Total
1165 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-20531 | 1 Cisco | 1 Identity Services Engine | 2024-11-20 | N/A | 6.5 MEDIUM |
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing XML input. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system or conduct an SSRF attack through the affected device. | |||||
CVE-2024-52598 | 2024-11-20 | N/A | 7.5 HIGH | ||
2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the image of a 2fa site. By abusing this functionality, it is possible to force the application to make a GET request to an arbitrary URL, whose content will be stored in an image file in the server if it looks like an image. Additionally, the library does some basic validation on the URI, attempting to filter our URIs which do not have an image extension. However, this can be easily bypassed by appending the string `#.svg` to the URI. The combination of these two issues allows an attacker to retrieve URIs accessible from the application, as long as their content type is text based. If not, the request is still sent, but the response is not reflected to the attacker. Version 5.4.1 fixes the issues. | |||||
CVE-2023-33184 | 1 Nextcloud | 1 Mail | 2024-11-20 | N/A | 5.3 MEDIUM |
Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3. | |||||
CVE-2024-10524 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. | |||||
CVE-2021-3742 | 1 Chatwoot | 1 Chatwoot | 2024-11-19 | N/A | 8.8 HIGH |
A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The vulnerability allows an attacker to upload an SVG file containing a malicious SSRF payload. When the SVG file is used as an avatar and opened in a new tab, it can trigger the SSRF, potentially leading to host redirection. | |||||
CVE-2024-47208 | 2024-11-19 | N/A | 9.8 CRITICAL | ||
Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue. | |||||
CVE-2022-0767 | 1 Janeczku | 1 Calibre-web | 2024-11-19 | 7.5 HIGH | 9.9 CRITICAL |
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. | |||||
CVE-2022-0939 | 1 Janeczku | 1 Calibre-web | 2024-11-19 | 7.5 HIGH | 9.9 CRITICAL |
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. | |||||
CVE-2022-0766 | 1 Janeczku | 1 Calibre-web | 2024-11-19 | 7.5 HIGH | 9.8 CRITICAL |
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. | |||||
CVE-2022-0339 | 1 Janeczku | 1 Calibre-web | 2024-11-19 | 7.5 HIGH | 9.8 CRITICAL |
Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16. | |||||
CVE-2022-0990 | 1 Janeczku | 1 Calibre-web | 2024-11-19 | 6.4 MEDIUM | 9.1 CRITICAL |
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. | |||||
CVE-2024-49521 | 1 Adobe | 2 Commerce, Magento | 2024-11-18 | N/A | 7.7 HIGH |
Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could result in the bypassing of security measures such as firewalls. Exploitation of this issue does not require user interaction. | |||||
CVE-2024-38472 | 2024-11-18 | N/A | 7.5 HIGH | ||
SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing. | |||||
CVE-2024-5917 | 2024-11-15 | N/A | N/A | ||
A server-side request forgery in PAN-OS software enables an unauthenticated attacker to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible. | |||||
CVE-2024-11168 | 2024-11-13 | N/A | N/A | ||
The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. | |||||
CVE-2024-30125 | 2024-11-12 | N/A | 6.2 MEDIUM | ||
HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die. | |||||
CVE-2024-47830 | 1 Plane | 1 Plane | 2024-11-12 | N/A | 5.8 MEDIUM |
Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0. | |||||
CVE-2024-29007 | 2024-11-12 | N/A | 7.3 HIGH | ||
The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue. | |||||
CVE-2024-10814 | 2024-11-12 | N/A | 6.4 MEDIUM | ||
The Code Embed plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5 via the ce_get_file() function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
CVE-2024-51785 | 2024-11-12 | N/A | 4.4 MEDIUM | ||
Server-Side Request Forgery (SSRF) vulnerability in I Thirteen Web Solution Responsive Filterable Portfolio allows Server Side Request Forgery.This issue affects Responsive Filterable Portfolio: from n/a through 1.0.22. |