SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type of code injection can occur.
A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php
** UNSUPPORTED WHEN ASSIGNED ** Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench.
This issue affects Apache IoTDB Workbench: from 0.13.0.
As this project is retired, we do
A server-side request forgery (SSRF) vulnerability exist in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 20
Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.16.
Users are recommended t
ntfy before 2.22.0 allows SSRF because of an unanchored regular expression.
There is an SSRF vulnerability in the Fluid Topics platform that affects versions prior to 4.3, where the server can be forced to make arbitrary requests to internal and external resources by an authe
A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies i
A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker to obtain sensitive information, resulting in an information disclosure.
Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery.
MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download.
Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery (SSRF) attack.
Af
I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php
A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB
CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint.
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can
Server-Side Request Forgery (SSRF) vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 6.0.4.
Firecrawl turns entire websites into LLM-ready markdown or structured data. Prior to version 2.0.1, a server-side request forgery (SSRF) vulnerability was discovered in Firecrawl's webhook functionali
An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Sid
Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements.
Previously, StreamPipes allowed users to configure custom endpoints from which
Page 1+ Next →