Lucene search
K

397 matches found

nessus
nessus
added 2025/07/17 12:0 a.m.7 views

Oracle Coherence (July 2025 CPU)

The 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0 versions of Coherence installed on the remote host are affected by a vulnerability as referenced in the July 2025 CPU advisory. - Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class,...

5.3CVSS6.5AI score0.00986EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2025/06/26 12:0 a.m.3 views

PT-2025-27002 · Github · Octo-Sts

Name of the Vulnerable Software and Affected Versions: Octo-STS versions prior to v0.5.3 Description: Octo-STS is a GitHub App that acts like a Security Token Service STS for the GitHub API. The issue allows for unauthenticated Server-Side Request Forgery SSRF by abusing fields in OpenID Connect...

8.6CVSS7.2AI score0.0041EPSS
Exploits0References11
rosalinux
rosalinux
added 2025/06/23 7:57 a.m.8 views

Advisory ROSA-SA-2025-2901

Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-51.rv3.5 CVE-ID: CVE-2024-38472 BDU-ID: 2024-05354 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Apache HTTP Server web server is related to insufficient validation of incoming requests. Exploitation of the...

9.1CVSS7.6AI score0.6795EPSS
Exploits6
ibm
ibm
added 2025/06/20 11:36 a.m.2 views

Security Bulletin: Vulnerability in jetty-http affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-6763]

Summary The jetty-http package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-6763 Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet...

5.3CVSS5.1AI score0.00986EPSS
Exploits1Affected Software1
nvd
nvd
added 2025/06/19 10:15 p.m.6 views

CVE-2025-47293

PowSyBl Power System Blocks is a framework to build power system oriented software. Prior to version 6.7.2, in certain places, powsybl-core XML parsing is vulnerable to an XML external entity XXE attack and to a server-side request forgery SSRF attack. This allows an attacker to elevate their...

6.9CVSS0.00371EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/06/19 9:35 p.m.5 views

CVE-2025-47293 PowSyBl Core XML Reader allows XXE and SSRF

PowSyBl Power System Blocks is a framework to build power system oriented software. Prior to version 6.7.2, in certain places, powsybl-core XML parsing is vulnerable to an XML external entity XXE attack and to a server-side request forgery SSRF attack. This allows an attacker to elevate their...

6.9CVSS7AI score0.00371EPSS
Exploits0References3
cvelist
cvelist
added 2025/06/19 9:35 p.m.17 views

CVE-2025-47293 PowSyBl Core XML Reader allows XXE and SSRF

PowSyBl Power System Blocks is a framework to build power system oriented software. Prior to version 6.7.2, in certain places, powsybl-core XML parsing is vulnerable to an XML external entity XXE attack and to a server-side request forgery SSRF attack. This allows an attacker to elevate their...

6.9CVSS0.00371EPSS
Exploits0References3
osv
osv
added 2025/06/19 9:35 p.m.7 views

CVE-2025-47293 PowSyBl Core XML Reader allows XXE and SSRF

PowSyBl Power System Blocks is a framework to build power system oriented software. Prior to version 6.7.2, in certain places, powsybl-core XML parsing is vulnerable to an XML external entity XXE attack and to a server-side request forgery SSRF attack. This allows an attacker to elevate their...

6.9CVSS6.6AI score0.00371EPSS
Exploits0References5
github
github
added 2025/06/19 2:29 p.m.11 views

PowSyBl Core XML Reader allows XXE and SSRF

Impact What kind of vulnerability is it? Who is impacted? In certain places, powsybl-core XML parsing is vulnerable to an XXE attack and in on place also to an SSRF attack. This allows an attacker to elevate their privileges to read files that they do not have permissions to, including sensitive...

6.9CVSS6.5AI score0.00371EPSS
Exploits0References5Affected Software1
bdu_fstec
bdu_fstec
added 2025/06/18 12:0 a.m.7 views

The vulnerabilities of the `sasl.oauthbearer.token.endpoint.url` and `sasl.oauthbearer.jwks.endpoint.url` configurations in the Apache Kafka message dispatcher client allow a attacker to perform an SSRF attack.

The vulnerabilities of the sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url configurations in the Apache Kafka message dispatcher client are related to insufficient validation of incoming requests. Exploiting these vulnerabilities could allow a malicious actor to perform...

7.8CVSS7.2AI score0.62368EPSS
Exploits2References5Affected Software2
ptsecurity
ptsecurity
added 2025/06/16 12:0 a.m.4 views

PT-2025-30599 · Fast Reports · Fastreport .Net

Уязвимость библиотеки генерации отчетов и документов FastReport .NET связана с неверным ограничением XML-ссылок на внешние объекты. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ на чтение файлов и осуществить SSRF-атаку...

8.5CVSS7.3AI score
Exploits0References2
nvd
nvd
added 2025/06/10 1:15 a.m.12 views

CVE-2025-42988

Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure of information could further enable the researcher to cause SSRF. It has no...

5.3CVSS0.00222EPSS
Exploits0References2
ibm
ibm
added 2025/06/03 8:19 a.m.8 views

Security Bulletin: IBM Engineering Systems Design Rhapsody affected by CVE-2024-6763

Summary jetty-http-12.0.9.jar, jetty-server-12.0.9.jar was vulnerable and IBM Engineering Systems Design Rhapsodyhas upgraded JARs to org.eclipse.jetty:jetty-http:12.0.12;org.eclipse.jetty:jetty-server:12.0.12 Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight,...

5.3CVSS6.1AI score0.00986EPSS
Exploits1Affected Software1
ibm
ibm
added 2025/05/29 3:46 p.m.22 views

Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition (ITNM).

Summary Multiple vulnerabilities were addressed in ITNM version 4.2 Fix Pack 22 4.2.0.22 Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the...

7.5CVSS8.6AI score0.01941EPSS
Exploits1Affected Software1
redhatcve
redhatcve
added 2025/05/23 9:58 a.m.6 views

CVE-2024-27098

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13...

9.6CVSS6.8AI score0.3572EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 6:42 a.m.13 views

CVE-2024-4260

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks...

6.5CVSS6.8AI score0.00541EPSS
Exploits1
redhatcve
redhatcve
added 2025/05/23 6:36 a.m.13 views

CVE-2024-10903

The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisite installation...

4.7CVSS6.8AI score0.00347EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 4:57 a.m.11 views

CVE-2023-6294

The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations...

7.5CVSS6.6AI score0.00812EPSS
Exploits2
redhatcve
redhatcve
added 2025/05/23 4:38 a.m.6 views

CVE-2023-44384

Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the discoursejiraverboselog site setting. A moderator user cou...

4.1CVSS6.8AI score0.00426EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 4:17 a.m.7 views

CVE-2023-48307

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for...

9.8CVSS6.7AI score0.00866EPSS
Exploits0
Rows per page
Query Builder