Search
Total
703 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51441 | 1 Apache | 1 Axis | 2024-01-12 | N/A | 7.2 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. Alternatively you could use a build of Axis with the patch from https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 applied. The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome. | |||||
| CVE-2024-0308 | 1 Inis Project | 1 Inis | 2024-01-12 | N/A | 8.8 HIGH |
| A vulnerability was found in Inis up to 2.0.1. It has been rated as critical. This issue affects some unknown processing of the file app/api/controller/default/Proxy.php. The manipulation of the argument p_url leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249875. | |||||
| CVE-2023-26438 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 3.1 LOW |
| External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly were able to inject configuration that would bypass existing network deny-lists. Attackers could exploit this weakness to discover the existence of restricted network infrastructure and service availability. Improvements were made to include deny-lists not only during the check of the provided connection data, but also during use. No publicly available exploits are known. | |||||
| CVE-2023-26435 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 5.0 MEDIUM |
| It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Attackers could discover restricted network topology and services as well as including local files with read permissions of the open-xchange system user. This was limited to specific file-types, like images. We have improved existing content filters and validators to avoid including any local resources. No publicly available exploits are known. | |||||
| CVE-2023-26431 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 4.3 MEDIUM |
| IPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is made. Attackers with access to user accounts could use this to bypass existing deny-list functionality and trigger requests to restricted network infrastructure to gain insight about topology and running services. We now respect possible IPV4-mapped IPv6 addresses when checking if contained in a deny-list. No publicly available exploits are known. | |||||
| CVE-2023-26442 | 1 Open-xchange | 1 Open-xchange Appsuite Office | 2024-01-12 | N/A | 3.2 LOW |
| In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sproxyd (or who is in control of the sproxyd service) could perform a server-side request-forgery attack and make Cacheservice connect to unexpected resources. We have disabled the ability to follow HTTP redirects when connecting to sproxyd resources. No publicly available exploits are known. | |||||
| CVE-2024-0303 | 1 Youke365 | 1 Youke 365 | 2024-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3. Affected is an unknown function of the file /app/api/controller/caiji.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249870 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-0304 | 1 Youke365 | 1 Youke 365 | 2024-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/collect.php. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249871. | |||||
| CVE-2022-3708 | 1 Google | 1 Web Stories | 2024-01-09 | N/A | 8.1 HIGH |
| The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This makes it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
| CVE-2022-48321 | 1 Tribe29 | 1 Checkmk | 2024-01-09 | N/A | 3.3 LOW |
| Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API. | |||||
| CVE-2024-21642 | 2024-01-08 | N/A | N/A | ||
| D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery (SSRF), allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the `Load From the Web` input is turned off by default. The only workaround for versions earlier than 3.9.0 is to only host D-Tale to trusted users. | |||||
| CVE-2022-42890 | 2 Apache, Debian | 2 Batik, Debian Linux | 2024-01-07 | N/A | 7.5 HIGH |
| A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. | |||||
| CVE-2022-40146 | 2 Apache, Debian | 2 Batik, Debian Linux | 2024-01-07 | N/A | 7.5 HIGH |
| Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. | |||||
| CVE-2022-44730 | 2 Apache, Debian | 2 Xml Graphics Batik, Debian Linux | 2024-01-07 | N/A | 4.4 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. | |||||
| CVE-2022-41704 | 2 Apache, Debian | 2 Batik, Debian Linux | 2024-01-07 | N/A | 7.5 HIGH |
| A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16. | |||||
| CVE-2022-38648 | 2 Apache, Debian | 2 Batik, Debian Linux | 2024-01-07 | N/A | 5.3 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. | |||||
| CVE-2019-17566 | 2 Apache, Oracle | 18 Batik, Api Gateway, Business Intelligence and 15 more | 2024-01-07 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. | |||||
