Total
1819 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-29454 | 1 Personal-management-system | 1 Personal Management System | 2025-04-22 | N/A | 6.5 MEDIUM |
| An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function. | |||||
| CVE-2025-29455 | 1 Personal-management-system | 1 Personal Management System | 2025-04-22 | N/A | 6.5 MEDIUM |
| An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function. | |||||
| CVE-2025-29456 | 1 Personal-management-system | 1 Personal Management System | 2025-04-22 | N/A | 6.5 MEDIUM |
| An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function. | |||||
| CVE-2022-29309 | 1 Wangl1989 | 1 Mysiteforme | 2025-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. | |||||
| CVE-2022-46364 | 1 Apache | 1 Cxf | 2025-04-22 | N/A | 9.8 CRITICAL |
| A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. | |||||
| CVE-2017-14585 | 1 Atlassian | 2 Hipchat Data Center, Hipchat Server | 2025-04-20 | 9.0 HIGH | 7.2 HIGH |
| A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected. | |||||
| CVE-2016-9417 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. | |||||
| CVE-2017-5643 | 1 Apache | 1 Camel | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE. | |||||
| CVE-2017-11291 | 1 Adobe | 1 Connect | 2025-04-20 | 6.4 MEDIUM | 10.0 CRITICAL |
| An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls. | |||||
| CVE-2017-1000237 | 1 I-librarian | 1 I Librarian | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password. | |||||
| CVE-2017-0907 | 1 Recurly | 1 Recurly Client .net | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources. | |||||
| CVE-2017-8794 | 1 Accellion | 1 File Transfer Appliance | 2025-04-20 | 6.4 MEDIUM | 10.0 CRITICAL |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern. | |||||
| CVE-2017-7200 | 1 Openstack | 1 Glance | 2025-04-20 | 5.0 MEDIUM | 5.8 MEDIUM |
| An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service. | |||||
| CVE-2017-17697 | 1 Linuxfoundation | 1 Harbor | 2025-04-20 | 5.0 MEDIUM | 8.6 HIGH |
| The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. | |||||
| CVE-2017-11148 | 1 Synology | 1 Chat | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors. | |||||
| CVE-2016-6621 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-20 | 5.0 MEDIUM | 8.6 HIGH |
| The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. | |||||
| CVE-2015-7570 | 1 Yeager | 1 Yeager Cms | 2025-04-20 | 6.4 MEDIUM | 7.2 HIGH |
| Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.php, or libs/org/adodb_lite/tests/test_adodb_lite_sessions.php. | |||||
| CVE-2017-11149 | 1 Synology | 1 Download Station | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI. | |||||
| CVE-2017-15644 | 1 Webmin | 1 Webmin | 2025-04-20 | 5.0 MEDIUM | 8.6 HIGH |
| SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000. | |||||
| CVE-2015-8813 | 1 Umbraco | 1 Umbraco | 2025-04-20 | 4.3 MEDIUM | 8.2 HIGH |
| The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter. | |||||