Lucene search
K

14 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-0419

Malware in sbrugna...

10CVSS9AI score0.01559EPSS
Exploits0References5
OSV
OSV
added 2024/10/28 9:15 p.m.5 views

CVE-2024-48107

SparkShop =1.1.7 is vulnerable to server-side request forgery SSRF. This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server...

6.5CVSS5.8AI score0.00223EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/25 12:0 a.m.4 views

Linux Prometheus Blackbox Exporter 代码问题漏洞

Linux Prometheus Blackbox Exporter is a blackbox exporter from the Linux Foundation in the United States that allows blackbox probing of endpoints over HTTP, HTTPS, DNS, TCP and ICMP. A security vulnerability exists in Linux Prometheus Blackbox Exporter version v0.23.0 that stems from the inclusi...

7.5CVSS7.3AI score0.00883EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/01/20 12:0 a.m.4 views

Reprise Software Reprise License Manager 代码问题漏洞

Reprise Software Reprise License Manager is a software licensing toolkit from Reprise Software, Inc. that provides local and cloud-based license management, license enforcement and product activation solutions for publishers of commercial software applications. A code issue vulnerability exists i...

6.5CVSS6.6AI score0.00594EPSS
Exploits0References4
Prion
Prion
added 2021/09/15 5:15 p.m.13 views

Server side request forgery (ssrf)

UReport v2.2.9 contains a Server-Side Request Forgery SSRF in the designer page which allows attackers to detect intranet device ports...

5CVSS5.2AI score0.0085EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/09/15 12:0 a.m.6 views

UReport 代码问题漏洞

UReport is a high-performance pure Java reporting engine based on the Spring architecture. a server-side request forgery vulnerability exists in the designer page of UReport version 2.2.9. An attacker can use this vulnerability to detect intranet device ports...

5.3CVSS5.7AI score0.0085EPSS
Exploits1References2
OSV
OSV
added 2019/04/18 2:27 p.m.31 views

GHSA-FVX3-G627-PHM2 Server-Side Request Forgery (SSRF) in com.ctrip.framework.apollo:apollo

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled...

10CVSS9.4AI score0.01559EPSS
Exploits0References4
Prion
Prion
added 2019/04/01 5:29 p.m.17 views

Server side request forgery (ssrf)

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled...

7.5CVSS9.3AI score0.01559EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/04/01 5:29 p.m.27 views

CVE-2019-10686

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled...

10CVSS9.4AI score0.01559EPSS
Exploits0References1
OSV
OSV
added 2019/04/01 5:29 p.m.13 views

CVE-2019-10686

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled...

10CVSS7AI score
Exploits0References1
Cvelist
Cvelist
added 2019/04/01 4:21 p.m.21 views

CVE-2019-10686

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled...

9.4AI score0.01559EPSS
Exploits0References1
CNVD
CNVD
added 2018/03/18 12:0 a.m.3 views

xml entity injection vulnerability in CLTPHP version 5.5.3

CLTPHP is a content management system developed in ThinkPHP with the Layui framework in the backend. CLTPHP version 5.5.3 has an XML entity injection vulnerability in the program implementation, which can be exploited by attackers to read arbitrary files, execute system commands, probe intranet...

7.5AI score
Exploits0
CNVD
CNVD
added 2017/07/11 12:0 a.m.6 views

niushop_b2c Pay.php has xml entity injection vulnerability

Niushop open source mall National first commercial free four-in-one completely open source 100% open source The country's first set of B2B2C multi-user mall + micro letter micro-distribution + e-commerce platform investment operation + iOS, Android multi-platform client PHP open source e-commerce...

7.6AI score
Exploits0
OSV
OSV
added 2016/09/24 10:59 a.m.4 views

CVE-2016-6531

Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ... there is indeed a...

9.8CVSS5.8AI score0.02489EPSS
Exploits0References3
Rows per page
Query Builder