Total
1684 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-55086 | 1 Getsimple-ce | 1 Getsimple Cms | 2025-04-18 | 7.2 High |
| In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved in the plug-in download address in the backend management system. | ||||
| CVE-2024-33857 | 1 Logpoint | 1 Siem | 2025-04-18 | 9.6 Critical |
| An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery. | ||||
| CVE-2024-48107 | 1 Sparkshop | 1 Sparkshop | 2025-04-18 | 6.5 Medium |
| SparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server. | ||||
| CVE-2022-38708 | 1 Ibm | 1 Cognos Analytics | 2025-04-17 | 6.5 Medium |
| IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180. | ||||
| CVE-2022-34269 | 1 Rws | 1 Worldserver | 2025-04-16 | 8.8 High |
| An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/load_dtd?system_id= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution. | ||||
| CVE-2022-47635 | 1 Wildix | 1 Wms | 2025-04-16 | 9.8 Critical |
| Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23 allows Server-side request forgery (SSRF) via ZohoClient.php. | ||||
| CVE-2022-21215 | 1 Airspan | 9 A5x, A5x Firmware, C5c and 6 more | 2025-04-16 | 10 Critical |
| This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc. Affecting MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1. | ||||
| CVE-2025-27655 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-16 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: CPA v1 V-2023-009. | ||||
| CVE-2021-27312 | 1 Gleezcms | 1 Gleez Cms | 2025-04-16 | 9.4 Critical |
| Server Side Request Forgery (SSRF) vulnerability in Gleez Cms 1.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via modules/gleez/classes/request.php. | ||||
| CVE-2025-27652 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-15 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: rfIDEAS V-2023-015. | ||||
| CVE-2025-27651 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-15 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: Elatec V-2023-014. | ||||
| CVE-2025-30964 | 2025-04-15 | 5.4 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in EPC Photography. This issue affects Photography: from n/a through 7.5.2. | ||||
| CVE-2022-3189 | 1 Dataprobe | 24 Iboot-pdu4-n20, Iboot-pdu4-n20 Firmware, Iboot-pdu4a-n15 and 21 more | 2025-04-15 | 5.3 Medium |
| Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the host parameter. The changed host parameter in the HTTP could point to another host that will send a request to the host or IP specified in the changed host parameter. | ||||
| CVE-2025-32358 | 1 Zammad | 1 Zammad | 2025-04-15 | 4 Medium |
| In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST requests when certain conditions are met. If a webhook endpoint returned a redirect response, Zammad would follow it automatically with another GET request. This could be abused by an attacker to cause GET requests for example in the local network. | ||||
| CVE-2025-31824 | 2025-04-15 | 5.4 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in Wombat Plugins WP Optin Wheel allows Server Side Request Forgery. This issue affects WP Optin Wheel: from n/a through 1.4.7. | ||||
| CVE-2017-20106 | 1 Khoros | 1 Lithium Forum | 2025-04-15 | 5.3 Medium |
| A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the argument upload_url leads to server-side request forgery. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-4130 | 1 Redhat | 3 Satellite, Satellite Capsule, Satellite Utils | 2025-04-14 | 4.5 Medium |
| A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server. | ||||
| CVE-2022-4096 | 1 Appsmith | 1 Appsmith | 2025-04-14 | 6.5 Medium |
| Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2. | ||||
| CVE-2022-37313 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-14 | 5.3 Medium |
| OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record. | ||||
| CVE-2016-9752 | 1 S9y | 1 Serendipity | 2025-04-12 | N/A |
| In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code. | ||||