to the product to obtain arbitrary files on the server and access internal server informati...

4.4CVSS6.7AI score0.00317EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/03/27 7:15 p.m.24 views

CVE-2024-28247

The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs...

7.6CVSS7.2AI score0.01414EPSS
Exploits2References2
CVE
CVE
added 2024/03/27 6:24 p.m.69 views

CVE-2024-28247

Pi-hole Core (DNS sinkhole) is affected by CVE-2024-28247 due to an authenticated Arbitrary File Read via the file:// handling path. The issue allows an authenticated user to read internal server files, exploiting local-file update logic where non-domain lines printed from a provided file could r...

7.6CVSS7.2AI score0.01414EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2024/03/27 6:24 p.m.32 views

CVE-2024-28247 Pihole Authenticated Arbitrary File Read with root privileges

The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs...

7.6CVSS7.4AI score0.01414EPSS
Exploits2References2
Citrix
Citrix
added 2024/03/20 12:0 a.m.10 views

[NetScaler-Gateway] iOS CWA cannot connect to Store, 500 Internal Server Error 43549

You may encounter the issue when login with iOS workspace app, user cannot connect to StoreFront after login NetScaler gateway. In nstrace, you can observe the following symptom: 1. NetScaler responds iosc cookie to client: POST /nf/auth/webview/done HTTP/1.1...HTTP/1.1 200 OKSet-Cookie:...

6.8AI score
Exploits0
wpexploit
wpexploit
added 2024/03/07 12:0 a.m.173 views

Pz-LinkCard < 2.5.3 - Contributor+ SSRF

Description The plugin does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks. Setup a listener on a localhost/LAN host such as nc -l 127.0.0.1 9000, then as a contributor, put the followi...

9.4AI score0.00263EPSS
Exploits2References1
OSV
OSV
added 2024/01/31 5:15 p.m.35 views

PYSEC-2024-127

Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the SSRFPROTECTIONENABLED environment variable can be bypassed to access...

5.3CVSS5.1AI score0.00737EPSS
Exploits1References3
Prion
Prion
added 2023/10/19 5:15 a.m.14 views

Server side request forgery (ssrf)

LangChain before 0.0.317 allows SSRF via documentloaders/recursiveurlloader.py because crawling can proceed from an external server to an internal server...

6.8CVSS8.6AI score0.44711EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder