Total
1521 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-32812 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-03-19 | N/A | 5.4 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.11. | |||||
| CVE-2021-33926 | 1 Plone | 1 Plone | 2025-03-19 | N/A | 8.8 HIGH |
| An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet. | |||||
| CVE-2024-23788 | 1 Sharp | 4 Jh-rv11, Jh-rv11 Firmware, Jh-rvb1 and 1 more | 2025-03-19 | N/A | 8.1 HIGH |
| Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product. | |||||
| CVE-2024-47222 | 1 Myoffice | 1 My Office Sdk | 2025-03-18 | N/A | 9.8 CRITICAL |
| New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol. | |||||
| CVE-2024-47049 | 1 Czim | 1 File-handling | 2025-03-18 | N/A | 8.2 HIGH |
| The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files. | |||||
| CVE-2022-35583 | 1 Wkhtmltopdf | 1 Wkhtmltopdf | 2025-03-18 | N/A | 9.8 CRITICAL |
| wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. This allows the attacker to takeover the whole infrastructure by accessing their internal assets. | |||||
| CVE-2024-49822 | 2025-03-18 | N/A | 4.1 MEDIUM | ||
| IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2022-37938 | 1 Hpe | 1 Serviceguard For Linux | 2025-03-17 | N/A | 9.8 CRITICAL |
| Unauthenticated server side request forgery in HPE Serviceguard Manager | |||||
| CVE-2025-22474 | 2025-03-17 | N/A | 6.8 MEDIUM | ||
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery. | |||||
| CVE-2025-1211 | 2025-03-16 | N/A | 6.5 MEDIUM | ||
| Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://127.0.0.1?@127.2.2.2/, the URI function will parse and see the host as 127.0.0.1 (which is correct), and hackney will refer the host as 127.2.2.2/. This vulnerability can be exploited when users rely on the URL function for host checking. | |||||
| CVE-2025-25065 | 2025-03-13 | N/A | 5.3 MEDIUM | ||
| SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints. | |||||
| CVE-2024-45206 | 2025-03-13 | N/A | 6.5 MEDIUM | ||
| A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources. | |||||
| CVE-2024-13904 | 1 Platformly | 1 Platform.ly For Woocommerce | 2025-03-13 | N/A | 5.3 MEDIUM |
| The Platform.ly for WooCommerce plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.6 via the 'hooks' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
| CVE-2024-25864 | 2025-03-13 | N/A | 9.1 CRITICAL | ||
| Server Side Request Forgery (SSRF) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the fpostit.php component. | |||||
| CVE-2024-36448 | 1 Apache | 1 Iotdb Workbench | 2025-03-13 | N/A | 7.3 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench. This issue affects Apache IoTDB Workbench: from 0.13.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-21975 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2025-03-12 | 5.0 MEDIUM | 7.5 HIGH |
| Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. | |||||
| CVE-2024-13905 | 1 Sainwp | 1 Onestore Sites | 2025-03-12 | N/A | 5.3 MEDIUM |
| The OneStore Sites plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.1.1 via the class-export.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
| CVE-2024-13924 | 1 Fancywp | 1 Starter Templates | 2025-03-12 | N/A | 5.3 MEDIUM |
| The Starter Templates by FancyWP plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.0.0 via the 'http_request_host_is_external' filter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
| CVE-2022-4492 | 1 Redhat | 10 Build Of Quarkus, Integration Camel For Spring Boot, Integration Camel K and 7 more | 2025-03-12 | N/A | 7.5 HIGH |
| The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol. | |||||
| CVE-2024-13907 | 1 Boldgrid | 1 Total Upkeep | 2025-03-11 | N/A | 4.9 MEDIUM |
| The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the 'download' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||