EUVD-2022-3768

Malicious code in bioql PyPI...

CVE-2018-15192

An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services...

CVE-2024-32965 ssrf vulnerability in lobe-chat

Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. The jwt token header...

CVE-2024-32965 ssrf vulnerability in lobe-chat

Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. The jwt token header...

GHSA-2XCC-VM3F-M8RW @lobehub/chat Server Side Request Forgery vulnerability

Summary lobe-chat before 1.19.13 has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. Details visit https://chat-preview.lobehub.com/ click settings - llm - openai fill the...

@lobehub/chat Server Side Request Forgery vulnerability

Summary lobe-chat before 1.19.13 has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. Details visit https://chat-preview.lobehub.com/ click settings - llm - openai fill the...

lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability

Summary The latest version of lobe-chatby now v0.141.2 has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. Details visit https://chat-preview.lobehub.com/settings/agent you...

CVE-2024-32964 lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause...

CVE-2024-32964

Summary of the CVE-2024-32964 family (Lobe Chat) : A Server-Side Request Forgery vulnerability was reported in Lobe Chat prior to version 0.150.6, targeting the /api/proxy endpoint. Connected sources consistently describe an unauthenticated SSRF where an attacker can persuade the server to fetch ...

UBUNTU-CVE-2023-26735

DISPUTED blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured...

Gogs and Gitea SSRF Vulnerability

An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services...

GHSA-FG3X-RWQ9-74CW Gogs and Gitea SSRF Vulnerability

An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services...

Server-Side Request Forgery (SSRF)

An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services...

Design/Logic Flaw

The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.6410.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. This occurs...

CVE-2018-15192

An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services...

CVE-2018-15192

An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services...

CVE-2018-15192

An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services...

CVE-2018-15192

CVE-2018-15192 is an SSRF vulnerability in the webhook handling of Gitea (up to 1.5.0-rc2) and Gogs (up to 0.11.53) . The issue arises when webhook URLs are processed, allowing an attacker to trigger requests from the vulnerable server to internal (intranet) services. Multiple sources describe th...

Centrinity FirstClass 5.77 - Intranet Server Long Header Denial of Service

source: https://www.securityfocus.com/bid/1421/info If an E-mail containing an excessively long To: field in the header 1.5 MB is processed by First Class Intranet Services FCIS, a Denial of Service can occur...