• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-918

CVE-2022-24333

February 23, 2023 by

In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.

CVE-2022-24129

February 23, 2023 by

The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary third-party HTTP services.

CVE-2022-23668

February 23, 2023 by

A remote authenticated server-side request forgery (ssrf) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manage that address this security vulnerability.

CVE-2022-23644

February 23, 2023 by

BookWyrm is a decentralized social network for tracking reading habits and reviewing books. The functionality to load a cover via url is vulnerable to a server-side request forgery attack. Any BookWyrm instance running a version prior to v0.3.0 is susceptible to attack from a logged-in user. The problem has been patched and administrators should upgrade to version 0.3.0 As a workaround, BookWyrm instances can close registration and limit members to trusted individuals.

CVE-2022-2352

February 23, 2023 by

The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example.

CVE-2022-23544

February 23, 2023 by

MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in `IssueProxyResourceService::getMdImageByUrl` allows an attacker to access internal resources, as well as executing JavaScript code in the context of Metersphere’s origin by a victim of a reflected XSS. This vulnerability has been fixed in v2.5.0. There are no known workarounds.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 102
  • Go to page 103
  • Go to page 104
  • Go to page 105
  • Go to page 106
  • Interim pages omitted …
  • Go to page 114
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE