Security
Headlines
HeadlinesLatestCVEs

Tag

#ssrf

CVE-2021-34627: Vulnerability Advisories - Wordfence

A vulnerability in the getSelectedMimeTypesByRole function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to view custom extensions added by administrators. This issue affects versions 2.2.3 and prior.

CVE
Open in Source
#sql#xss#csrf#vulnerability#web#windows#google#amazon#apache#js#git#java#wordpress#php#rce#perl#ssrf#auth#sap
CVE-2021-34626: Vulnerability Advisories - Wordfence

A vulnerability in the deleteCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to delete custom extensions added by administrators. This issue affects versions 2.2.3 and prior.

CVE-2021-21672: Jenkins Security Advisory 2021-06-30

Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVE-2021-32823: GitLab Security Release: 13.12.2, 13.11.5, and 13.10.5

In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit<N>. In combination with <user_input>.constantize there is a potential for a CPU-based DoS. In version 2.4.10 bindata improved the creation time of Bits and Integers.

CVE-2021-32682: Merge pull request from GHSA-wph3-44rj-92pr · Studio-42/elFinder@a106c35

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.

CVE-2021-25640

In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.

CVE-2021-21652: Jenkins Security Advisory 2021-05-11

A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE-2021-30005: JetBrains Security Bulletin Q1 2021 | JetBrains News

In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS.

CVE-2021-21644: Jenkins Security Advisory 2021-04-21

A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID.

CVE-2021-26072: [CONFSERVER-61399] Blind SSRF in widgetConnector - CVE-2021-26072

The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability.