Total
1195 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2927 | 1 Jizhicms | 1 Jizhicms | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230082 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1634 | 1 Otcms | 1 Otcms | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the function UseCurl of the file /admin/info_deal.php of the component URL Parameter Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224016. | |||||
| CVE-2023-1046 | 1 Muyucms | 1 Muyucms | 2024-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical has been found in MuYuCMS 2.2. This affects an unknown part of the file /admin.php/update/getFile.html. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221805 was assigned to this vulnerability. | |||||
| CVE-2022-4725 | 1 Amazon | 1 Aws Software Development Kit | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 is able to address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability. | |||||
| CVE-2017-20157 | 1 Ariadne-cms | 1 Ariadne Component Library | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in Ariadne Component Library up to 2.x. It has been classified as critical. Affected is an unknown function of the file src/url/Url.php. The manipulation leads to server-side request forgery. Upgrading to version 3.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217140. | |||||
| CVE-2024-3970 | 2024-05-15 | N/A | 5.3 MEDIUM | ||
| Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure by directory traversal. | |||||
| CVE-2024-3485 | 2024-05-15 | N/A | 5.3 MEDIUM | ||
| Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure. | |||||
| CVE-2024-4561 | 2024-05-15 | N/A | 4.2 MEDIUM | ||
| In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server. | |||||
| CVE-2024-4562 | 2024-05-15 | N/A | 5.4 MEDIUM | ||
| In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality. Due to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads to the Server Side Request Forgery. | |||||
| CVE-2024-4894 | 2024-05-15 | N/A | 5.3 MEDIUM | ||
| ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery (SSRF) attacks. This vulnerability enables attackers to probe internal network information. | |||||
| CVE-2024-0862 | 2024-05-14 | N/A | 5.0 MEDIUM | ||
| The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protection server to otherwise private network addresses. | |||||
| CVE-2024-32964 | 2024-05-14 | N/A | 9.0 CRITICAL | ||
| Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause Server-Side Request Forgery without logging in, attack intranet services, and leak sensitive information. | |||||
| CVE-2024-34351 | 2024-05-14 | N/A | 7.5 HIGH | ||
| Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a `/`. This vulnerability was fixed in Next.js `14.1.1`. | |||||
| CVE-2024-35172 | 2024-05-14 | N/A | 4.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.3. | |||||
| CVE-2024-23336 | 2024-05-01 | N/A | 5.0 MEDIUM | ||
| MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the `127.0.0.0/8` block, which may result in a Server-Side Request Forgery (SSRF) vulnerability. The Configuration File's _Disallowed Remote Addresses_ list (`$config['disallowed_remote_addresses']`) contains the address `127.0.0.1`, but does not include the complete block `127.0.0.0/8`. MyBB 1.8.38 resolves this issue in default installations. Administrators of installed boards should update the existing configuration (`inc/config.php`) to include all addresses blocked by default. Additionally, users are advised to verify that it includes any other IPv4 addresses resolving to the server and other internal resources. Users unable to upgrade may manually add 127.0.0.0/8' to their disallowed address list. | |||||
| CVE-2024-33634 | 2024-04-29 | N/A | 5.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. | |||||
| CVE-2024-33627 | 2024-04-29 | N/A | 4.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in Cusmin Absolutely Glamorous Custom Admin.This issue affects Absolutely Glamorous Custom Admin: from n/a through 7.2.2. | |||||
| CVE-2024-33629 | 2024-04-29 | N/A | 4.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in Creative Motion Auto Featured Image (Auto Post Thumbnail).This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a through 4.0.0. | |||||
| CVE-2024-33590 | 2024-04-29 | N/A | 5.0 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.16.1. | |||||
| CVE-2024-33592 | 2024-04-25 | N/A | 5.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. | |||||