Total
1646 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29309 | 1 Wangl1989 | 1 Mysiteforme | 2025-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. | |||||
| CVE-2022-46364 | 1 Apache | 1 Cxf | 2025-04-22 | N/A | 9.8 CRITICAL |
| A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. | |||||
| CVE-2017-14585 | 1 Atlassian | 2 Hipchat Data Center, Hipchat Server | 2025-04-20 | 9.0 HIGH | 7.2 HIGH |
| A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected. | |||||
| CVE-2016-9417 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. | |||||
| CVE-2017-5643 | 1 Apache | 1 Camel | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE. | |||||
| CVE-2017-11291 | 1 Adobe | 1 Connect | 2025-04-20 | 6.4 MEDIUM | 10.0 CRITICAL |
| An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls. | |||||
| CVE-2017-1000237 | 1 I-librarian | 1 I Librarian | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password. | |||||
| CVE-2017-0907 | 1 Recurly | 1 Recurly Client .net | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources. | |||||
| CVE-2017-8794 | 1 Accellion | 1 File Transfer Appliance | 2025-04-20 | 6.4 MEDIUM | 10.0 CRITICAL |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern. | |||||
| CVE-2017-7200 | 1 Openstack | 1 Glance | 2025-04-20 | 5.0 MEDIUM | 5.8 MEDIUM |
| An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service. | |||||
| CVE-2017-17697 | 1 Linuxfoundation | 1 Harbor | 2025-04-20 | 5.0 MEDIUM | 8.6 HIGH |
| The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. | |||||
| CVE-2017-11148 | 1 Synology | 1 Chat | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors. | |||||
| CVE-2016-6621 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-20 | 5.0 MEDIUM | 8.6 HIGH |
| The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. | |||||
| CVE-2015-7570 | 1 Yeager | 1 Yeager Cms | 2025-04-20 | 6.4 MEDIUM | 7.2 HIGH |
| Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.php, or libs/org/adodb_lite/tests/test_adodb_lite_sessions.php. | |||||
| CVE-2017-11149 | 1 Synology | 1 Download Station | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI. | |||||
| CVE-2017-15644 | 1 Webmin | 1 Webmin | 2025-04-20 | 5.0 MEDIUM | 8.6 HIGH |
| SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000. | |||||
| CVE-2015-8813 | 1 Umbraco | 1 Umbraco | 2025-04-20 | 4.3 MEDIUM | 8.2 HIGH |
| The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter. | |||||
| CVE-2016-7999 | 1 Spip | 1 Spip | 2025-04-20 | 4.3 MEDIUM | 7.4 HIGH |
| ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action. | |||||
| CVE-2017-15886 | 1 Synology | 1 Chat | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. | |||||
| CVE-2017-15943 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities. | |||||