Total
1685 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-11913 | 1 Buddydev | 1 Activity Plus Reloaded For Buddypress | 2025-02-04 | 5.4 Medium |
| The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajax_preview_link' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2022-48477 | 1 Jetbrains | 1 Hub | 2025-02-04 | 4.1 Medium |
| In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing | ||||
| CVE-2023-26735 | 1 Prometheus | 1 Blackbox Exporter | 2025-02-04 | 7.5 High |
| blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured. | ||||
| CVE-2025-22701 | 2025-02-03 | 5.4 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in NotFound Traveler Layout Essential For Elementor. This issue affects Traveler Layout Essential For Elementor: from n/a through 1.0.8. | ||||
| CVE-2024-29173 | 1 Dell | 10 Apex Protection Storage, Data Domain Operating System, Dd3300 and 7 more | 2025-02-03 | 6.8 Medium |
| Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client. | ||||
| CVE-2024-44055 | 1 Wordpress | 1 Wordpress | 2025-01-31 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in NotFound Oshine Modules. This issue affects Oshine Modules: from n/a through n/a. | ||||
| CVE-2024-5031 | 1 Caseproof | 1 Memberpress | 2025-01-31 | 8.5 High |
| The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2024-2343 | 1 Theme-fusion | 1 Avada | 2025-01-31 | 6.4 Medium |
| The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the form_to_url_action function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2023-30444 | 1 Ibm | 1 Watson Machine Learning On Cloud Pak For Data | 2025-01-30 | 7.1 High |
| IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350. | ||||
| CVE-2024-35633 | 1 Creativethemes | 1 Blocksy Companion | 2025-01-30 | 4.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.42. | ||||
| CVE-2022-27234 | 1 Intel | 1 Computer Vision Annotation Tool | 2025-01-27 | 4.3 Medium |
| Server-side request forgery in the CVAT software maintained by Intel(R) before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access. | ||||
| CVE-2023-23169 | 1 Synapsoft | 1 Pdfocus | 2025-01-27 | 6.5 Medium |
| Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directory Traversal. | ||||
| CVE-2022-29840 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2025-01-24 | 5.1 Medium |
| Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202. | ||||
| CVE-2024-13360 | 1 Aipower | 1 Aipower | 2025-01-24 | 5.4 Medium |
| The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicg_troubleshoot_add_vector(). This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2025-24703 | 2025-01-24 | 4.4 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in DLX Plugins Comment Edit Core – Simple Comment Editing allows Server Side Request Forgery. This issue affects Comment Edit Core – Simple Comment Editing: from n/a through 3.0.33. | ||||
| CVE-2024-5917 | 1 Paloaltonetworks | 2 Cloud Ngfw, Pan-os | 2025-01-24 | 4.9 Medium |
| A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible. | ||||
| CVE-2024-1884 | 4 Apple, Linux, Microsoft and 1 more | 5 Macos, Linux Kernel, Windows and 2 more | 2025-01-23 | 6.5 Medium |
| This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing. | ||||
| CVE-2023-31848 | 1 Davinci Project | 1 Davinci | 2025-01-23 | 8.8 High |
| davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF). | ||||
| CVE-2024-42182 | 2025-01-23 | 2.5 Low | ||
| BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. It may allow the application to download files from an internally hosted server on localhost. | ||||
| CVE-2024-43710 | 2025-01-23 | 4.3 Medium | ||
| A server side request forgery vulnerability was identified in Kibana where the /api/fleet/health_check API could be used to send requests to internal endpoints. Due to the nature of the underlying request, only endpoints available over https that return JSON could be accessed. This can be carried out by users with read access to Fleet. | ||||