Total
1195 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47619 | 1 Audiobookshelf | 1 Audiobookshelf | 2024-02-28 | N/A | 6.5 MEDIUM |
| Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of time of publication, no patches are available. | |||||
| CVE-2022-40312 | 1 Givewp | 1 Givewp | 2024-02-28 | N/A | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1. | |||||
| CVE-2023-6991 | 1 Surniaulula | 1 Jsm File Get Contents\(\) Shortcode | 2024-02-28 | N/A | 8.8 HIGH |
| The JSM file_get_contents() Shortcode WordPress plugin before 2.7.1 does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks. | |||||
| CVE-2024-22205 | 1 Benbusby | 1 Whoogle Search | 2024-02-28 | N/A | 9.8 CRITICAL |
| Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `window` endpoint does not sanitize user-supplied input from the `location` variable and passes it to the `send` method which sends a `GET` request on lines 339-343 in `request.py,` which leads to a server-side request forgery. This issue allows for crafting GET requests to internal and external resources on behalf of the server. For example, this issue would allow for accessing resources on the internal network that the server has access to, even though these resources may not be accessible on the internet. This issue is fixed in version 0.8.4. | |||||
| CVE-2023-50266 | 1 Bazarr | 1 Bazarr | 2024-02-28 | N/A | 5.3 MEDIUM |
| Bazarr manages and downloads subtitles. In version 1.2.4, the proxy method in bazarr/bazarr/app/ui.py does not validate the user-controlled protocol and url variables and passes them to requests.get() without any sanitization, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting GET requests to internal and external resources on behalf of the server. 1.3.1 contains a partial fix, which limits the vulnerability to HTTP/HTTPS protocols. | |||||
| CVE-2023-51451 | 1 Sentry | 1 Symbolicator | 2024-02-28 | N/A | 4.3 MEDIUM |
| Symbolicator is a service used in Sentry. Starting in Symbolicator version 0.3.3 and prior to version 21.12.1, an attacker could make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could be exposed via Symbolicator's API. In affected Sentry instances, the data could be exposed through the Sentry API and user interface if the attacker has a registered account. The issue has been fixed in Symbolicator release 23.12.1, Sentry self-hosted release 23.12.1, and has already been mitigated on sentry.io on December 18, 2023. If updating is not possible, some other mitigations are available. One may disable JS processing by toggling the option `Allow JavaScript Source Fetching` in `Organization Settings > Security & Privacy` and/or disable all untrusted public repositories under `Project Settings > Debug Files`. Alternatively, if JavaScript and native symbolication are not required, disable Symbolicator completely in `config.yml`. | |||||
| CVE-2022-45362 | 1 Paytm | 1 Payment Gateway | 2024-02-28 | N/A | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Payment Gateway.This issue affects Paytm Payment Gateway: from n/a through 2.7.0. | |||||
| CVE-2023-38627 | 1 Trendmicro | 1 Apex Central | 2024-02-28 | N/A | 5.4 MEDIUM |
| A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38626. | |||||
| CVE-2024-22203 | 1 Benbusby | 1 Whoogle Search | 2024-02-28 | N/A | 9.8 CRITICAL |
| Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a GET request on lines 339-343 in `request.py`, which leads to a server-side request forgery. This issue allows for crafting GET requests to internal and external resources on behalf of the server. For example, this issue would allow for accessing resources on the internal network that the server has access to, even though these resources may not be accessible on the internet. This issue is fixed in version 0.8.4. | |||||
| CVE-2024-23838 | 1 Truelayer | 1 Truelayer.net | 2024-02-28 | N/A | 7.5 HIGH |
| TrueLayer.NET is the .Net client for TrueLayer. The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet could be made which could lead to information disclosure. The issue can be mitigated by having strict egress rules limiting the destinations to which requests can be made, and applying strict validation to any user input passed to the `truelayer-dotnet` library. Versions of TrueLayer.Client `v1.6.0` and later are not affected. | |||||
| CVE-2023-6570 | 1 Kubeflow | 1 Kubeflow | 2024-02-28 | N/A | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) in kubeflow/kubeflow | |||||
| CVE-2024-22648 | 1 Seopanel | 1 Seo Panel | 2024-02-28 | N/A | 5.3 MEDIUM |
| A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment. | |||||
| CVE-2024-22408 | 1 Shopware | 1 Shopware | 2024-02-28 | N/A | 8.1 HIGH |
| Shopware is an open headless commerce platform. The implemented Flow Builder functionality in the Shopware application does not adequately validate the URL used when creating the “call webhook” action. This enables malicious users to perform web requests to internal hosts. This issue has been fixed in the Commercial Plugin release 6.5.7.4 or with the Security Plugin. For installations with Shopware 6.4 the Security plugin is recommended to be installed and up to date. For older versions of 6.4 and 6.5 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. | |||||
| CVE-2023-46262 | 1 Ivanti | 1 Avalanche | 2024-02-28 | N/A | 7.5 HIGH |
| An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server. | |||||
| CVE-2023-47116 | 1 Humansignal | 1 Label Studio | 2024-02-28 | N/A | 5.3 MEDIUM |
| Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the `SSRF_PROTECTION_ENABLED` environment variable can be bypassed to access internal web servers. This is because the current SSRF validation is done by executing a single DNS lookup to verify that the IP address is not in an excluded subnet range. This protection can be bypassed by either using HTTP redirection or performing a DNS rebinding attack. | |||||
| CVE-2023-46207 | 1 Stylemixthemes | 1 Motors - Car Dealer\, Classifieds \& Listing | 2024-02-28 | N/A | 7.5 HIGH |
| Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing.This issue affects Motors – Car Dealer, Classifieds & Listing: from n/a through 1.4.6. | |||||
| CVE-2024-1063 | 1 Appwrite | 1 Appwrite | 2024-02-28 | N/A | 7.5 HIGH |
| Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF) via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159. | |||||
| CVE-2023-51467 | 1 Apache | 1 Ofbiz | 2024-02-28 | N/A | 9.8 CRITICAL |
| The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code | |||||
| CVE-2024-0628 | 1 Wprssaggregator | 1 Wp Rss Aggregator | 2024-02-28 | N/A | 3.8 LOW |
| The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
| CVE-2023-40969 | 1 Slims | 1 Senayan Library Management System | 2024-02-28 | N/A | 6.1 MEDIUM |
| Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php. | |||||