Total
1687 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38298 | 1 Appsmith | 1 Appsmith | 2024-11-21 | 8.8 High |
| Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming requests to the AWS internal metadata endpoint. | ||||
| CVE-2022-38292 | 1 Slims | 1 Senayan Library Management System | 2024-11-21 | 9.8 Critical |
| SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php. | ||||
| CVE-2022-37041 | 1 Zimbra | 1 Collaboration | 2024-11-21 | 7.5 High |
| An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. The value of the X-Forwarded-Host header overwrites the value of the Host header in proxied requests. The value of X-Forwarded-Host header is not checked against the whitelist of hosts that ZCS is allowed to proxy to (the zimbraProxyAllowedDomains setting). | ||||
| CVE-2022-36997 | 1 Veritas | 4 Flex Appliance, Flex Scale, Netbackup and 1 more | 2024-11-21 | 7.1 High |
| An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service. | ||||
| CVE-2022-36802 | 1 Atlassian | 1 Jira Align | 2024-11-21 | 4.9 Medium |
| The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request. | ||||
| CVE-2022-36663 | 1 Gluu | 1 Oxauth | 2024-11-21 | 9.8 Critical |
| Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter. | ||||
| CVE-2022-36551 | 1 Heartex | 1 Label Studio | 2024-11-21 | 6.5 Medium |
| A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling a remote attacker to create a new account and then exploit the SSRF. | ||||
| CVE-2022-34013 | 1 Zhyd | 1 Oneblog | 2024-11-21 | 4.3 Medium |
| OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module. | ||||
| CVE-2022-34011 | 1 Zhyd | 1 Oneblog | 2024-11-21 | 4.3 Medium |
| OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls. | ||||
| CVE-2022-32995 | 1 Halo | 1 Halo | 2024-11-21 | 9.8 Critical |
| Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function. | ||||
| CVE-2022-32457 | 1 Digiwin | 1 Business Process Management | 2024-11-21 | 5.3 Medium |
| Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response. | ||||
| CVE-2022-31830 | 1 Baidu | 1 Kity Minder | 2024-11-21 | 9.1 Critical |
| Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init function at ImageCapture.class.php. | ||||
| CVE-2022-31827 | 1 Monstaftp | 1 Monstaftp | 2024-11-21 | 9.1 Critical |
| MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function performFetchRequest at HTTPFetcher.php. | ||||
| CVE-2022-31776 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 8.8 High |
| IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 228433. | ||||
| CVE-2022-31393 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 9.1 Critical |
| Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php. | ||||
| CVE-2022-31390 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 9.1 Critical |
| Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php. | ||||
| CVE-2022-31386 | 1 Nbnbk Project | 1 Nbnbk | 2024-11-21 | 9.1 Critical |
| A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter. | ||||
| CVE-2022-30049 | 1 Ruifang-tech | 1 Rebuild | 2024-11-21 | 7.5 High |
| A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter. | ||||
| CVE-2022-2900 | 1 Parse-url Project | 1 Parse-url | 2024-11-21 | 9.1 Critical |
| Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0. | ||||
| CVE-2022-2756 | 1 Kavitareader | 1 Kavita | 2024-11-21 | 6.5 Medium |
| Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1. | ||||