Browsershot Server-Side Request Forgery (SSRF) via setURL() Function

Versions of the package spatie/browsershot from 0.0.0 to 5.0.3 are vulnerable to Server-side Request Forgery SSRF in the setUrl function due to a missing restriction on user input, enabling attackers to access localhost and list all of its directories...

CVE-2025-3192

Versions of the package spatie/browsershot from 0.0.0 are vulnerable to Server-side Request Forgery SSRF in the setUrl function due to a missing restriction on user input, enabling attackers to access localhost and list all of its directories...

CVE-2025-3192

Versions of the package spatie/browsershot from 0.0.0 are vulnerable to Server-side Request Forgery SSRF in the setUrl function due to a missing restriction on user input, enabling attackers to access localhost and list all of its directories...

CVE-2025-3192

Versions of the package spatie/browsershot from 0.0.0 are vulnerable to Server-side Request Forgery SSRF in the setUrl function due to a missing restriction on user input, enabling attackers to access localhost and list all of its directories...

CVE-2025-3139

A vulnerability was found in code-projects Bus Reservation System 1.0 and classified as critical. Affected by this issue is the function Login of the component Login Form. The manipulation of the argument Str1 leads to buffer overflow. It is possible to launch the attack on the local host. The...

CVE-2025-25194 Server-Side Request Forgery (SSRF) in activitypub_federation

Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypubfederation, a framework for ActivityPub federation in Rust. This vulnerability, which is present in versions 0.6.2 and prior of activitypubfederation and versions 0.19...

GHSA-7723-35V7-QCXW Server-Side Request Forgery (SSRF) in activitypub_federation

Summary This vulnerability allows a user to bypass any predefined hardcoded URL path or security anti-Localhost mechanism and perform an arbitrary GET request to any Host, Port and URL using a Webfinger Request. Details The Webfinger endpoint takes a remote domain for checking accounts as a...

Server-Side Request Forgery (SSRF) in activitypub_federation

Summary This vulnerability allows a user to bypass any predefined hardcoded URL path or security anti-Localhost mechanism and perform an arbitrary GET request to any Host, Port and URL using a Webfinger Request. Details The Webfinger endpoint takes a remote domain for checking accounts as a...

AppHouseKitchen AlDente 安全漏洞

AppHouseKitchen AlDente is a battery charging restriction software from AppHouseKitchen. A security vulnerability exists in AppHouseKitchen AlDente version 1.29 and earlier, which stems from improper authorization of the XPC service and allows localhost attacks...

CVE-2024-35199

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions the two gRPC ports 7070 and 7071, are not bound to localhost by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTor...

CVE-2024-42182

BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery SSRF vulnerability. It may allow the application to download files from an internally hosted server on localhost...

CVE-2024-42182 HCL BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability

BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery SSRF vulnerability. It may allow the application to download files from an internally hosted server on localhost...

PT-2025-6115 · Lemmy +1 · Lemmy +1

Name of the Vulnerable Software and Affected Versions: Lemmy versions 0.19.8 and prior activitypub federation versions 0.6.2 and prior Description: The vulnerability allows a user to bypass any predefined hardcoded URL path or security anti-Localhost mechanism and perform an arbitrary GET request...

CVE-2025-1385

When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...

Server-side Request Forgery (SSRF)

Overview timetagger is a Tag your time, get the insight - an open source time tracker for individuals Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to binding to 0.0.0.0:80 by default and not checking for localhost requests in the getwebtokenlocalhost...

Ruifang-tech Rebuild 安全漏洞

Ruifang-tech Rebuild is a zero-code, open-source and free enterprise management system from China Ruifang Ruifang-tech. A security vulnerability exists in Ruifang-tech Rebuild version 3.8.6. An attacker can exploit the vulnerability by incorrectly manipulating the nexturl parameter with the input...

CVE-2024-12840

Rejected reason: Red Hat Product Security has come to the conclusion that this CVE is not needed. The problem described was inteded behavior and therefore not a bug...

CVE-2024-12840

This CVE entry is rejected/not used and does not represent an active vulnerability.

CVE-2024-12840

...

CVE-2024-12840

...