Total
1167 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25753 | 1 Apache | 1 Shenyu | 2023-10-25 | N/A | 6.5 MEDIUM |
| There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter. Of particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing. This issue affects Apache ShenYu: 2.5.1. Upgrade to Apache ShenYu 2.6.0 or apply patch https://github.com/apache/shenyu/pull/4776 . | |||||
| CVE-2023-46229 | 1 Langchain | 1 Langchain | 2023-10-25 | N/A | 8.8 HIGH |
| LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server. | |||||
| CVE-2023-45660 | 1 Nextcloud | 1 Mail | 2023-10-20 | N/A | 4.3 MEDIUM |
| Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-24515 | 1 Pandorafms | 1 Pandora Fms | 2023-10-18 | N/A | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https scheme, the application allows other scheme such as file, which could allow a malicious user to fetch internal file content. This issue affects Pandora FMS v767 version and prior versions on all platforms. | |||||
| CVE-2023-5572 | 1 Vrite | 1 Vrite | 2023-10-17 | N/A | 9.8 CRITICAL |
| Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite prior to 0.3.0. | |||||
| CVE-2023-42477 | 1 Sap | 1 Netweaver Application Server Java | 2023-10-16 | N/A | 6.5 MEDIUM |
| SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application. | |||||
| CVE-2023-26366 | 1 Adobe | 2 Commerce, Magento | 2023-10-14 | N/A | 6.8 MEDIUM |
| Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application's path boundary. | |||||
| CVE-2023-44384 | 1 Discourse | 1 Discourse Jira | 2023-10-11 | N/A | 4.1 MEDIUM |
| Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the `discourse_jira_verbose_log` site setting. A moderator user could manipulate the request path to the Jira API, allowing them to perform arbitrary GET requests using the Jira API credentials, potentially with elevated permissions, used by the application. | |||||
| CVE-2023-44469 | 1 Lemonldap-ng | 1 Lemonldap\ | 2023-10-08 | N/A | 4.3 MEDIUM |
| A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770. | |||||
| CVE-2023-3744 | 1 Slims | 1 Senayan Library Management System | 2023-10-04 | N/A | 8.8 HIGH |
| Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter. | |||||
| CVE-2021-24371 | 1 Carrcommunications | 1 Rsvpmaker | 2023-09-30 | 4.0 MEDIUM | 2.7 LOW |
| The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack. | |||||
| CVE-2023-41449 | 1 Phpkobo | 1 Ajaxnewsticker | 2023-09-28 | N/A | 9.8 CRITICAL |
| An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. | |||||
| CVE-2020-24147 | 1 Xylusthemes | 1 Wp Smart Import | 2023-09-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.0 for WordPress via the file field. | |||||
| CVE-2023-42812 | 1 Galaxyproject | 1 Galaxy | 2023-09-25 | N/A | 4.3 MEDIUM |
| Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a patch for this issue. | |||||
| CVE-2023-42398 | 1 Zzcms | 1 Zzcms | 2023-09-20 | N/A | 9.8 CRITICAL |
| An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php. | |||||
| CVE-2023-4878 | 1 Instantcms | 1 Instantcms | 2023-09-19 | N/A | 5.4 MEDIUM |
| Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | |||||
| CVE-2022-24568 | 1 Xxyopen | 1 Novel-plus | 2023-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user-supplied crafted input. | |||||
| CVE-2023-39967 | 1 Wiremock | 1 Studio | 2023-09-13 | N/A | 10.0 CRITICAL |
| WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via “TestRequester” functionality, webhooks and the proxy mode. As we can control HTTP Method, HTTP Headers, HTTP Data, it allows sending requests with the default level of credentials for the WireMock instance. The vendor has discontinued the affected Wiremock studio product and there will be no fix. Users are advised to find alternatives. | |||||
| CVE-2023-41327 | 1 Wiremock | 2 Studio, Wiremock | 2023-09-12 | N/A | 5.4 MEDIUM |
| WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying (and therefore recording) to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhooks Extension 3.0.0-beta-15, the filtering of target addresses from the proxy mode DID NOT work for Webhooks, so the users were potentially vulnerable regardless of the `limitProxyTargets` settings. Via the WireMock webhooks configuration, POST requests from a webhook might be forwarded to an arbitrary service reachable from WireMock’s instance. For example, If someone is running the WireMock docker Container inside a private cluster, they can trigger internal POST requests against unsecured APIs or even against secure ones by passing a token, discovered using another exploit, via authentication headers. This issue has been addressed in versions 2.35.1 and 3.0.3 of wiremock. Wiremock studio has been discontinued and will not see a fix. Users unable to upgrade should use external firewall rules to define the list of permitted destinations. | |||||
| CVE-2023-41937 | 1 Jenkins | 1 Bitbucket Push And Pull Request | 2023-09-11 | N/A | 7.5 HIGH |
| Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (both inclusive) trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials stored in Jenkins by sending a crafted webhook payload. | |||||