Total
1819 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-50234 | 1 Chshcms | 1 Mccms | 2025-08-18 | N/A | 6.5 MEDIUM |
| MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. The pic parameter is decrypted using the sys_auth($pic, 1) function, which utilizes a hard-coded key Mc_Encryption_Key (bD2voYwPpNuJ7B8), defined in the db.php file. The decrypted URL is passed to the geturl() method, which uses cURL to make a request to the URL without proper security checks. An attacker can craft a malicious encrypted pic parameter, which, when decrypted, points to internal addresses or local file paths (such as http://127.0.0.1 or file://). By using the file:// protocol, the attacker can access arbitrary files on the local file system (e.g., file:///etc/passwd, file:///C:/Windows/System32/drivers/etc/hosts), allowing them to read sensitive configuration files, log files, and more, leading to information leakage or system exposure. The danger of this SSRF vulnerability includes accessing internal services and local file systems through protocols like http://, ftp://, and file://, which can result in sensitive data leakage, remote code execution, privilege escalation, or full system compromise, severely affecting the system's security and stability. | |||||
| CVE-2025-55150 | 1 Stirlingpdf | 1 Stirling Pdf | 2025-08-15 | N/A | 8.6 HIGH |
| Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF. This issue has been patched in version 1.1.0. | |||||
| CVE-2025-55151 | 1 Stirlingpdf | 1 Stirling Pdf | 2025-08-15 | N/A | 8.6 HIGH |
| Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality (/api/v1/convert/file/pdf) uses LibreOffice's unoconvert tool for conversion, and SSRF vulnerabilities exist during the conversion process. This issue has been patched in version 1.1.0. | |||||
| CVE-2025-55161 | 1 Stirlingpdf | 1 Stirling Pdf | 2025-08-15 | N/A | 8.6 HIGH |
| Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF. This issue has been patched in version 1.1.0. | |||||
| CVE-2025-53760 | 1 Microsoft | 1 Sharepoint Server | 2025-08-15 | N/A | 7.1 HIGH |
| Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-53241 | 2025-08-15 | N/A | 5.5 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in kodeshpa Simplified allows Server Side Request Forgery. This issue affects Simplified: from n/a through 1.0.9. | |||||
| CVE-2025-8680 | 2025-08-15 | N/A | 4.3 MEDIUM | ||
| The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Server-Side Request Forgery in version less than, or equal to, 2.0.0 via the fs_api_request function. This makes it possible for authenticated attackers, with subscriber-level access and above to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. | |||||
| CVE-2025-8013 | 2025-08-15 | N/A | 3.8 LOW | ||
| The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.5.1.41 via the 'RunExternalScan' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
| CVE-2025-45872 | 1 Zrlog | 1 Zrlog | 2025-08-14 | N/A | 9.8 CRITICAL |
| zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the downloadUrl parameter. | |||||
| CVE-2024-49822 | 1 Ibm | 1 Qradar Advisor | 2025-08-14 | N/A | 4.1 MEDIUM |
| IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2025-53767 | 1 Microsoft | 1 Azure Openai | 2025-08-14 | N/A | 10.0 CRITICAL |
| Azure OpenAI Elevation of Privilege Vulnerability | |||||
| CVE-2025-28987 | 2025-08-14 | N/A | 6.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in PressForward PressForward allows Server Side Request Forgery. This issue affects PressForward: from n/a through 5.9.1. | |||||
| CVE-2025-50251 | 2025-08-13 | N/A | 9.1 CRITICAL | ||
| Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery. | |||||
| CVE-2025-2987 | 1 Ibm | 1 Maximo Asset Management | 2025-08-13 | N/A | 3.8 LOW |
| IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2025-46341 | 1 Freshrss | 1 Freshrss | 2025-08-12 | N/A | 7.1 HIGH |
| FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, when the server is using HTTP auth via reverse proxy, it's possible to impersonate any user either via the `Remote-User` header or the `X-WebAuth-User` header by making specially crafted requests via the add feed functionality and obtaining the CSRF token via XPath scraping. The attacker has to know the IP address of the proxied FreshRSS instance and the admin's username, while also having an account on the instance. An attacker can send specially crafted requests in order to gain unauthorized access to internal services. This can also lead to privilege escalation like in the demonstrated scenario, although users that have setup OIDC are not affected by privilege escalation. Version 1.26.2 contains a patch for the issue. | |||||
| CVE-2025-7622 | 2025-08-12 | N/A | N/A | ||
| During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered. | |||||
| CVE-2025-25229 | 2025-08-12 | N/A | 5.4 MEDIUM | ||
| Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially enabling enumeration of internal network resources. | |||||
| CVE-2025-25235 | 2025-08-12 | N/A | 8.6 HIGH | ||
| Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks. | |||||
| CVE-2025-4655 | 2025-08-11 | N/A | N/A | ||
| SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows template editors to bypass access validations via crafted URLs. | |||||
| CVE-2025-4581 | 2025-08-11 | N/A | N/A | ||
| Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows a pre-authentication blind SSRF vulnerability in the portal-settings-authentication-opensso-web due to improper validation of user-supplied URLs. An attacker can exploit this issue to force the server to make arbitrary HTTP requests to internal systems, potentially leading to internal network enumeration or further exploitation. | |||||