| CVE-2020-11987 | 3 Apache, Fedoraproject, Oracle | 18 Batik, Fedora, Banking Apis and 15 more | 2024-01-07 | 6.4 MEDIUM | 8.2 HIGH |
| Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. | |||||
| CVE-2022-38398 | 2 Apache, Debian | 2 Batik, Debian Linux | 2024-01-07 | N/A | 5.3 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. | |||||
| CVE-2022-44729 | 2 Apache, Debian | 2 Xml Graphics Batik, Debian Linux | 2024-01-07 | N/A | 7.1 HIGH |
| Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later. | |||||
| CVE-2023-51676 | 1 Wedevs | 1 Happy Addons For Elementor | 2024-01-05 | N/A | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.9.1.1. | |||||
| CVE-2023-7078 | 1 Cloudflare | 1 Miniflare | 2024-01-05 | N/A | 8.1 HIGH |
| Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers. | |||||
| CVE-2023-51697 | 1 Audiobookshelf | 1 Audiobookshelf | 2024-01-05 | N/A | 7.5 HIGH |
| Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in `podcastUtils.js`. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-51665 | 1 Audiobookshelf | 1 Audiobookshelf | 2024-01-05 | N/A | 7.5 HIGH |
| Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in Auth.js. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-51467 | 1 Apache | 1 Ofbiz | 2024-01-04 | N/A | 9.8 CRITICAL |
| The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code | |||||
| CVE-2023-50968 | 1 Apache | 1 Ofbiz | 2024-01-04 | N/A | 7.5 HIGH |
| Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue. | |||||
| CVE-2023-51451 | 1 Sentry | 1 Symbolicator | 2024-01-03 | N/A | 4.3 MEDIUM |
| Symbolicator is a service used in Sentry. Starting in Symbolicator version 0.3.3 and prior to version 21.12.1, an attacker could make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could be exposed via Symbolicator's API. In affected Sentry instances, the data could be exposed through the Sentry API and user interface if the attacker has a registered account. The issue has been fixed in Symbolicator release 23.12.1, Sentry self-hosted release 23.12.1, and has already been mitigated on sentry.io on December 18, 2023. If updating is not possible, some other mitigations are available. One may disable JS processing by toggling the option `Allow JavaScript Source Fetching` in `Organization Settings > Security & Privacy` and/or disable all untrusted public repositories under `Project Settings > Debug Files`. Alternatively, if JavaScript and native symbolication are not required, disable Symbolicator completely in `config.yml`. | |||||
| CVE-2023-50258 | 1 Pymedusa | 1 Medusa | 2024-01-03 | N/A | 5.3 MEDIUM |
| Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testDiscord` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `discord_webhook` variable and passes it to the `notifiers.discord_notifier.test_notify` method, then `_notify_discord` and finally `_send_discord_msg` method, which sends a POST request to the user-controlled URL on line 64 in `/medusa/notifiers/discord.py`, which leads to a blind server-side request forgery. This issue allows for crafting POST requests on behalf of the Medusa server. Version 1.0.19 contains a fix for the issue. | |||||
| CVE-2023-50259 | 1 Pymedusa | 1 Medusa | 2024-01-03 | N/A | 5.3 MEDIUM |
| Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testslack` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `slack_webhook` variable and passes it to the `notifiers.slack_notifier.test_notify` method, then `_notify_slack` and finally `_send_slack` method, which sends a POST request to the user-controlled URL on line 103 in `/medusa/notifiers/slack.py`, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting POST requests on behalf of the Medusa server. Version 1.0.19 contains a fix for the issue. | |||||
| CVE-2021-26855 | 1 Microsoft | 1 Exchange Server | 2023-12-29 | 7.5 HIGH | 9.1 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2023-6974 | 1 Lfprojects | 1 Mlflow | 2023-12-29 | N/A | 9.8 CRITICAL |
| A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine. | |||||
| CVE-2023-7037 | 1 Automad | 1 Automad | 2023-12-29 | N/A | 8.8 HIGH |
| A vulnerability was found in automad up to 1.10.9. It has been declared as critical. This vulnerability affects the function import of the file FileController.php. The manipulation of the argument importUrl leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-248686 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2021-34473 | 1 Microsoft | 1 Exchange Server | 2023-12-28 | 10.0 HIGH | 9.1 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2023-46262 | 1 Ivanti | 1 Avalanche | 2023-12-28 | N/A | 7.5 HIGH |
| An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server. | |||||
| CVE-2022-3172 | 1 Kubernetes | 1 Apiserver | 2023-12-21 | N/A | 8.2 HIGH |
