Total
1520 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2987 | 2025-04-23 | N/A | 3.8 LOW | ||
| IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2025-29460 | 2025-04-23 | N/A | 7.6 HIGH | ||
| An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation. | |||||
| CVE-2025-29459 | 2025-04-23 | N/A | 7.6 HIGH | ||
| An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation. | |||||
| CVE-2024-57252 | 1 Otcms | 1 Otcms | 2025-04-22 | N/A | 4.3 MEDIUM |
| OtCMS <=V7.46 is vulnerable to Server-Side Request Forgery (SSRF) in /admin/read.php, which can Read system files arbitrarily. | |||||
| CVE-2025-29453 | 1 Personal-management-system | 1 Personal Management System | 2025-04-22 | N/A | 6.5 MEDIUM |
| An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component. | |||||
| CVE-2025-29454 | 1 Personal-management-system | 1 Personal Management System | 2025-04-22 | N/A | 6.5 MEDIUM |
| An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function. | |||||
| CVE-2025-29455 | 1 Personal-management-system | 1 Personal Management System | 2025-04-22 | N/A | 6.5 MEDIUM |
| An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function. | |||||
| CVE-2025-29456 | 1 Personal-management-system | 1 Personal Management System | 2025-04-22 | N/A | 6.5 MEDIUM |
| An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function. | |||||
| CVE-2022-29309 | 1 Wangl1989 | 1 Mysiteforme | 2025-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. | |||||
| CVE-2025-28197 | 2025-04-22 | N/A | 9.1 CRITICAL | ||
| Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py. | |||||
| CVE-2022-46364 | 1 Apache | 1 Cxf | 2025-04-22 | N/A | 9.8 CRITICAL |
| A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. | |||||
| CVE-2025-29449 | 2025-04-21 | N/A | 6.5 MEDIUM | ||
| An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function. | |||||
| CVE-2025-32102 | 2025-04-21 | N/A | 5.0 MEDIUM | ||
| CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=telnetSocket request to the /WebInterface/function/ URI. | |||||
| CVE-2017-14585 | 1 Atlassian | 2 Hipchat Data Center, Hipchat Server | 2025-04-20 | 9.0 HIGH | 7.2 HIGH |
| A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected. | |||||
| CVE-2016-9417 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. | |||||
| CVE-2017-5643 | 1 Apache | 1 Camel | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE. | |||||
| CVE-2017-11291 | 1 Adobe | 1 Connect | 2025-04-20 | 6.4 MEDIUM | 10.0 CRITICAL |
| An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls. | |||||
| CVE-2017-1000237 | 1 I-librarian | 1 I Librarian | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password. | |||||
| CVE-2017-0907 | 1 Recurly | 1 Recurly Client .net | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources. | |||||
| CVE-2017-8794 | 1 Accellion | 1 File Transfer Appliance | 2025-04-20 | 6.4 MEDIUM | 10.0 CRITICAL |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern. | |||||