Total
1799 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-48477 | 1 Jetbrains | 1 Hub | 2025-02-04 | 4.1 Medium |
| In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing | ||||
| CVE-2023-26735 | 1 Prometheus | 1 Blackbox Exporter | 2025-02-04 | 7.5 High |
| blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured. | ||||
| CVE-2025-22701 | 2025-02-03 | 5.4 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in NotFound Traveler Layout Essential For Elementor. This issue affects Traveler Layout Essential For Elementor: from n/a through 1.0.8. | ||||
| CVE-2024-29173 | 1 Dell | 10 Apex Protection Storage, Data Domain Operating System, Dd3300 and 7 more | 2025-02-03 | 6.8 Medium |
| Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client. | ||||
| CVE-2024-5031 | 1 Caseproof | 1 Memberpress | 2025-01-31 | 8.5 High |
| The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2024-2343 | 1 Theme-fusion | 1 Avada | 2025-01-31 | 6.4 Medium |
| The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the form_to_url_action function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2023-30444 | 1 Ibm | 1 Watson Machine Learning On Cloud Pak For Data | 2025-01-30 | 7.1 High |
| IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350. | ||||
| CVE-2024-35633 | 1 Creativethemes | 1 Blocksy Companion | 2025-01-30 | 4.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.42. | ||||
| CVE-2022-27234 | 1 Intel | 1 Computer Vision Annotation Tool | 2025-01-27 | 4.3 Medium |
| Server-side request forgery in the CVAT software maintained by Intel(R) before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access. | ||||
| CVE-2023-23169 | 1 Synapsoft | 1 Pdfocus | 2025-01-27 | 6.5 Medium |
| Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directory Traversal. | ||||
| CVE-2022-29840 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2025-01-24 | 5.1 Medium |
| Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202. | ||||
| CVE-2024-13360 | 1 Aipower | 1 Aipower | 2025-01-24 | 5.4 Medium |
| The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicg_troubleshoot_add_vector(). This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2025-24703 | 2025-01-24 | 4.4 Medium | ||
| Server-Side Request Forgery (SSRF) vulnerability in DLX Plugins Comment Edit Core – Simple Comment Editing allows Server Side Request Forgery. This issue affects Comment Edit Core – Simple Comment Editing: from n/a through 3.0.33. | ||||
| CVE-2024-5917 | 1 Paloaltonetworks | 2 Cloud Ngfw, Pan-os | 2025-01-24 | 4.9 Medium |
| A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible. | ||||
| CVE-2024-1884 | 4 Apple, Linux, Microsoft and 1 more | 5 Macos, Linux Kernel, Windows and 2 more | 2025-01-23 | 6.5 Medium |
| This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing. | ||||
| CVE-2023-31848 | 1 Davinci Project | 1 Davinci | 2025-01-23 | 8.8 High |
| davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF). | ||||
| CVE-2024-42182 | 2025-01-23 | 2.5 Low | ||
| BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. It may allow the application to download files from an internally hosted server on localhost. | ||||
| CVE-2023-50733 | 2025-01-22 | 8.6 High | ||
| A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer Lexmark devices. | ||||
| CVE-2024-32718 | 1 Webangon | 1 The Pack Elementor Addons | 2025-01-21 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Webangon The Pack Elementor.This issue affects The Pack Elementor addons: from n/a through 2.0.8.2. | ||||
| CVE-2024-3485 | 1 Microfocus | 1 Imanager | 2025-01-21 | 5.3 Medium |
| Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure. | ||||