Total
1522 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1046 | 1 Muyucms | 1 Muyucms | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in MuYuCMS 2.2. This affects an unknown part of the file /admin.php/update/getFile.html. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221805 was assigned to this vulnerability. | |||||
| CVE-2023-0574 | 1 Yugabyte | 1 Yugabytedb Managed | 2024-11-21 | N/A | 6.8 MEDIUM |
| Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0.0.0 through 2.13.0.0 | |||||
| CVE-2022-4725 | 1 Amazon | 1 Aws Software Development Kit | 2024-11-21 | N/A | 5.5 MEDIUM |
| A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 is able to address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability. | |||||
| CVE-2022-4096 | 1 Appsmith | 1 Appsmith | 2024-11-21 | N/A | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2. | |||||
| CVE-2022-48477 | 1 Jetbrains | 1 Hub | 2024-11-21 | N/A | 4.1 MEDIUM |
| In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing | |||||
| CVE-2022-48321 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 6.8 MEDIUM |
| Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API. | |||||
| CVE-2022-47872 | 1 Maccms | 1 Maccms | 2024-11-21 | N/A | 8.8 HIGH |
| A Server-Side Request Forgery (SSRF) in maccms10 v2021.1000.2000 allows attackers to force the application to make arbitrary requests via a crafted payload injected into the Name parameter under the Interface address module. | |||||
| CVE-2022-46830 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.1 MEDIUM |
| In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning. | |||||
| CVE-2022-45835 | 1 Phonepe | 1 Phonepe | 2024-11-21 | N/A | 5.8 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15. | |||||
| CVE-2022-45362 | 1 Paytm | 1 Payment Gateway | 2024-11-21 | N/A | 7.2 HIGH |
| Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Payment Gateway.This issue affects Paytm Payment Gateway: from n/a through 2.7.0. | |||||
| CVE-2022-45152 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | N/A | 9.1 CRITICAL |
| A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks. | |||||
| CVE-2022-45085 | 1 Gruparge | 1 Smartpower Web | 2024-11-21 | N/A | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery.This issue affects Smartpower Web: before 23.01.01. | |||||
| CVE-2022-43776 | 1 Metabase | 1 Metabase | 2024-11-21 | N/A | 6.5 MEDIUM |
| The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects. | |||||
| CVE-2022-43183 | 1 Xuxueli | 1 Xxl-job | 2024-11-21 | N/A | 8.8 HIGH |
| XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java. | |||||
| CVE-2022-43140 | 1 Keking | 1 Kkfileview | 2024-11-21 | N/A | 7.5 HIGH |
| kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter. | |||||
| CVE-2022-42894 | 1 Siemens | 1 Syngo Dynamics Cardiovascular Imaging And Information System | 2024-11-21 | N/A | 7.5 HIGH |
| A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for the leaking of NTLM credentials as well as local service enumeration. | |||||
| CVE-2022-42890 | 2 Apache, Debian | 2 Batik, Debian Linux | 2024-11-21 | N/A | 7.5 HIGH |
| A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. | |||||
| CVE-2022-42494 | 1 Aioseo | 1 All In One Seo | 2024-11-21 | N/A | 3.0 LOW |
| Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress. | |||||
| CVE-2022-42343 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
| Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-42183 | 1 Precisely | 1 Spectrum Spatial Analyst | 2024-11-21 | N/A | 9.1 CRITICAL |
| Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Server-Side Request Forgery (SSRF). | |||||