Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ssrf vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-23718
The package ssrf-agent prior to 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. It fails to properly validate if the IP requested is private.
Ssrf-agent Project Ssrf-agent
383
VMScore
CVE-2015-5255
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x prior to 3.0.0.354175, 3.1.x prior to 3.1.0.354180, 4.5.x prior to 4.5.1.354177, 4.6.2.x prior to 4.6.2.354178, and 4.7.x prior to 4.7.0.354178, allows remote malicio...
Hp Xp7 Command View Advanced Edition -
Hp Xp P9000 Command View Advanced Edition -
Adobe Coldfusion
Adobe Livecycle Data Services 4.6
Adobe Livecycle Data Services 4.7
Adobe Livecycle Data Services 3.0
Adobe Livecycle Data Services 4.5
668
VMScore
CVE-2018-9919
A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 up to and including 2.0.8, which allows remote malicious users to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because /vendor/phpdocumentor/reflection-do...
Tp-shop Tp-shop
383
VMScore
CVE-2014-7958
Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the dbhost parameter.
Ait-pro Bulletproof Security .50.4
Ait-pro Bulletproof Security .50.3
Ait-pro Bulletproof Security .44.1
Ait-pro Bulletproof Security .44
Ait-pro Bulletproof Security .49.3
Ait-pro Bulletproof Security .49.2
Ait-pro Bulletproof Security .48.5
Ait-pro Bulletproof Security .48.4
Ait-pro Bulletproof Security .47.7
Ait-pro Bulletproof Security .47.6
Ait-pro Bulletproof Security .47.5
Ait-pro Bulletproof Security .46.8
Ait-pro Bulletproof Security .46.7
Ait-pro Bulletproof Security .46
Ait-pro Bulletproof Security .45.9
Ait-pro Bulletproof Security .50.6
Ait-pro Bulletproof Security .50.5
Ait-pro Bulletproof Security .45.1
Ait-pro Bulletproof Security .45
Ait-pro Bulletproof Security .49.5
Ait-pro Bulletproof Security .49.4
Ait-pro Bulletproof Security .48.7
578
VMScore
CVE-2014-7959
SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter.
Ait-pro Bulletproof Security .45.4
Ait-pro Bulletproof Security .45.5
Ait-pro Bulletproof Security .45.6
Ait-pro Bulletproof Security .46.3
Ait-pro Bulletproof Security .46.4
Ait-pro Bulletproof Security .47.1
Ait-pro Bulletproof Security .47.2
Ait-pro Bulletproof Security .48
Ait-pro Bulletproof Security .48.1
Ait-pro Bulletproof Security .48.8
Ait-pro Bulletproof Security .48.9
Ait-pro Bulletproof Security .49.6
Ait-pro Bulletproof Security .49.7
Ait-pro Bulletproof Security .45.2
Ait-pro Bulletproof Security .45.3
Ait-pro Bulletproof Security .50.7
Ait-pro Bulletproof Security .50.8
Ait-pro Bulletproof Security .45.9
Ait-pro Bulletproof Security .46
Ait-pro Bulletproof Security .46.7
Ait-pro Bulletproof Security .46.8
Ait-pro Bulletproof Security .47.5
NA
CVE-2023-1910
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the get_remote_templates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers wit...
Motopress Getwid - Gutenberg Blocks
445
VMScore
CVE-2014-8749
Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote malicious users to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter.
Ait-pro Bulletproof Security
NA
CVE-2023-1895
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make we...
Motopress Getwid - Gutenberg Blocks
312
VMScore
CVE-2018-13104
OX App Suite 7.8.4 and previous versions allows XSS. Internal reference: 58742 (Bug ID)
Open-xchange Open-xchange Appsuite
757
VMScore
CVE-2019-9670
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x prior to 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.
Synacor Zimbra Collaboration Suite 8.7.11
Synacor Zimbra Collaboration Suite
1 EDB exploit
7 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »