Total
1165 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36427 | 2024-09-27 | N/A | 8.1 HIGH | ||
| The file-serving function in TARGIT Decision Suite before 24.06.19002 (TARGIT Decision Suite 2024 – June) allows authenticated attackers to read or write to server files via a crafted file request. This can allow code execution via a .xview file. | |||||
| CVE-2024-45843 | 1 Mattermost | 1 Mattermost Server | 2024-09-26 | N/A | 5.4 MEDIUM |
| Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to possibly cause an SSRF if Mattermost was deployed in Oracle Cloud or Alibaba. | |||||
| CVE-2024-40441 | 2024-09-26 | N/A | 6.6 MEDIUM | ||
| An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via the model_attribs parameter. | |||||
| CVE-2024-43989 | 2024-09-26 | N/A | 7.5 HIGH | ||
| Server-Side Request Forgery (SSRF) vulnerability in Firsh Justified Image Grid allows Server Side Request Forgery.This issue affects Justified Image Grid: from n/a through 4.6.1. | |||||
| CVE-2024-38183 | 1 Microsoft | 1 Groupme | 2024-09-25 | N/A | 8.8 HIGH |
| An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link. | |||||
| CVE-2024-44677 | 1 Eladmin | 1 Eladmin | 2024-09-25 | N/A | 9.8 CRITICAL |
| eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component. | |||||
| CVE-2024-3149 | 1 Mintplexlabs | 1 Anythingllm | 2024-09-24 | N/A | 8.8 HIGH |
| A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by hosting a malicious website and using it to perform actions such as internal port scanning, accessing internal web applications not exposed externally, and interacting with the Collector API. This interaction can lead to unauthorized actions such as arbitrary file deletion and limited Local File Inclusion (LFI), including accessing NGINX access logs which may contain sensitive information. | |||||
| CVE-2024-5186 | 1 Zylon | 1 Privategpt | 2024-09-24 | N/A | 8.6 HIGH |
| A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information. Specifically, by manipulating the 'path' parameter in a file upload request, an attacker can cause the application to make arbitrary requests to internal services, including the AWS metadata endpoint. This issue could lead to the exposure of internal servers and sensitive data. | |||||
| CVE-2024-6587 | 1 Litellm | 1 Litellm | 2024-09-20 | N/A | 7.5 HIGH |
| A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the `api_base` parameter when making requests to `POST /chat/completions`, causing the application to send the request to the domain specified by `api_base`. This request includes the OpenAI API key. A malicious user can set the `api_base` to their own domain and intercept the OpenAI API key, leading to unauthorized access and potential misuse of the API key. | |||||
| CVE-2022-25777 | 2024-09-20 | N/A | 6.5 MEDIUM | ||
| Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability. | |||||
| CVE-2024-42352 | 1 Nuxt | 1 Nuxt | 2024-09-19 | N/A | 7.5 HIGH |
| Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. `nuxt/icon` provides an API to allow client side icon lookup. This endpoint is at `/api/_nuxt_icon/[name]`. The proxied request path is improperly parsed, allowing an attacker to change the scheme and host of the request. This leads to SSRF, and could potentially lead to sensitive data exposure. The `new URL` constructor is used to parse the final path. This constructor can be passed a relative scheme or path in order to change the host the request is sent to. This constructor is also very tolerant of poorly formatted URLs. As a result we can pass a path prefixed with the string `http:`. This has the effect of changing the scheme to HTTP. We can then subsequently pass a new host, for example `http:127.0.0.1:8080`. This would allow us to send requests to a local server. This issue has been addressed in release version 1.4.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2021-38132 | 1 Microfocus | 1 Edirectory | 2024-09-18 | N/A | 9.8 CRITICAL |
| Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000. | |||||
| CVE-2024-37157 | 1 Discourse | 1 Discourse | 2024-09-18 | N/A | 5.3 MEDIUM |
| Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, a malicious actor could get the FastImage library to redirect requests to an internal Discourse IP. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. No known workarounds are available. | |||||
| CVE-2024-8635 | 1 Gitlab | 1 Gitlab | 2024-09-14 | N/A | 6.5 MEDIUM |
| A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy URL | |||||
| CVE-2023-45966 | 1 Remark42 | 1 Remark42 | 2024-09-12 | N/A | 7.5 HIGH |
| umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability. | |||||
| CVE-2024-41737 | 1 Sap | 1 Crm Abap Insights Management | 2024-09-12 | N/A | 5.0 MEDIUM |
| SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application. | |||||
| CVE-2024-22217 | 1 Terminalfour | 1 Terminalfour | 2024-09-11 | N/A | 6.5 MEDIUM |
| A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the server that Terminalfour runs on. | |||||
| CVE-2023-37230 | 2024-09-10 | N/A | 8.8 HIGH | ||
| Loftware Spectrum (testDeviceConnection) before 5.1 allows SSRF. | |||||
| CVE-2023-37229 | 2024-09-10 | N/A | 8.8 HIGH | ||
| Loftware Spectrum before 5.1 allows SSRF. | |||||
| CVE-2023-46502 | 1 Opencrx | 1 Opencrx | 2024-09-09 | N/A | 9.8 CRITICAL |
| An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory. | |||||