Lucene search
K

46 matches found

NVD
NVD
added 2025/03/20 10:15 a.m.18 views

CVE-2024-12450

In infiniflow/ragflow versions 0.12.0, the webcrawl function in documentapp.py contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal network addresses and viewing their content through the generated PDF...

9.8CVSS0.01211EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.25 views

Azure Linux 3.0 Security Update: httpd (CVE-2024-38472)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-38472 advisory. - SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF a...

7.5CVSS6.9AI score0.6795EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/02/06 5:7 p.m.33 views

Mitmweb API Authentication Bypass Using Proxy Server

Impact In mitmweb 11.1.0 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal API bound to 127.0.0.1:8081 by default. In other words, while the client cannot access the API directly good, they can access the API through the proxy bad...

8.2CVSS7.4AI score0.00761EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 2:33 a.m.13 views

CVE-2024-42467

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, the proxy endpoint of openHAB's CometVisu add-on can be accessed without authentication. This proxy-feature can be exploited as Server-Side Request Forger...

10CVSS6.8AI score0.01035EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/01/16 12:14 a.m.281 views

Exploit for Server-Side Request Forgery in Microsoft

SSRF Exploit Script This repository contains a script designe...

8.8CVSS9.8AI score0.24441EPSS
Exploits1
GithubExploit
GithubExploit
added 2024/08/27 3:10 p.m.1636 views

Exploit for CVE-2024-34351

CVE-2024-34351 Exploit - CVE-2024-34351 PoChttps://github...

7.5CVSS7.5AI score0.05453EPSS
Exploits3
GithubExploit
GithubExploit
added 2024/01/02 2:20 p.m.188 views

Exploit for Code Injection in Apache Ofbiz

Apache OFBiz Authentication Bypass Vulnerability CVE-2023-514...

9.8CVSS10AI score0.96001EPSS
Exploits16
wpexploit
wpexploit
added 2023/12/21 12:0 a.m.185 views

JSM file_get_contents() Shortcode < 2.7.1 - Contributor+ SSRF

Description The plugin does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks. wpfgc url="http://127.0.0.1:8084"...

8.8CVSS6.8AI score0.00694EPSS
Exploits2
GithubExploit
GithubExploit
added 2023/12/12 11:56 a.m.816 views

Exploit for Server-Side Request Forgery in Resf Rocky_Linux

CVE-2021-40438 - Apache = 2.4.48 - SSRF Python exploit A craf...

9CVSS8.7AI score0.99999EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/10/10 12:0 a.m.265 views

Webedition CMS 2.9.8.8 Server-Side Request Forgery

Exploit Title: Webedition CMS v2.9.8.8 - Blind SSRF Application: Webedition CMS Version: v2.9.8.8 Bugs: Blind SSRF Technology: PHP Vendor URL: https://www.webedition.org/ Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1 Date of found: 07.09.2023 Author: Mirabbas...

7.1AI score
Exploits0
Prion
Prion
added 2022/11/03 2:15 p.m.25 views

Design/Logic Flaw

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or an external calendar in planning is subject to SSRF exploit. In case a remote...

5CVSS5.3AI score0.00591EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/11/03 12:0 a.m.26 views

CVE-2022-39276 Blind Server-Side Request Forgery (SSRF) in RSS feeds and planning

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or an external calendar in planning is subject to SSRF exploit. In case a remote...

3.5CVSS6.5AI score0.00591EPSS
Exploits1References4
CVE
CVE
added 2022/11/03 12:0 a.m.77 views

CVE-2022-39276

GLPI (Gestionnaire Libre de Parc Informatique) contains a SSRF-type issue in the planning features (RSS feeds or external calendar). If a remote script returns a redirect, the target URL isn’t checked against the administrator’s allow-list, enabling potential redirection-based access. This CVE (C...

5.3CVSS4.9AI score0.00591EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/03 12:0 a.m.10 views

CVE-2022-39276 Blind Server-Side Request Forgery (SSRF) in RSS feeds and planning

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or an external calendar in planning is subject to SSRF exploit. In case a remote...

3.5CVSS7.2AI score0.00591EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2022/09/14 6:15 p.m.45 views

CVE-2022-36112

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or extenal calendar in planning is subject to SSRF exploit. Server-side requests ca...

5.8CVSS6.8AI score0.00459EPSS
Exploits0References3
CVE
CVE
added 2022/09/14 5:45 p.m.76 views

CVE-2022-36112

GLPI (Gestionnaire Libre de Parc Informatique) contains a blind Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-36112) affecting RSS feeds and planning features. The underlying issue allows server-side requests to be made from the GLPI server to internal ports/services on its private n...

5.8CVSS5AI score0.00459EPSS
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2022/09/05 12:0 a.m.702 views

Post SMTP < 2.1.7 - Admin+ Blind SSRF

The plugin does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example. Navigate to https://example.com/wp-admin/admin.php?page=postman%2Fporttest Inside "Outgoing Mail Server Hostname"...

7.2CVSS1.2AI score0.01028EPSS
Exploits2
OSV
OSV
added 2022/01/04 5:15 p.m.25 views

CVE-2022-0086 Server-Side Request Forgery (SSRF) in transloadit/uppy

uppy is vulnerable to Server-Side Request Forgery SSRF...

8.2CVSS8.2AI score0.01207EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2021/06/16 12:0 a.m.209 views

CKEditor 3 Server-Side Request Forgery

Exploit Title: CKEditor 3 - Server-Side Request Forgery SSRF Google Dorks : inurl /editor/filemanager/connectors/uploadtest.html Date: 12-6-2021 Exploit Author: Blackangel Software Link: https://ckeditor.com/ Version:all version under 4 1,2,3 Tested on: windows 7 Steps of Exploit:- 1-using google...

0.7AI score
Exploits0
GithubExploit
GithubExploit
added 2021/03/22 7:13 a.m.134 views

Exploit for Server-Side Request Forgery in F5 Big-Ip_Access_Policy_Manager

Vuln Impact This vulnerability allows for unauthenticated at...

10CVSS9.8AI score0.99898EPSS
Exploits20
Rows per page
Query Builder