| A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties. | |||||
| CVE-2022-40312 | 1 Givewp | 1 Givewp | 2023-12-21 | N/A | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1. | |||||
| CVE-2023-48379 | 1 Softnext | 1 Mail Sqr Expert | 2023-12-21 | N/A | 5.3 MEDIUM |
| Softnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response. | |||||
| CVE-2022-41040 | 1 Microsoft | 1 Exchange Server | 2023-12-20 | N/A | 8.8 HIGH |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||
| CVE-2023-40630 | 1 Joomcode | 1 Jcdashboard | 2023-12-20 | N/A | 9.8 CRITICAL |
| Unauthenticated LFI/SSRF in JCDashboards component for Joomla. | |||||
| CVE-2023-6853 | 1 Kodcloud | 1 Kodexplorer | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in kalcaddle KodExplorer up to 4.51.03. Affected by this vulnerability is the function index of the file plugins/officeLive/app.php. The manipulation of the argument path leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The identifier of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier VDB-248221 was assigned to this vulnerability. | |||||
| CVE-2023-6852 | 1 Kodcloud | 1 Kodexplorer | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in kalcaddle KodExplorer up to 4.51.03. Affected is an unknown function of the file plugins/webodf/app.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The name of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248220. | |||||
| CVE-2023-6849 | 1 Kodcloud | 1 Kodbox | 2023-12-20 | N/A | 9.8 CRITICAL |
| A vulnerability was found in kalcaddle kodbox up to 1.48. It has been rated as critical. Affected by this issue is the function cover of the file plugins/fileThumb/app.php. The manipulation of the argument path leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The patch is identified as 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. VDB-248210 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-49159 | 1 Sean-barton | 1 Commentluv | 2023-12-19 | N/A | 7.5 HIGH |
| Server-Side Request Forgery (SSRF) vulnerability in Elegant Digital Solutions CommentLuv.This issue affects CommentLuv: from n/a through 3.0.4. | |||||
| CVE-2023-50266 | 1 Bazarr | 1 Bazarr | 2023-12-19 | N/A | 5.3 MEDIUM |
| Bazarr manages and downloads subtitles. In version 1.2.4, the proxy method in bazarr/bazarr/app/ui.py does not validate the user-controlled protocol and url variables and passes them to requests.get() without any sanitization, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting GET requests to internal and external resources on behalf of the server. 1.3.1 contains a partial fix, which limits the vulnerability to HTTP/HTTPS protocols. | |||||
| CVE-2023-47619 | 1 Audiobookshelf | 1 Audiobookshelf | 2023-12-19 | N/A | 6.5 MEDIUM |
| Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of time of publication, no patches are available. | |||||
| CVE-2023-6570 | 1 Kubeflow | 1 Kubeflow | 2023-12-18 | N/A | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) in kubeflow/kubeflow | |||||
| CVE-2023-49795 | 1 Mindsdb | 1 Mindsdb | 2023-12-14 | N/A | 5.3 MEDIUM |
| MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in `file.py`. This can lead to limited information disclosure. Users should use MindsDB's `staging` branch or v23.11.4.1, which contain a fix for the issue. | |||||
| CVE-2023-49799 | 1 Johannschopplich | 1 Nuxt Api Party | 2023-12-13 | N/A | 7.5 HIGH |
| `nuxt-api-party` is an open source module to proxy API requests. nuxt-api-party attempts to check if the user has passed an absolute URL to prevent the aforementioned attack. This has been recently changed to use the regular expression `^https?://`, however this regular expression can be bypassed by an absolute URL with leading whitespace. For example `\nhttps://whatever.com` which has a leading newline. According to the fetch specification, before a fetch is made the URL is normalized. "To normalize a byte sequence potentialValue, remove any leading and trailing HTTP whitespace bytes from potentialValue.". This means the final request will be normalized to `https://whatever.com` bypassing the check and nuxt-api-party will send a request outside of the whitelist. This could allow us to leak credentials or perform Server-Side Request Forgery (SSRF). This vulnerability has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should revert to the previous method of detecting absolute URLs. | |||||
| CVE-2023-46641 | 1 Code4recovery | 1 12 Step Meeting List | 2023-12-12 | N/A | 5.4 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.24. | |||||
| CVE-2022-45362 | 1 Paytm | 1 Payment Gateway | 2023-12-12 | N/A | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Payment Gateway.This issue affects Paytm Payment Gateway: from n/a through 2.7.0. | |||||