267 matches found
CVE-2025-7622
During an internal security assessment, a Server-Side Request Forgery SSRF vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered...
CVE-2025-55194 Part-DB Persistent Denial of Service via Uncaught Exception from Misleading File Extension in Avatar Upload
Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension e.g., .jpg.txt, resulting in a persistent 500 Internal Server Error when attempting to view or edit that...
CVE-2025-7622
During an internal security assessment, a Server-Side Request Forgery SSRF vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered...
CVE-2025-7622
During an internal security assessment, a Server-Side Request Forgery SSRF vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered...
PT-2025-32627 · Axis Communications · Axis Camera Station Pro
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: An internal security assessment revealed a Server-Side Request Forgery SSRF issue. An authenticated attacker could exploit this to access internal resources o...
Exploit for CVE-2025-49132
CVE-2025-49132-poc I made this poc for CVE-2025-49132https...
CVE-2025-53473
Server-side request forgery SSRF vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers...
CVE-2025-53473
Server-side request forgery SSRF vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers...
Nimesa Backup and Recovery 代码问题漏洞
Nimesa Backup and Recovery is a data backup and recovery software from Nimesa India. Nimesa Backup and Recovery suffers from a code issue vulnerability that stems from vulnerability to a server-side request forgery attack that could send unexpected requests to an internal server...
Red Hat build of Keycloak 安全漏洞
Red Hat build of Keycloak is a web application for single sign-on from Red Hat, Inc. An information disclosure vulnerability exists in the Red Hat build of Keycloak, which originates from the /admin/serverinfo endpoint that contains internal server details, and can be exploited by an attacker to...
CVE-2021-25972
In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery SSRF in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read...
CVE-2020-11590
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name...
CVE-2020-27621
The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an...
CVE-2002-1888
CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to the CommonName organization and possibly other web servers for name resolution, which allows those organizations to obtain internal server names...
CVE-2022-39178
Webvendome - webvendome Internal Server IP Disclosure. Send GET Request to the request which is shown in the picture. Internal Server IP and Full path disclosure...
CVE-2024-12376
A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...
FastChat Server-Side Request Forgery vulnerability
A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...
CVE-2024-12376
A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...
CVE-2024-11040
Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-8939. Notes: All CVE users should reference CVE-2024-8939 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage...
CVE-2024-11040
...