49 matches found
SUSE CVE-2024-39573
Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
CVE-2023-5877 affiliate-toolkit < 3.4.3 - Unauthenticated SSRF
The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkpimagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a...
SUSE-SU-2022:3250-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: - CVE-2022-35949: Fixed SSRF when an application takes in user input into the path/pathname option of undici.request bsc1202382. - CVE-2022-35948: Fixed CRLF injection via Content-Type bsc1202383. - CVE-2022-29244: Fixed npm pack ignores...
Server side request forgery (ssrf)
The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs...
CVE-2020-35850
An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states "I don't think it is a big real-life issue...
Kaltura Community Edition 11.1.0-2 - Multiple Vulnerabilities
Kaltura Community Edition 11.1.0-2 - Multiple Vulnerabilities , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Kaltura Community Edition Multiple Vulnerabilities Affected versions: Kaltura Community...
Kaltura Community Edition 11.1.0-2 Code Execution / File Upload / File Read
, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Kaltura Community Edition Multiple Vulnerabilities Affected versions: Kaltura Community Edition =11.1.0-2 PDF:...
Server side request forgery (ssrf)
The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery SSRF issue, a similar vulnerability to CVE-2013-0235...
CVE-2013-2199
The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery SSRF issue, a similar vulnerability to CVE-2013-0235...