Lucene search
+L

255 matches found

Vulnrichment
Vulnrichment
added 2024/01/30 9:20 a.m.8 views

CVE-2024-1063

Appwrite = v1.4.13 is affected by a Server-Side Request Forgery SSRF via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159...

5.3CVSS6.8AI score0.00445EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/01/16 9:31 p.m.1 views

CVE-2024-0601 ZhongFuCheng3y Austin Email Message Template AustinFileUtils.java getRemoteUrl2File server-side request forgery

A vulnerability was found in ZhongFuCheng3y Austin 1.0. It has been rated as critical. Affected by this issue is the function getRemoteUrl2File of the file src\main\java\com\java3y\austin\support\utils\AustinFileUtils.java of the component Email Message Template Handler. The manipulation leads to...

6.5CVSS6.4AI score0.00482EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/12/13 9:2 p.m.6 views

CVE-2023-47619 Audiobookshelf Server-Side Request Forgery and Arbitrary File Read Vulnerability

Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of...

8.1CVSS8AI score0.00607EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.15 views

Theme Editor < 2.8 - Admin+ Arbitrary File Upload

Description The plugin is vulnerable to arbitrary file uploads which could allow users with administrator privileges or higher to upload arbitrary files on the affected site's server which may make remote code execution possible...

9.8AI score0.00603EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/13 12:0 a.m.6 views

PT-2023-32185 · Vriteio · Vrite

Name of the Vulnerable Software and Affected Versions: vriteio/vrite versions prior to 0.3.0 Description: The issue is related to Server-Side Request Forgery SSRF in the GitHub repository vriteio/vrite. SSRF is a type of attack where an attacker can trick a server into making requests to internal...

10CVSS9.2AI score0.00842EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2023/09/19 3:53 p.m.1 views

CVE-2023-42450 Mastodon Server-Side Request Forgery vulnerability

Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if...

5.4CVSS6.4AI score0.00386EPSS
Exploits0References2
Veracode
Veracode
added 2023/08/06 2:28 p.m.24 views

Arbitrary Code Execution

gitlab is vulnerable to Arbitrary Code Execution. An attacker can inject and execute malicious code on server...

9.9CVSS7.4AI score0.13108EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/04 12:0 a.m.10 views

CVE-2023-29689

PyroCMS 3.9 contains a remote code execution RCE vulnerability that can be exploited through a server-side template injection SSTI flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system...

8.5AI score0.4111EPSS
Exploits4References2
Vulnrichment
Vulnrichment
added 2023/04/06 4:2 p.m.8 views

CVE-2023-29010 BudiBase Server-Side Request Forgery vulnerability

Budibase is a low code platform for creating internal tools, workflows, and admin panels. Versions prior to 2.4.3 07 March 2023 are vulnerable to Server-Side Request Forgery. This can lead to an attacker gaining access to a Budibase AWS secret key. Users of Budibase cloud need to take no action...

6.5CVSS6.5AI score0.00647EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/04/06 12:0 a.m.5 views

PT-2023-22085 · Budibase · Budibase

Name of the Vulnerable Software and Affected Versions: Budibase versions prior to 2.4.3 Description: Budibase is a low code platform for creating internal tools, workflows, and admin panels. The issue can lead to an attacker gaining access to a Budibase AWS secret key due to Server-Side Request...

6.5CVSS6.5AI score0.00647EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2023/02/20 12:0 a.m.7 views

CVE-2023-26092

Liima before 1.17.28 allows server-side template injection...

9.7AI score0.00861EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/12/29 12:0 a.m.14 views

PT-2022-24289 · Esri · Arcgis Enterprise +1

🚨 CVE-2022-38212 Protections against potential Server-Side Request Forgery SSRF vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to...

7.5CVSS7.7AI score0.00876EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2022/12/21 12:0 a.m.5 views

CVE-2022-47635

Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23 allows Server-side request forgery SSRF via ZohoClient.php...

9.6AI score0.00621EPSS
Exploits0References1
Veracode
Veracode
added 2022/12/08 3:54 a.m.37 views

Denial Of Service (DoS)

github.com/containerd/containerd is vulnerable to denial of service. The vulnerability exists in the CRI stream server of httpstream.go due to exhausted memory on the host, which allows an attacker to cause an application crash via issuing a faulty command...

6.5CVSS6.3AI score0.01022EPSS
Exploits0References7Affected Software4
Vulnrichment
Vulnrichment
added 2022/10/26 12:0 a.m.6 views

CVE-2022-43776

The url parameter of the /api/geojson endpoint in Metabase versions 44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects...

6.5AI score0.00656EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/09/23 3:28 p.m.5 views

CVE-2022-2971 MZ Automation libIEC61850 Access of Resource Using Incompatible Type ('Type Confusion')

MZ Automation's libIEC61850 versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload...

8.6CVSS8.5AI score0.00848EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/09/06 10:19 p.m.8 views

CVE-2022-1525 Cognex 3D-A1000 Dimensioning System Client-Side Enforcement of Server-Side Security

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements...

9.1CVSS9.4AI score0.00694EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/03/28 9:45 p.m.8 views

CVE-2022-24789 Deserialization of untrusted data in C1 CMS.

C1 CMS is an open-source, .NET based Content Management System CMS. Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery SSRF by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. The attacker may also...

7.6CVSS7.4AI score0.00734EPSS
Exploits0References2
OSV
OSV
added 2022/03/18 7:15 a.m.7 views

CVE-2022-27191

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey...

7.5CVSS8.2AI score
Exploits0References14
NVD
NVD
added 2021/12/06 9:15 p.m.15 views

CVE-2021-4075

snipe-it is vulnerable to Server-Side Request Forgery SSRF...

7.2CVSS0.00893EPSS
Exploits1References2
Rows per page
Query Builder