ReportizFlow
Filtered by vendor
Subscriptions
Total
1339 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34111 | 1 Adobe | 3 Commerce, Commerce Webhooks, Magento | 2024-11-21 | 6.5 Medium |
| Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.. | ||||
| CVE-2024-33864 | 2024-11-21 | 5.9 Medium | ||
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious JavaScript. | ||||
| CVE-2024-33857 | 2024-11-21 | 9.6 Critical | ||
| An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery. | ||||
| CVE-2024-33832 | 2024-11-21 | 6.3 Medium | ||
| OneNav v0.9.35-20240318 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /index.php?c=api&method=get_link_info. | ||||
| CVE-2024-33634 | 1 Piotnet | 1 Piotnet Forms | 2024-11-21 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. | ||||
| CVE-2024-33629 | 2024-11-21 | 4.4 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in Creative Motion Auto Featured Image (Auto Post Thumbnail).This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a through 4.0.0. | ||||
| CVE-2024-33627 | 2024-11-21 | 4.4 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in Cusmin Absolutely Glamorous Custom Admin.This issue affects Absolutely Glamorous Custom Admin: from n/a through 7.2.2. | ||||
| CVE-2024-33592 | 2024-11-21 | 5.4 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. | ||||
| CVE-2024-33590 | 2024-11-21 | 5 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.16.1. | ||||
| CVE-2024-33250 | 1 Ossrs | 1 Simple Realtime Server | 2024-11-21 | 7.2 High |
| An issue in Open-Source Technology Committee SRS real-time video server RS/4.0.268(Leo) and SRS/4.0.195(Leo) allows a remote attacker to execute arbitrary code via a crafted request. | ||||
| CVE-2024-32964 | 2024-11-21 | 9 Critical | ||
| Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause Server-Side Request Forgery without logging in, attack intranet services, and leak sensitive information. | ||||
| CVE-2024-32955 | 2024-11-21 | 4.9 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.43.7212. | ||||
| CVE-2024-32819 | 2024-11-21 | 4.9 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in Culqi.This issue affects Culqi: from n/a through 3.0.14. | ||||
| CVE-2024-32812 | 1 Podlove | 1 Podlove Podcast Publisher | 2024-11-21 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.11. | ||||
| CVE-2024-32803 | 2024-11-21 | 6.4 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in 2day.Sk, Webikon SuperFaktura WooCommerce.This issue affects SuperFaktura WooCommerce: from n/a through 1.40.3. | ||||
| CVE-2024-32775 | 2024-11-21 | 4.9 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in Pavex Embed Google Photos album.This issue affects Embed Google Photos album: from n/a through 2.1.9. | ||||
| CVE-2024-32718 | 2024-11-21 | 4.9 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in Webangon The Pack Elementor.This issue affects The Pack Elementor addons: from n/a through 2.0.8.2. | ||||
| CVE-2024-32454 | 2024-11-21 | 4.4 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in Wappointment Appointment Bookings for Zoom GoogleMeet and more – Wappointment.This issue affects Appointment Bookings for Zoom GoogleMeet and more – Wappointment: from n/a through 2.6.0. | ||||
| CVE-2024-32430 | 2024-11-21 | 4.4 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in ActiveCampaign.This issue affects ActiveCampaign: from n/a through 8.1.14. | ||||
| CVE-2024-32407 | 1 Inducer | 1 Relate | 2024-11-21 | 8.8 High |
| An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature. | ||||