ReportizFlow
Filtered by vendor
Subscriptions
Total
1338 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29415 | 1 Redhat | 1 Openshift Devspaces | 2024-11-21 | 8.1 High |
| The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282. | ||||
| CVE-2024-29319 | 1 Personal-management-system | 1 Personal Management System | 2024-11-21 | 9.8 Critical |
| Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server Side Request Forgery) via uploading a SVG file. The server can make unintended HTTP and DNS requests to a server that the attacker controls. | ||||
| CVE-2024-29190 | 2024-11-21 | 7.5 High | ||
| Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in `android:host`, so requests can also be sent to local hostnames. This can lead to server-side request forgery. An attacker can cause the server to make a connection to internal-only services within the organization's infrastructure. Commit 5a8eeee73c5f504a6c3abdf2a139a13804efdb77 has a hotfix for this issue. | ||||
| CVE-2024-29173 | 2024-11-21 | 6.8 Medium | ||
| Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client. | ||||
| CVE-2024-29090 | 2024-11-21 | 6.8 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4. | ||||
| CVE-2024-29035 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | 4.1 Medium |
| Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This vulnerability is fixed in 13.1.1. | ||||
| CVE-2024-29030 | 2024-11-21 | 5.8 Medium | ||
| memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. Version 0.22.0 of memos removes the vulnerable file. | ||||
| CVE-2024-29028 | 2024-11-21 | 5.8 Medium | ||
| memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1. | ||||
| CVE-2024-29021 | 2024-11-21 | 9.1 Critical | ||
| Judge0 is an open-source online code execution system. The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery (SSRF). This allows an attacker with sufficient access to the Judge0 API to obtain unsandboxed code execution as root on the target machine. This vulnerability is fixed in 1.13.1. | ||||
| CVE-2024-29007 | 1 Apache | 1 Cloudstack | 2024-11-21 | 7.3 High |
| The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue. | ||||
| CVE-2024-28752 | 3 Apache, Netapp, Redhat | 8 Cxf, Oncommand Workflow Automation, Apache Camel Spring Boot and 5 more | 2024-11-21 | 9.3 Critical |
| A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted. | ||||
| CVE-2024-28435 | 2024-11-21 | 5.4 Medium | ||
| The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload. | ||||
| CVE-2024-27949 | 2024-11-21 | 5.4 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in sirv.Com Image Optimizer, Resizer and CDN – Sirv.This issue affects Image Optimizer, Resizer and CDN – Sirv: from n/a through 7.2.0. | ||||
| CVE-2024-27927 | 2024-11-21 | 6.5 Medium | ||
| RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks. The attacker can send malicious requests to a RSSHub server, to make the server send HTTP GET requests to arbitrary destinations and see partial responses. This may lead to leak the server IP address, which could be hidden behind a CDN; retrieving information in the internal network, e.g. which addresses/ports are accessible, the titles and meta descriptions of HTML pages; and denial of service amplification. The attacker could request the server to download some large files, or chain several SSRF requests in a single attacker request. | ||||
| CVE-2024-27898 | 2024-11-21 | 5.3 Medium | ||
| SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. Thus, having a low impact on confidentiality. | ||||
| CVE-2024-27775 | 2024-11-21 | 7.2 High | ||
| SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2 hash | ||||
| CVE-2024-27707 | 2024-11-21 | 4.3 Medium | ||
| Server Side Request Forgery (SSRF) vulnerability in hcengineering Huly Platform v.0.6.202 allows attackers to run arbitrary code via upload of crafted SVG file. | ||||
| CVE-2024-27620 | 1 Everywall | 1 Ladder | 2024-11-21 | 7.5 High |
| An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to obtain sensitive information via a crafted request to the API. | ||||
| CVE-2024-27565 | 2024-11-21 | 9.8 Critical | ||
| A Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-personal commit a0857f6 allows attackers to force the application to make arbitrary requests. | ||||
| CVE-2024-27564 | 2024-11-21 | 6.5 Medium | ||
| A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter. | ||||