39 matches found
EUVD-2008-5819
Malware in sbrugna...
EUVD-2005-4747
Malware in sbrugna...
EUVD-2020-23368
Malware in sbrugna...
EUVD-2017-14622
Malware in sbrugna...
EUVD-2006-0182
Malware in sbrugna...
EUVD-2020-5734
Malware in sbrugna...
EUVD-2025-7793
Malicious code in bioql PyPI...
CVE-2020-13484
Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing 'meta name="og:image" content="' followed by an intranet URL...
CVE-2020-35710
Parallels Remote Application Server RAS 18 allows remote attackers to discover an intranet IP address because submission of the login form even with blank credentials provides this address to the attacker's client for use as a "host" value. In other words, after an attacker's web browser sent a...
CVE-2025-27600
FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intrane...
CVE-2025-27600
FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intrane...
CVE-2025-27600 FastGPT SSRF
FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intrane...
PT-2025-10000
Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.9.0 Description The issue arises from the web crawling plug-in's failure to perform intranet IP verification. This allows an attacker to initiate an intranet IP request, causing the system to make a request through...
CVE-2024-37164
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a CVAT...
CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a CVAT...
CVE-2024-4084
A Server-Side Request Forgery SSRF vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192, 172...
CVE-2024-4084 SSRF vulnerability in mintplex-labs/anything-llm
A Server-Side Request Forgery SSRF vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192, 172...
CVE-2024-4084 SSRF vulnerability in mintplex-labs/anything-llm
A Server-Side Request Forgery SSRF vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192, 172...
After upgrade to 13.0-85.x or above, unable to access Citrix VPN.
Users getting " No Intranet IP available " post authentication to Citrix VPN. This is only seen in ADC version 13.0-85.x and above...
CVE-2020-35710
Parallels Remote Application Server RAS 18 allows remote attackers to discover an intranet IP address because submission of the login form even with blank credentials provides this address to the attacker's client for use as a "host" value. In other words, after an attacker's web browser sent a...