Youke365 Security Breach

Youke365 Youke365 is a professional web site navigation system of China Youke365 Youke365 company. A security vulnerability exists in Youke365 1.5.3 and earlier versions, which stems from a Server Request Forgery SSRF vulnerability in the file /app/controller/caiji.php...

Inis Code Issues Vulnerabilities

Inis is a web application. A code issue vulnerability exists in Inis 2.0.1 and earlier versions, which stems from a server request forgery SSRF vulnerability in the file app/api/controller/default/Proxy.php...

WordPress Plugin affiliate-toolkit Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

Audiobookshelf Code Issue Vulnerability

Audiobookshelf is a self-hosted audiobook and podcast server from audiobookshelf open source. A code issue vulnerability exists in Audiobookshelf versions prior to 2.7.0, which stems from a Server Request Forgery SSRF vulnerability in Auth.js...

Audiobookshelf Code Issue Vulnerability

Audiobookshelf is audiobookshelf open source a self-hosted audiobook and podcast server. A code issue vulnerability exists in Audiobookshelf versions prior to 2.7.0, which stems from a server request forgery SSRF vulnerability in podcastUtils.js...

automad Code Issues Vulnerabilities

automad is a flat file content management system and template engine. A code issue vulnerability exists in automad 1.10.9 and earlier versions, which stems from a Server Request Forgery SSRF vulnerability in the function import in the file FileController.php...

Bazarr Code Issue Vulnerability

Bazarr is a software from Bazarr, a companion application to Sonarr and Radarr that manages and downloads subtitles according to your requirements. A code issue vulnerability exists in Bazarr version 1.2.4, which stems from a Server Request Forgery SSRF vulnerability in the file...

CVE-2023-49563

Cross Site Scripting XSS in Voltronic Power SNMP Web Pro v.1.1 allows an attacker to execute arbitrary code via a crafted script within a request to the webserver...

EspoCRM Code Issues Vulnerabilities

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A code issue vulnerability exists in EspoCRM 8.0.2 and prior versions that stems from the presence of a Server Request Forgery SS...

UBUNTU-CVE-2022-45592

1 Server Side Request Forgery SSRF, 2 persistant Cross site scripting XSS, and 3 File upload vulnerability...

GHSA-QW4H-3XJJ-84CC Apache Tiles: Unvalidated input may lead to path traversal and XXE

The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relativel...

Trellix Enterprise Security Manager Code Issue Vulnerability

Trellix Enterprise Security Manager is an application from American FireEye Trellix, Inc. for real-time monitoring and analysis enables you to quickly prioritize, investigate and respond to hidden threats. A code issue vulnerability exists in Trellix Enterprise Security Manager versions prior to...

PublicCMS Security Vulnerabilities

PublicCMS is an open source content management system CMS written in Java by PublicCMS China. A security vulnerability exists in PublicCMS version v.4.0.202302.e, which stems from the presence of a Server Request Forgery SSRF vulnerability. An attacker can exploit the vulnerability to obtain...

ZOHO ManageEngine Desktop Central Code Issue Vulnerability

ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management. A code issue...

GHSA-JHWW-FX2J-3RF7 FoodCoopShop Server-Side Request Forgery vulnerability

There is a potential SSRF vulnerability in foodcoopshop. Since there is no security policy on your Github, I tried to use the emails to contact you. The potential issue is in the Network module, where a manufacturer account can use the /api/updateProducts.json endpoint to make the server send a...

WordPress Plugin Assistant Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Home Assistant Code Issue Vulnerability

Home Assistant is an open source home automation management system. The system is primarily used to control home automation devices. A security vulnerability exists in Home Assistant Companion versions prior to 2023.7, which stems from a Server Request Forgery SSRF vulnerability in the component...

Zabbix Security Vulnerabilities

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. A security vulnerability exists in Zabbix that stems from A server request forgery SSRF vulnerability exists in the Frontend component...

Discourse Code Issue Vulnerability

Discourse is an open source community discussion platform. The platform includes community, email and chat room features. A security vulnerability exists in Discourse Discourse-jira, which originated from a vulnerability that allows an attacker to conduct a server request forgery SSRF attack by...

CVE-2023-32791 Cross-Site Request Forgery on NXLog Manager

Cross-Site Request Forgery CSRF vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to manipulate and delete user accounts within the platform by sending a specifically crafted query to the server. The vulnerability is based on the lack of proper validation of t...