Lucene search
K

7 matches found

OSV
OSV
added 2025/03/06 7:5 p.m.20 views

CVE-2025-27600 FastGPT SSRF

FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intrane...

6.9CVSS6.8AI score0.00254EPSS
Exploits0References3
CNVD
CNVD
added 2018/05/04 12:0 a.m.6 views

Cockpit Cross-Site Request Forgery Vulnerability

Cockpit is an open source CMS Content Management System for managing structured content. A server-side request forgery vulnerability exists in the /assets/lib/fuc.js.php file in Cockpit versions 0.4.4 through 0.5.5. A remote attacker can exploit this vulnerability to read arbitrary files or send...

9.1CVSS7AI score0.08933EPSS
Exploits5References1
CNVD
CNVD
added 2018/04/24 12:0 a.m.5 views

Digital Guardian Management Console Server-Side Cross-Site Request Forgery Vulnerability Vulnerability

Digital Guardian Management Console is a suite of data protection software from Digital Guardian, Inc. in the United States. The software is capable of providing software that locates enterprise networks, servers, databases, and clouds to stop malicious behavior by users or malware on endpoints. ...

6.5CVSS6.9AI score0.01195EPSS
Exploits2References1
OSV
OSV
added 2018/04/20 9:29 p.m.6 views

CVE-2018-10174

Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-only role...

6.5CVSS5.9AI score0.01195EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2018/04/10 12:0 a.m.4 views

PT-2018-5687 · Red Hat · Cockpit

Name of the Vulnerable Software and Affected Versions: Cockpit version 0.13.0 Description: The issue allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts. This is related to the use of the discontinued aheinze/fetch url contents component, specifically via the url...

9.1CVSS8.9AI score0.0197EPSS
Exploits7References2
OSV
OSV
added 2016/06/30 11:59 p.m.5 views

CVE-2016-3647

Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery SSRF attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request...

7.7CVSS5.9AI score0.01851EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2006/12/04 11:28 a.m.3 views

CVE-2006-6264

Teredo creates trusted peer entries for arbitrary incoming source Teredo addresses, even if the low 32 bits represent an intranet address, which might allow remote attackers to send IPv4 traffic to intranet hosts that use non-RFC1918 addresses, bypassing IPv4 ingress filtering...

7.5CVSS5.8AI score0.13779EPSS
Exploits0References4
Rows per page
Query Builder