Total
1646 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-0906 | 1 Recurly | 1 Recurly Client Python | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources. | |||||
| CVE-2017-1000139 | 1 Mahara | 1 Mahara | 2025-04-20 | 6.0 MEDIUM | 8.0 HIGH |
| Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues. | |||||
| CVE-2016-6001 | 1 Ibm | 1 Forms Experience Builder | 2025-04-20 | 3.5 LOW | 3.1 LOW |
| IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources. | |||||
| CVE-2017-6036 | 1 Belden Hirschmann | 2 Gecko Lite Managed Switch, Gecko Lite Managed Switch Firmware | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination. | |||||
| CVE-2016-7051 | 1 Fasterxml | 1 Jackson-dataformat-xml | 2025-04-20 | 5.0 MEDIUM | 8.6 HIGH |
| XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD. | |||||
| CVE-2017-12905 | 1 Vebto | 1 Pixie - Image Editor | 2025-04-20 | 7.5 HIGH | 10.0 CRITICAL |
| Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php. | |||||
| CVE-2017-7566 | 1 Mybb | 1 Mybb | 2025-04-20 | 4.0 MEDIUM | 7.7 HIGH |
| MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism. | |||||
| CVE-2017-16678 | 1 Sap | 4 Epbc, Epbc2, Kmc-bc and 1 more | 2025-04-20 | 6.5 MEDIUM | 4.7 MEDIUM |
| Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application. | |||||
| CVE-2017-12071 | 1 Synology | 1 Photo Station | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter. | |||||
| CVE-2017-7553 | 1 Redhat | 1 Mobile Application Platform | 2025-04-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints. | |||||
| CVE-2017-16870 | 1 Updraftplus | 1 Updraftplus | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary | |||||
| CVE-2017-0889 | 1 Thoughtbot | 1 Paperclip | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources. | |||||
| CVE-2017-0905 | 1 Recurly | 1 Recurly Client Ruby | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource#find" method that could result in compromise of API keys or other critical resources. | |||||
| CVE-2017-9506 | 1 Atlassian | 1 Oauth | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF). | |||||
| CVE-2017-9307 | 1 Allen Disk Project | 1 Allen Disk | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter. | |||||
| CVE-2017-10973 | 1 Finecms Project | 1 Finecms | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header. | |||||
| CVE-2017-9458 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors. | |||||
| CVE-2017-7569 | 1 Vbulletin | 1 Vbulletin | 2025-04-20 | 5.0 MEDIUM | 8.6 HIGH |
| In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037. | |||||
| CVE-2017-6130 | 1 F5 | 2 Ssl Intercept Iapp, Ssl Orchestrator | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic. | |||||
| CVE-2017-1000017 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server | |||||