Export limit exceeded: 21427 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 43018 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3094 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-2055 | 1 Github | 1 Github | 2025-04-11 | 7.5 High |
| GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability. | ||||
| CVE-2010-1637 | 4 Apple, Fedoraproject, Redhat and 1 more | 8 Mac Os X, Mac Os X Server, Fedora and 5 more | 2025-04-11 | 6.5 Medium |
| The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. | ||||
| CVE-2013-4221 | 2 Redhat, Restlet | 6 Fuse Esb Enterprise, Fuse Management Console, Fuse Mq Enterprise and 3 more | 2025-04-11 | N/A |
| The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML. | ||||
| CVE-2023-49785 | 1 Nextchat | 1 Nextchat | 2025-04-10 | 9.1 Critical |
| NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using HTTP POST, PUT, and other methods. Attackers can also use this vulnerability to mask their source IP by forwarding malicious traffic intended for other Internet targets through these open proxies. As of time of publication, no patch is available, but other mitigation strategies are available. Users may avoid exposing the application to the public internet or, if exposing the application to the internet, ensure it is an isolated network with no access to any other internal resources. | ||||
| CVE-2024-1965 | 1 Haivision | 4 Aviwest Manager, Aviwest Streamhub, Maanager and 1 more | 2025-04-10 | 6.5 Medium |
| Server-Side Request Forgery vulnerability in Haivision's Aviwest Manager and Aviwest Steamhub. This vulnerability could allow an attacker to enumerate internal network configuration without the need for credentials. An attacker could compromise an internal server and retrieve requests sent by other users. | ||||
| CVE-2024-6784 | 1 Abb | 41 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 38 more | 2025-04-10 | 9.9 Critical |
| Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||||
| CVE-2025-25785 | 1 Jizhicms | 1 Jizhicms | 2025-04-10 | 9.1 Critical |
| JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \c\PluginsController.php. This vulnerability allows attackers to perform an intranet scan via a crafted request. | ||||
| CVE-2024-57767 | 1 Wangl1989 | 1 Mysiteforme | 2025-04-10 | 8.6 High |
| MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download. | ||||
| CVE-2022-39039 | 1 Aenrich | 1 A\+hrd | 2025-04-10 | 9.8 Critical |
| aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTP(s) request to launch Server-Side Request Forgery (SSRF) attack, to perform arbitrary system command or disrupt service. | ||||
| CVE-2021-29102 | 1 Esri | 1 Arcgis Server | 2025-04-10 | 9.1 Critical |
| A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote, unauthenticated attacker to forge GET requests to arbitrary URLs from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2022-38187 | 1 Esri | 1 Portal For Arcgis | 2025-04-10 | 7.5 High |
| Prior to version 10.9.0, the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users, which could allow an unauthenticated attacker to induce Esri Portal for ArcGIS to read arbitrary URLs. | ||||
| CVE-2022-38203 | 1 Esri | 1 Portal For Arcgis | 2025-04-10 | 7.5 High |
| Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38212. | ||||
| CVE-2022-38211 | 1 Esri | 1 Portal For Arcgis | 2025-04-10 | 7.5 High |
| Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.9.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38212. | ||||
| CVE-2022-38212 | 1 Esri | 1 Portal For Arcgis | 2025-04-10 | 7.5 High |
| Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38203. | ||||
| CVE-2024-2537 | 1 Logitech | 1 Logi Tune | 2025-04-09 | 4.4 Medium |
| Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion. | ||||
| CVE-2022-3841 | 1 Redhat | 2 Acm, Advanced Cluster Management For Kubernetes | 2025-04-09 | 7.8 High |
| RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauthenticated users making requests. | ||||
| CVE-2025-25760 | 1 Sucms Project | 1 Sucms | 2025-04-09 | 7.5 High |
| A Server-Side Request Forgery (SSRF) in the component admin_webgather.php of SUCMS v1.0 allows attackers to access internal data and services via a crafted GET request. | ||||
| CVE-2008-1526 | 1 Zyxel | 38 P-660h-61, P-660h-61 Firmware, P-660h-63 and 35 more | 2025-04-09 | 7.5 High |
| ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords. | ||||
| CVE-2006-7079 | 1 Exv2 | 1 Content Management System | 2025-04-09 | 9.8 Critical |
| Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable. | ||||
| CVE-2008-5024 | 4 Canonical, Debian, Mozilla and 1 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2025-04-09 | N/A |
| Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. | ||||