Lucene search
K

267 matches found

RedhatCVE
RedhatCVE
added 2025/08/14 5:26 a.m.14 views

CVE-2025-7622

During an internal security assessment, a Server-Side Request Forgery SSRF vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered...

5.1CVSS7.1AI score0.00151EPSS
Exploits0References1
OSV
OSV
added 2025/08/13 10:46 p.m.19 views

CVE-2025-55194 Part-DB Persistent Denial of Service via Uncaught Exception from Misleading File Extension in Avatar Upload

Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension e.g., .jpg.txt, resulting in a persistent 500 Internal Server Error when attempting to view or edit that...

5.7CVSS6.7AI score0.00324EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/08/12 5:9 a.m.8 views

CVE-2025-7622

During an internal security assessment, a Server-Side Request Forgery SSRF vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered...

5.1CVSS0.00151EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/12 5:9 a.m.2 views

CVE-2025-7622

During an internal security assessment, a Server-Side Request Forgery SSRF vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered...

5.1CVSS7AI score0.00151EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.5 views

PT-2025-32627 · Axis Communications · Axis Camera Station Pro

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: An internal security assessment revealed a Server-Side Request Forgery SSRF issue. An authenticated attacker could exploit this to access internal resources o...

5.1CVSS7AI score0.00151EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2025/07/08 10:31 p.m.456 views

Exploit for CVE-2025-49132

CVE-2025-49132-poc I made this poc for CVE-2025-49132https...

10CVSS7.9AI score0.13105EPSS
Exploits28
NVD
NVD
added 2025/07/07 5:15 a.m.7 views

CVE-2025-53473

Server-side request forgery SSRF vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers...

7.3CVSS0.00265EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/07 4:52 a.m.10 views

CVE-2025-53473

Server-side request forgery SSRF vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers...

7.3CVSS0.00265EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/07 12:0 a.m.3 views

Nimesa Backup and Recovery 代码问题漏洞

Nimesa Backup and Recovery is a data backup and recovery software from Nimesa India. Nimesa Backup and Recovery suffers from a code issue vulnerability that stems from vulnerability to a server-side request forgery attack that could send unexpected requests to an internal server...

7.3CVSS7.6AI score0.00265EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/19 12:0 a.m.6 views

Red Hat build of Keycloak 安全漏洞

Red Hat build of Keycloak is a web application for single sign-on from Red Hat, Inc. An information disclosure vulnerability exists in the Red Hat build of Keycloak, which originates from the /admin/serverinfo endpoint that contains internal server details, and can be exploited by an attacker to...

2.7CVSS5.9AI score0.00242EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 9:37 p.m.11 views

CVE-2021-25972

In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery SSRF in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read...

4.9CVSS6.5AI score0.00954EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:56 p.m.6 views

CVE-2020-11590

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name...

5.3CVSS7AI score0.00963EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:27 p.m.11 views

CVE-2020-27621

The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an...

4.3CVSS6.7AI score0.007EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/21 10:43 p.m.5 views

CVE-2002-1888

CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to the CommonName organization and possibly other web servers for name resolution, which allows those organizations to obtain internal server names...

2.1CVSS7AI score0.00349EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/28 7:11 p.m.10 views

CVE-2022-39178

Webvendome - webvendome Internal Server IP Disclosure. Send GET Request to the request which is shown in the picture. Internal Server IP and Full path disclosure...

5.3CVSS5.3AI score0.00583EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:27 p.m.7 views

CVE-2024-12376

A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...

7.5CVSS6.9AI score0.00703EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.9 views

FastChat Server-Side Request Forgery vulnerability

A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...

7.5CVSS7.5AI score0.00703EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2025/03/20 10:15 a.m.9 views

CVE-2024-12376

A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...

7.5CVSS0.00703EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.8 views

CVE-2024-11040

Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-8939. Notes: All CVE users should reference CVE-2024-8939 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage...

Exploits0
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.8 views

CVE-2024-11040

...

7.6AI score
Exploits0
Rows per page
Query Builder