Loftware Spectrum before 5.1 allows SSRF.
Loftware Spectrum (testDeviceConnection) before 5.1 allows SSRF.
Loftware Spectrum through 4.6 has unprotected JMX Registry.
Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function.
Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password.
Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks.
Oxide control plane software before 5 allows SSRF.
Loftware Spectrum through 4.6 exposes Sensitive Information (Logs) to an Unauthorized Actor.
Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF.
Akamai CloudTest before 60 2025.06.09 (12989) allows SSRF.
SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type of code injection can occur.
Northern.tech Hosted Mender before 2024.07.11 allows SSRF.
Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API.
In JetBrains TeamCity before 2026.1,
2025.11.5 unauthenticated SSRF via build status was possible
FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service ('webs') fails to enforce maximum lengths for
SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0.
Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.
AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials.
ntfy before 2.22.0 allows SSRF because of an unanchored regular expression.
DevExpress before 23.1.3 allows AsyncDownloader SSRF.
CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=telnetSocket request to the /WebInterface/function/ URI.
Page 1+ Next →