Lucene search
+L

10878 matches found

Nuclei
Nuclei
added 14 hours ago111 views

MinIO Browser API - Server-Side Request Forgery

MinIO Browser API before version RELEASE.2021-01-30T00-20-58Z contains a server-side request forgery vulnerability. id: CVE-2021-21287 info: name: MinIO Browser API - Server-Side Request Forgery author: pikpikcu severity: high description: MinIO Browser API before version...

7.7CVSS7.3AI score0.24784EPSS
Exploits0References5
Nuclei
Nuclei
added 14 hours ago45 views

Geoserver - Server-Side Request Forgery

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows server-side request forgery via the option for setting a proxy host. id: CVE-2021-40822 info: name: Geoserver - Server-Side Request Forgery author: For3stCo1d,aringo-bf severity: high description: GeoServer through 2.18.5 and 2.19.x throug...

7.5CVSS7.3AI score0.19761EPSS
Exploits0References5
Nuclei
Nuclei
added 14 hours ago107 views

Alibaba Sentinel - Server-side request forgery (SSRF)

There is a Pre-Auth SSRF vulnerability in Alibaba Sentinel version 1.8.2, which allows remote unauthenticated attackers to perform SSRF attacks via the /registry/machine endpoint through the ip parameter. id: CVE-2021-44139 info: name: Alibaba Sentinel - Server-side request forgery SSRF author:...

7.5CVSS7.4AI score0.06485EPSS
Exploits1References1
Nuclei
Nuclei
added 14 hours ago68 views

WordPress Like Button Rating <2.6.32 - Server-Side Request Forgery

WordPress Like Button Rating plugin before 2.6.32 is susceptible to server-side request forgery. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-24150 info: name: WordPress Like Button Rating 2.6.32 - Server-Side Request Forgery...

7.5CVSS7.4AI score0.04337EPSS
Exploits1References3
Nuclei
Nuclei
added 14 hours ago111 views

MeterSphere < 2.5.0 SSRF

MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in...

7.2CVSS6.2AI score0.01607EPSS
Exploits1References4
Nuclei
Nuclei
added 14 hours ago83 views

XStream <1.4.18 - Server-Side Request Forgery

XStream before 1.4.18 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream with a Java runtime version 14 to 8. This makes it possible to obtain sensitive information, modify...

8.5CVSS7.1AI score0.11377EPSS
Exploits2References5
Nuclei
Nuclei
added 14 hours ago30 views

Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery

The Shibboleth Identity Provider OIDC OP plugin before 3.0.4 is vulnerable to server-side request forgery SSRF due to insufficient restriction of the requesturi parameter, which allows attackers to interact with arbitrary third-party HTTP services. id: CVE-2022-24129 info: name: Shibboleth OIDC O...

8.2CVSS7.9AI score0.06139EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago59 views

Netmask NPM Package - Server-Side Request Forgery

Netmask NPM Package is susceptible to server-side request forgery because of improper input validation of octal strings in netmask npm package. This allows unauthenticated remote attackers to perform indeterminate SSRF, remote file inclusion, and local file inclusion attacks on many of the...

9.1CVSS7.3AI score0.16657EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago74 views

Formcraft3 <3.8.28 - Server-Side Request Forgery

Formcraft3 before version 3.8.2 does not validate the URL parameter in the formcraft3get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users. id: CVE-2022-0591 info: name: Formcraft3 3.8.28 - Server-Side Request Forgery author: Akincibor,j4vaovo severit...

9.1CVSS8.3AI score0.20249EPSS
Exploits2References2
Nuclei
Nuclei
added 14 hours ago13 views

Arcane <= 1.17.2 - Server-Side Request Forgery

Arcane = 1.17.3 contains an unauthenticated server-side request forgery caused by lack of URL scheme and host validation in /api/templates/fetch endpoint, letting remote attackers perform SSRF, exploit requires no authentication. id: CVE-2026-40242 info: name: Arcane = 1.17.2 - Server-Side Reques...

7.2CVSS5.3AI score0.00621EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago110 views

LMDeploy - Server-Side Request Forgery

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in the vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating internal or...

7.5CVSS5.8AI score0.4525EPSS
Exploits2References3
Nuclei
Nuclei
added 14 hours ago18 views

Dozzle - Server Side Request Forgery

Dozzle prior to 10.5.2 contains a server-side request forgery caused by unauthenticated access to POST /api/notifications/test-webhook forwarding attacker-controlled URLs, letting remote attackers send arbitrary HTTP POST requests and receive response data, exploit requires no authentication. id:...

8.6CVSS5.5AI score0.01491EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago37 views

WordPress Broken Link Notifier < 1.3.1 - Unauthenticated SSRF

The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajaxblinks function which ultimately calls the checkurlstatuscode function. This makes it possible for unauthenticated attackers to make web requests to...

7.2CVSS5.4AI score0.00623EPSS
Exploits0References3
Nuclei
Nuclei
added 14 hours ago27 views

Qualitor <= v8.24 - Server-Side Request Forgery

Qualitor v8.24 was discovered to contain a Server-Side Request Forgery SSRF via the component /request/viewValidacao.php. id: CVE-2024-48360 info: name: Qualitor = v8.24 - Server-Side Request Forgery author: s4e-io severity: high description: | Qualitor v8.24 was discovered to contain a Server-Si...

7.5CVSS5.2AI score0.03905EPSS
Exploits3References3
Nuclei
Nuclei
added 14 hours ago49 views

MindsDB -DNS Rebinding SSRF Protection Bypass

Detects DNS rebinding vulnerability that allows bypass of SSRF protection. The vulnerability exists in the URL validation mechanism where DNS resolution is performed without considering DNS rebinding attacks. id: CVE-2024-24759 info: name: MindsDB -DNS Rebinding SSRF Protection Bypass author: Lee...

9.3CVSS5.2AI score0.04936EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago80 views

Apache HTTPd Windows UNC - Server-Side Request Forgery

SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note- Existing configurations that access UNC paths will have to configure new...

7.5CVSS6.3AI score0.6795EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago63 views

DedeCMS 5.7.109 - Server-Side Request Forgery

Manipulation of the rssurl parameter in codo.php leads to server-side request forgery in DedeCMS version 5.7.109. id: CVE-2023-3578 info: name: DedeCMS 5.7.109 - Server-Side Request Forgery author: ritikchaddha severity: critical description: | Manipulation of the rssurl parameter in codo.php lea...

9.8CVSS6.3AI score0.0357EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago93 views

LocalAI - Partial Local File Read

A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https-// and file-// schemes, where the latter can lead to LFI. However, the output is limited due to the...

5.8CVSS5.8AI score0.02475EPSS
Exploits1References3
Nuclei
Nuclei
added 14 hours ago479 views

Next.js - Server Side Request Forgery (SSRF)

Next.Js, inferior to version 14.1.1, have its image optimization built-in component prone to SSRF. id: CVE-2024-34351 info: name: Next.js - Server Side Request Forgery SSRF author: righettod severity: high description: | Next.Js, inferior to version 14.1.1, have its image optimization built-in...

7.5CVSS7.5AI score0.05453EPSS
Exploits3References5
Nuclei
Nuclei
added 14 hours ago56 views

GitLab Enterprise Edition - Server-Side Request Forgery

An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue. id: CVE-2019-6793 info: name: GitLab Enterprise Edition - Server-Side Request Forgery author:...

7CVSS7.2AI score0.03506EPSS
Exploits1References2
Rows per page
Query Builder