ReportizFlow
Filtered by vendor
Subscriptions
Total
1333 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1725 | 1 Infoline-tr | 1 Project Management System | 2024-11-21 | 9.8 Critical |
| Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System allows Server Side Request Forgery.This issue affects Project Management System: before 4.09.31.125. | ||||
| CVE-2023-1634 | 1 Otcms | 1 Otcms | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the function UseCurl of the file /admin/info_deal.php of the component URL Parameter Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224016. | ||||
| CVE-2023-1046 | 1 Muyucms | 1 Muyucms | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical has been found in MuYuCMS 2.2. This affects an unknown part of the file /admin.php/update/getFile.html. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221805 was assigned to this vulnerability. | ||||
| CVE-2023-0574 | 1 Yugabyte | 1 Yugabytedb Managed | 2024-11-21 | 6.8 Medium |
| Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0.0.0 through 2.13.0.0 | ||||
| CVE-2022-4725 | 1 Amazon | 1 Aws Software Development Kit | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 is able to address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability. | ||||
| CVE-2022-4335 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host. | ||||
| CVE-2022-4201 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 Low |
| A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner. | ||||
| CVE-2022-4130 | 1 Redhat | 2 Satellite, Satellite Capsule | 2024-11-21 | 4.5 Medium |
| A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server. | ||||
| CVE-2022-4096 | 1 Appsmith | 1 Appsmith | 2024-11-21 | 6.5 Medium |
| Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2. | ||||
| CVE-2022-48477 | 1 Jetbrains | 1 Hub | 2024-11-21 | 4.1 Medium |
| In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing | ||||
| CVE-2022-48321 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 6.8 Medium |
| Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API. | ||||
| CVE-2022-47872 | 1 Maccms | 1 Maccms | 2024-11-21 | 8.8 High |
| A Server-Side Request Forgery (SSRF) in maccms10 v2021.1000.2000 allows attackers to force the application to make arbitrary requests via a crafted payload injected into the Name parameter under the Interface address module. | ||||
| CVE-2022-47635 | 1 Wildix | 1 Wms | 2024-11-21 | 9.8 Critical |
| Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23 allows Server-side request forgery (SSRF) via ZohoClient.php. | ||||
| CVE-2022-46998 | 1 Taogogo | 1 Taocms | 2024-11-21 | 9.8 Critical |
| An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF). | ||||
| CVE-2022-46973 | 1 Anji-plus | 1 Aj-report | 2024-11-21 | 9.8 Critical |
| Report v0.9.8.6 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability. | ||||
| CVE-2022-46830 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.1 Medium |
| In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning. | ||||
| CVE-2022-46364 | 2 Apache, Redhat | 10 Cxf, Camel Spring Boot, Jboss Enterprise Application Platform and 7 more | 2024-11-21 | 9.8 Critical |
| A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. | ||||
| CVE-2022-45926 | 1 Opentext | 1 Opentext Extended Ecm | 2024-11-21 | 8.8 High |
| An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports. | ||||
| CVE-2022-45835 | 1 Phonepe | 1 Phonepe | 2024-11-21 | 5.8 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15. | ||||
| CVE-2022-45429 | 1 Dahuasecurity | 8 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 5 more | 2024-11-21 | 7.5 High |
| Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules. | ||||