Total
1522 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1386 | 2 Fusion Builder Project, Theme-fusion | 2 Fusion Builder, Avada | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures. | |||||
| CVE-2022-1379 | 2 Fedoraproject, Plantuml | 2 Fedora, Plantuml | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers. | |||||
| CVE-2022-1285 | 1 Gogs | 1 Gogs | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8. | |||||
| CVE-2022-1239 | 1 Hubspot | 1 Hubspot | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks | |||||
| CVE-2022-1213 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191 | |||||
| CVE-2022-1191 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96. | |||||
| CVE-2022-1188 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible. | |||||
| CVE-2022-1037 | 1 Villatheme | 1 Exmage | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs | |||||
| CVE-2022-0990 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. | |||||
| CVE-2022-0939 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 7.5 HIGH | 9.9 CRITICAL |
| Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. | |||||
| CVE-2022-0870 | 1 Gogs | 1 Gogs | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5. | |||||
| CVE-2022-0768 | 1 Alltubedownload | 1 Alltube | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltube prior to 3.0.2. | |||||
| CVE-2022-0767 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 7.5 HIGH | 9.9 CRITICAL |
| Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. | |||||
| CVE-2022-0766 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. | |||||
| CVE-2022-0671 | 1 Redhat | 1 Vscode-xml | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file. | |||||
| CVE-2022-0591 | 1 Subtlewebinc | 1 Formcraft3 | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users | |||||
| CVE-2022-0528 | 1 Transloadit | 1 Uppy | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) in GitHub repository transloadit/uppy prior to 3.3.1. | |||||
| CVE-2022-0508 | 1 Framasoft | 1 Peertube | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832 | |||||
| CVE-2022-0425 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 MEDIUM | 5.4 MEDIUM |
| A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks. | |||||
| CVE-2022-0339 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16. | |||||