The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of the host running the instance and obtain sensitive files.
A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.
Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, attackers are able to bypass Discourse's server-side request forgery (SSRF) protection for private IPv4 addresses by using a IPv4-mapped IPv6 address. The issue is patched in the latest beta and tests-passed version of Discourse. version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
XML external entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on-premise customers.
Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker.
OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. OWSLib's XML parser (which supports both `lxml` and `xml.etree`) does not disable entity resolution, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase. This issue has been addressed in version 0.28.1. All users are advised to upgrade. The only known workaround is to patch the library manually. See `GHSA-8h9c-r582-mggc` for details.
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.
Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.
Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery (SSRF) when importing a file from a remote web server (POST to `/files/import`). An attacker can bypass the security controls by performing a DNS rebinding attack and view sensitive data from internal servers or perform a local port scan. An attacker can exploit this vulnerability to access highly sensitive internal server(s) and steal sensitive information. This issue was fixed in version 9.23.0.
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access.
Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Server Side Request Forgery (SSRF). TThe Reporting Designer (Web) offers the possibility to embed sources from external locations. If the user chooses an external location, the request to that resource is performed by the server rather than the client. Therefore, the server causes outbound traffic and potentially imports data. An attacker may also leverage this behaviour to exfiltrate data of machines on the internal network of the server hosting the Stimulsoft Reporting Designer (Web).
DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store (GMS). It has been discovered that the proxy does not adequately construct the URL when forwarding data to GMS, allowing external users to reroute requests from the DataHub Frontend to any arbitrary hosts. As a result attackers may be able to reroute a request from originating from the frontend proxy to any other server and return the result. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-076.
Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier, GX Works2 Ver. 1.586L and earlier, GX Works3 Ver. 1.058L and earlier, M_CommDTM-HART Ver. 1.00A, M_CommDTM-IO-Link Ver. 1.02C and earlier, MELFA-Works Ver. 4.3 and earlier, MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator Ver. 2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2 Ver. 1.156N and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver. 1.50C and earlier) allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors.
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590.
SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged inquests.
An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability in the background collection management that allows arbitrary file read.
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials.
JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.
An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows an attacker to read local files on the server.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D 16.5. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getNews method. Due to the improper restriction of XML External Entity (XXE) references, a specially-crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-11103.
An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure.
An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can use this to request any URL via a GET request from the network interface of the server. This may lead to disclosure of information from intranet systems.
SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet.
In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative access on the web administrative interface.
YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function.
An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files.
Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503.
A server side request forgery (SSRF) vulnerability in /ApiAdminDomainSettings.php of MipCMS 5.0.1 allows attackers to access sensitive information.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the improper restriction of XML External Entity (XXE) references, a specially-crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-10801.
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Reporter_ImportLicense class. Due to the improper restriction of XML External Entity (XXE) references, a specially crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose file contents in the context of SYSTEM. Was ZDI-CAN-10710.
An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources.
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files.
`nuxt-api-party` is an open source module to proxy API requests. nuxt-api-party attempts to check if the user has passed an absolute URL to prevent the aforementioned attack. This has been recently changed to use the regular expression `^https?://`, however this regular expression can be bypassed by an absolute URL with leading whitespace. For example `\nhttps://whatever.com` which has a leading newline. According to the fetch specification, before a fetch is made the URL is normalized. "To normalize a byte sequence potentialValue, remove any leading and trailing HTTP whitespace bytes from potentialValue.". This means the final request will be normalized to `https://whatever.com` bypassing the check and nuxt-api-party will send a request outside of the whitelist. This could allow us to leak credentials or perform Server-Side Request Forgery (SSRF). This vulnerability has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should revert to the previous method of detecting absolute URLs.
blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured.
XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.
Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15.
CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).
Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules.
RSSHub is an open source RSS feed generator. RSSHub is vulnerable to Server-Side Request Forgery (SSRF) attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. An attacker can exploit this vulnerability by sending a request to the affected routes with a malicious URL. An attacker could also use this vulnerability to send requests to internal or any other servers or resources on the network, potentially gain access to sensitive information that would not normally be accessible and amplifying the impact of the attack. The patch for this issue can be found in commit a66cbcf.
Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Edition before version 20.3 and Intel(R) Quartus(R) Prime Standard Edition before version 20.2 may allow unauthenticated user to potentially enable information disclosure via network access.
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.
CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE.
Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API.
A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables the attacker to access sensitive files and data. This vulnerability has a high impact on the application's confidentiality, with no effect on integrity and availability of the application.
Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) in `model_download.py` (line 195 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the server itself or on other back-end systems on the internal network, that the Applio server can reach. The blind SSRF can also be coupled with a arbitrary file read (e.g., CVE-2025-27784) to read files from hosts on the internal network, that the Applio server can reach, which would make it a full SSRF. As of time of publication, no known patches are available.