• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-918

CVE-2021-28060

February 23, 2023 by

A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php.

CVE-2021-27905

February 23, 2023 by

The ReplicationHandler (normally registered at “/replication” under a Solr core) in Apache Solr has a “masterUrl” (also “leaderUrl” alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the “shards” parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.

CVE-2021-27670

February 23, 2023 by

Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.

CVE-2021-27693

February 23, 2023 by

Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage.

CVE-2021-27738

February 23, 2023 by

All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator. For endpoints accepting node details in HTTP message body, unauthenticated (but limited) server-side request forgery (SSRF) can be achieved. This issue affects Apache Kylin Apache Kylin 3 versions prior to 3.1.2.

CVE-2021-27561

February 23, 2023 by

Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 69
  • Go to page 70
  • Go to page 71
  • Go to page 72
  • Go to page 73
  • Interim pages omitted …
  • Go to page 114
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE