Skip to main content

SSRF

2868 CVEs technique

Monthly

CVE-2025-14008 LOW POC Monitor

A flaw has been found in dayrui XunRuiCMS up to 4.7.1. This vulnerability affects unknown code of the file admin79f2ec220c7e.php?c=api&m=test_site_domain of the component Project Domain Change Test. This manipulation of the argument v causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SSRF
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-14004 LOW POC Monitor

A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SSRF
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-20388 LOW PATCH Monitor

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high privilege capability `change_authentication` could enumerate internal IP addresses and network ports when adding new search peers to a Splunk search head in a distributed environment.

SSRF Splunk
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-13872 CRITICAL Act Now

Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination.

SSRF Opinio
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-66405 npm CRITICAL PATCH Act Now

Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch. This can be maliciously used by users for SSRF attacks. This vulnerability is fixed in 1.14.0.

SSRF Gateway
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-65836 CRITICAL POC Act Now

PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController.

SSRF Publiccms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-27232 MEDIUM PATCH This Month

An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.

SSRF Ubuntu Debian Frontend Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-13814 MEDIUM POC This Month

A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

SSRF
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13809 LOW POC Monitor

A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection Handler. Such manipulation of the argument host/sshPort/username/password/authType leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. A patch should be applied to remediate this issue. The vendor was contacted early about this disclosure but did not respond in any way.

Java SSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-13796 LOW Monitor

A security vulnerability has been detected in deco-cx apps up to 0.120.1. Affected by this vulnerability is the function AnalyticsScript of the file website/loaders/analyticsScript.ts of the component Parameter Handler. Such manipulation of the argument url leads to server-side request forgery. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 0.120.2 addresses this issue. It is suggested to upgrade the affected component.

SSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-13789 LOW POC Monitor

A vulnerability was found in ZenTao up to 21.7.6-8564. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-66201 HIGH POC This Week

LibreChat is a ChatGPT clone with additional features. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Librechat
NVD GitHub
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-13378 MEDIUM This Month

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-33203 HIGH This Week

NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure SSRF Nvidia
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-62155 Go HIGH PATCH This Week

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Suse
NVD GitHub
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-13588 LOW Monitor

A vulnerability was found in lKinderBueno Streamity Xtream IPTV Player up to 2.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-12800 MEDIUM This Month

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.4.5 via the su_shortcode_csv_table function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-62207 HIGH This Month

Azure Monitor Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SSRF Azure Monitor
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2025-13147 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer.1.8, from 2025.0.0 before 2025.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Moveit Transfer
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-12359 MEDIUM This Month

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'get_image_size_by_url' function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF PHP
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-63408 HIGH POC This Month

Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a server-side forgery request. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal SSRF Agent Dvr
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-8084 MEDIUM This Month

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the rest_helpers_create_images function. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF PHP
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-12376 MEDIUM This Month

The Icon List Block - Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fs_api_request. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-11427 MEDIUM This Month

The WP Migrate Lite - WordPress Migration Made Easy plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.7.6 via the wpmdb_flush AJAX. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2025-12962 MEDIUM This Month

The Local Syndication plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5a via the `url` parameter in the `[syndicate_local]` shortcode. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-63917 HIGH POC This Month

PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity (XXE) references. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Denial Of Service Information Disclosure SSRF Pdfpatcher
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-13174 LOW Monitor

A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-54560 LOW Monitor

A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Pingalert Application Server
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-64752 MEDIUM This Month

grist-core is a spreadsheet hosting server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF Grist Core
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-64709 CRITICAL POC Act Now

Typebot is an open-source chatbot builder. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Kubernetes Typebot
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-64525 npm MEDIUM POC PATCH MAL This Month

Astro is a web framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Astro
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2025-64511 HIGH This Month

MaxKB is an open-source AI assistant for enterprise. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Python Maxkb
NVD GitHub
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-52186 MEDIUM POC This Week

Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c (2025-06-02) contains a Server-Side Request Forgery (SSRF) vulnerability in the game export API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Lila
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-59089 MEDIUM PATCH This Month

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service SSRF
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-59088 HIGH PATCH This Week

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-37734 MEDIUM Monitor

Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic SSRF Kibana Red Hat
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-11696 HIGH This Month

A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. Rated high severity (CVSS 8.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF Path Traversal Microsoft Windows
NVD
CVSS 4.0
8.9
EPSS
0.0%
CVE-2025-64522 Go CRITICAL POC PATCH Act Now

Soft Serve is a self-hostable Git server for the command line. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Soft Serve
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-64430 npm HIGH PATCH This Month

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js SSRF File Upload
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-64178 Go HIGH PATCH This Month

Jellysweep is a cleanup tool for the Jellyfin media server. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 4.0
8.9
EPSS
0.1%
CVE-2025-64327 MEDIUM POC PATCH This Month

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Thinkdashboard
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-63551 HIGH POC This Month

A Server-Side Request Forgery (SSRF) vulnerability, achievable through an XML External Entity (XXE) injection, exists in MetInfo Content Management System (CMS) thru 8.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF Metinfo
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-60541 HIGH POC This Month

A Server-Side Request Forgery (SSRF) in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Prompt Optimizer
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-12560 MEDIUM This Month

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent() function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-64163 HIGH POC PATCH This Week

DataEase is an open source data visualization analysis tool. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Dataease
NVD GitHub
CVSS 4.0
8.9
EPSS
0.1%
CVE-2025-12388 MEDIUM This Month

The B Carousel Block - Responsive Image and Content Carousel plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.1.5. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-11917 MEDIUM This Month

The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.11 via the wpematico_test_feed() function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF PHP
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-62719 LOW POC PATCH Monitor

LinkAce is a self-hosted archive to collect website links. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. Public exploit code available.

SSRF Linkace
NVD GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2025-60898 MEDIUM This Month

Unauthenticated SSRF in Halo CMS 2.21 exposes internal network infrastructure to remote attackers via the Thumbnail via-uri endpoint, which performs server-side HTTP GET requests to attacker-supplied URLs without allowlist or blocklist enforcement. Beyond initiating outbound connections to attacker-controlled hosts, the endpoint issues a 307 redirect that leaks internal URLs in the Location header, enabling internal network reconnaissance. EPSS is low (0.27%, 19th percentile) with no CISA KEV listing, but a public researcher disclosure document exists, lowering the barrier to exploitation.

SSRF
NVD GitHub
CVSS 3.1
5.8
EPSS
0.3%
CVE-2025-62988 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates allows Server Side Request Forgery.This issue affects Slider Templates: from n/a through <= 1.0.3.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-49374 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in captcha.eu Captcha.eu captcha-eu allows Server Side Request Forgery.This issue affects Captcha.eu: from n/a through <= 1.0.61.

SSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-11361 MEDIUM This Month

Server-Side Request Forgery in Gutenberg Essential Blocks plugin for WordPress allows authenticated attackers with Author-level or higher privileges to make arbitrary web requests originating from the vulnerable server via the eb_save_ai_generated_image function, enabling reconnaissance and manipulation of internal services. Affects all versions up to 5.7.1 with CVSS 6.4 severity; no active KEV status or public exploit code confirmed at time of analysis.

WordPress SSRF
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-34282 MEDIUM POC This Month

SVG-based server-side request forgery in ThingsBoard versions prior to 4.2.1 allows upload of crafted SVG files containing external URL references to the dashboard Image Upload Gallery, causing the platform to initiate unintended outbound HTTP requests toward internal network resources. All ThingsBoard deployments (community, professional edition) running versions before 4.2.1 are affected via this gallery feature. No public exploit code or CISA KEV listing exists at time of analysis; however, the upstream fix in PR #13927 - which adds a Content-Security-Policy response header rather than sanitizing SVG content at upload - indicates the primary exploitation path may be browser-mediated rather than purely server-side, warranting scrutiny of the PR:N (no privileges required) CVSS assignment.

SSRF Thingsboard
NVD GitHub Exploit-DB
CVSS 4.0
6.9
EPSS
1.7%
CVE-2025-11648 LOW POC Monitor

Server-side request forgery in Tomofun Furbo 360 and Furbo Mini dog cameras allows remote attackers to manipulate the TF_FQDN.json configuration file via the GATT Interface URL Handler, enabling arbitrary internal network requests with low confidentiality and integrity impact. Affected firmware versions are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. Publicly available exploit code exists, though the attack requires high complexity and is not actively exploited at scale per EPSS data (0.06%, percentile 18%).

SSRF Furbo Mini Firmware Furbo 360 Dog Camera Firmware
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-9975 MEDIUM This Month

Server-Side Request Forgery (SSRF) in WP Scraper WordPress plugin versions up to 5.8.1 allows authenticated administrators to make arbitrary web requests from the affected server, enabling reconnaissance of internal services, metadata theft on cloud instances, and potential information disclosure. The vulnerability exists in the wp_scraper_extract_content function and requires high-level administrative privileges to exploit, making it a post-authentication lateral movement and reconnaissance vector for compromised administrator accounts.

WordPress SSRF
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-11286 LOW POC Monitor

Server-side request forgery (SSRF) in MCPHub up to version 0.9.10 allows authenticated high-privilege users to manipulate the baseUrl argument in the MCPRouter Service, enabling arbitrary HTTP requests from the server. The vulnerability requires high privilege level and has publicly available proof-of-concept code, though EPSS analysis suggests limited real-world exploitation probability despite active public disclosure.

SSRF Mcphub
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-10695 MEDIUM POC This Month

Two unauthenticated diagnostic endpoints allow arbitrary backend-initiated network connections to an attacker‑supplied destination. Both endpoints are exposed with permission => 'any', enabling unauthenticated SSRF for internal network scanning and service interaction. This issue affects OpenSupports: 4.11.0.

SSRF Opensupports
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-55971 MEDIUM POC This Month

TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 (Android TV, Kernel 5.4.242+), is vulnerable to a blind, unauthenticated Server-Side Request Forgery (SSRF) vulnerability via the UPnP MediaRenderer service (AVTransport:1). The device accepts unauthenticated SetAVTransportURI SOAP requests over TCP/16398 and attempts to retrieve externally referenced URIs, including attacker-controlled payloads. The blind SSRF allows for sending requests on behalf of the TV, which can be leveraged to probe for other internal or external services accessible by the device (e.g., 127.0.0.1:16XXX, LAN services, or internet targets), potentially enabling additional exploit chains.

SSRF 65c655 Firmware Android
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-54087 LOW PATCH Monitor

Server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack complexity is high, there are no attack requirements, and user interaction is required. There is no direct impact to confidentiality, integrity, or availability. There is a low severity subsequent system impact to integrity.

SSRF
NVD
CVSS 3.1
2.6
EPSS
0.0%
CVE-2025-57305 MEDIUM POC This Month

VitaraCharts 5.3.5 is vulnerable to Server-Side Request Forgery in fileLoader.jsp.

SSRF Vitaracharts
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-61735 Maven HIGH PATCH This Week

Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue.

SSRF Apache Kylin
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-20371 HIGH PATCH This Week

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user.

SSRF Splunk Splunk Cloud Platform
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-10735 MEDIUM This Month

The Block For Mailchimp - Easy Mailchimp Form Integration plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.12 via the mcbSubmit_Form_Data(). This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

SSRF WordPress PHP
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2025-56520 MEDIUM POC This Month

Dify v1.6.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Dify
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-34233 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a protection mechanism failure. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-34232 MEDIUM POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP SSRF Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-34231 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind and non-blind server-side. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP HP SSRF Virtual Appliance Application +1
NVD
CVSS 4.0
8.8
EPSS
0.2%
CVE-2025-34230 MEDIUM POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP HP SSRF Virtual Appliance Application +1
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-34229 MEDIUM POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP HP SSRF Virtual Appliance Application +1
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-34228 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP SSRF Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
8.8
EPSS
0.4%
CVE-2025-34225 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP SSRF Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
8.8
EPSS
0.4%
CVE-2025-11046 MEDIUM POC This Month

A security flaw has been discovered in Tencent WeKnora 0.1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-60181 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in silence Silencesoft RSS Reader allows Server Side Request Forgery.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-60161 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in BdThemes ZoloBlocks zoloblocks allows Server Side Request Forgery.3.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-10137 MEDIUM This Month

The Snow Monkey theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 29.1.5 via the request() function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress SSRF PHP
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2020-36851 npm CRITICAL Act Now

Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets (SSRF). Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Privilege Escalation SSRF
NVD GitHub VulDB
CVSS 4.0
9.5
EPSS
0.8%
CVE-2025-42907 MEDIUM Monitor

SAP BI Platform allows an attacker to modify the IP address of the LogonToken for the OpenDoc. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP SSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-59527 npm HIGH POC PATCH This Week

Flowise is a drag & drop user interface to build a customized large language model flow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Flowise
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-9960 MEDIUM POC This Month

A restriction bypass vulnerability in is-localhost-ip could allow attackers to perform Server-Side Request Forgery (SSRF).0.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-58962 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in publitio Publitio allows Server Side Request Forgery.2.1. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-58011 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Alex Content Mask allows Server Side Request Forgery.8.5.2. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-58005 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft DriCub allows Server Side Request Forgery.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-57984 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Pratik Ghela MakeStories (for Google Web Stories) allows Server Side Request Forgery.0.4. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Google SSRF
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-57943 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Skimlinks Skimlinks Affiliate Marketing Tool allows Server Side Request Forgery.3. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-53461 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Binsaifullah Beaf allows Server Side Request Forgery.6.2. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-53457 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in activewebsight SEO Backlink Monitor allows Server Side Request Forgery.6.0. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-36037 MEDIUM This Month

IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Webmethods Integration
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-10787 LOW Monitor

A vulnerability was found in MuYuCMS up to 2.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10765 LOW POC Monitor

A security flaw has been discovered in SeriaWei ZKEACMS up to 4.3. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-10764 LOW Monitor

A vulnerability was identified in SeriaWei ZKEACMS up to 4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
EPSS 0% CVSS 2.0
LOW POC Monitor

A flaw has been found in dayrui XunRuiCMS up to 4.7.1. This vulnerability affects unknown code of the file admin79f2ec220c7e.php?c=api&m=test_site_domain of the component Project Domain Change Test. This manipulation of the argument v causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SSRF
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SSRF
NVD GitHub VulDB
EPSS 0% CVSS 2.7
LOW PATCH Monitor

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high privilege capability `change_authentication` could enumerate internal IP addresses and network ports when adding new search peers to a Splunk search head in a distributed environment.

SSRF Splunk
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an attacker to force the server to perform HTTP GET requests via crafted import requests to an arbitrary destination.

SSRF Opinio
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch. This can be maliciously used by users for SSRF attacks. This vulnerability is fixed in 1.14.0.

SSRF Gateway
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL POC Act Now

PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController.

SSRF Publiccms
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.

SSRF Ubuntu Debian +3
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

SSRF
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection Handler. Such manipulation of the argument host/sshPort/username/password/authType leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. A patch should be applied to remediate this issue. The vendor was contacted early about this disclosure but did not respond in any way.

Java SSRF
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

A security vulnerability has been detected in deco-cx apps up to 0.120.1. Affected by this vulnerability is the function AnalyticsScript of the file website/loaders/analyticsScript.ts of the component Parameter Handler. Such manipulation of the argument url leads to server-side request forgery. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 0.120.2 addresses this issue. It is suggested to upgrade the affected component.

SSRF
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in ZenTao up to 21.7.6-8564. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SSRF
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH POC This Week

LibreChat is a ChatGPT clone with additional features. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Librechat
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP
NVD
EPSS 0% CVSS 7.6
HIGH This Week

NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure SSRF +1
NVD
EPSS 0% CVSS 8.5
HIGH PATCH This Week

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Suse
NVD GitHub
EPSS 0% CVSS 2.1
LOW Monitor

A vulnerability was found in lKinderBueno Streamity Xtream IPTV Player up to 2.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SSRF
NVD GitHub VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.4.5 via the su_shortcode_csv_table function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF PHP
NVD
EPSS 0% CVSS 8.6
HIGH This Month

Azure Monitor Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SSRF Azure Monitor
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer.1.8, from 2025.0.0 before 2025.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Moveit Transfer
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'get_image_size_by_url' function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF PHP
NVD
EPSS 0% CVSS 7.8
HIGH POC This Month

Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a server-side forgery request. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal SSRF Agent Dvr
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the rest_helpers_create_images function. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF PHP
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Icon List Block - Add Icon-Based Lists with Custom Styles plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.1 via the fs_api_request. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF PHP
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

The WP Migrate Lite - WordPress Migration Made Easy plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.7.6 via the wpmdb_flush AJAX. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Local Syndication plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5a via the `url` parameter in the `[syndicate_local]` shortcode. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF PHP
NVD
EPSS 0% CVSS 7.1
HIGH POC This Month

PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity (XXE) references. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Denial Of Service Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 2.1
LOW Monitor

A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD VulDB
EPSS 0% CVSS 3.8
LOW Monitor

A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Pingalert Application Server
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

grist-core is a spreadsheet hosting server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF Grist Core
NVD GitHub
EPSS 0% CVSS 9.6
CRITICAL POC Act Now

Typebot is an open-source chatbot builder. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Kubernetes Typebot
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Astro is a web framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Astro
NVD GitHub
EPSS 0% CVSS 7.4
HIGH This Month

MaxKB is an open-source AI assistant for enterprise. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Python Maxkb
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Week

Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c (2025-06-02) contains a Server-Side Request Forgery (SSRF) vulnerability in the game export API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Lila
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service SSRF
NVD GitHub
EPSS 0% CVSS 8.6
HIGH PATCH This Week

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM Monitor

Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic SSRF Kibana +1
NVD
EPSS 0% CVSS 8.9
HIGH This Month

A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. Rated high severity (CVSS 8.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF Path Traversal Microsoft +1
NVD
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

Soft Serve is a self-hostable Git server for the command line. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Soft Serve
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Month

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js SSRF File Upload
NVD GitHub
EPSS 0% CVSS 8.9
HIGH PATCH This Month

Jellysweep is a cleanup tool for the Jellyfin media server. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Thinkdashboard
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Month

A Server-Side Request Forgery (SSRF) vulnerability, achievable through an XML External Entity (XXE) injection, exists in MetInfo Content Management System (CMS) thru 8.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF Metinfo
NVD GitHub
EPSS 0% CVSS 7.3
HIGH POC This Month

A Server-Side Request Forgery (SSRF) in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Prompt Optimizer
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent() function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
EPSS 0% CVSS 8.9
HIGH POC PATCH This Week

DataEase is an open source data visualization analysis tool. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Dataease
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM This Month

The B Carousel Block - Responsive Image and Content Carousel plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.1.5. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF PHP
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.11 via the wpematico_test_feed() function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF PHP
NVD GitHub
EPSS 0% CVSS 2.3
LOW POC PATCH Monitor

LinkAce is a self-hosted archive to collect website links. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. Public exploit code available.

SSRF Linkace
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM This Month

Unauthenticated SSRF in Halo CMS 2.21 exposes internal network infrastructure to remote attackers via the Thumbnail via-uri endpoint, which performs server-side HTTP GET requests to attacker-supplied URLs without allowlist or blocklist enforcement. Beyond initiating outbound connections to attacker-controlled hosts, the endpoint issues a 307 redirect that leaks internal URLs in the Location header, enabling internal network reconnaissance. EPSS is low (0.27%, 19th percentile) with no CISA KEV listing, but a public researcher disclosure document exists, lowering the barrier to exploitation.

SSRF
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates allows Server Side Request Forgery.This issue affects Slider Templates: from n/a through <= 1.0.3.

SSRF
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in captcha.eu Captcha.eu captcha-eu allows Server Side Request Forgery.This issue affects Captcha.eu: from n/a through <= 1.0.61.

SSRF
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Server-Side Request Forgery in Gutenberg Essential Blocks plugin for WordPress allows authenticated attackers with Author-level or higher privileges to make arbitrary web requests originating from the vulnerable server via the eb_save_ai_generated_image function, enabling reconnaissance and manipulation of internal services. Affects all versions up to 5.7.1 with CVSS 6.4 severity; no active KEV status or public exploit code confirmed at time of analysis.

WordPress SSRF
NVD
EPSS 2% CVSS 6.9
MEDIUM POC This Month

SVG-based server-side request forgery in ThingsBoard versions prior to 4.2.1 allows upload of crafted SVG files containing external URL references to the dashboard Image Upload Gallery, causing the platform to initiate unintended outbound HTTP requests toward internal network resources. All ThingsBoard deployments (community, professional edition) running versions before 4.2.1 are affected via this gallery feature. No public exploit code or CISA KEV listing exists at time of analysis; however, the upstream fix in PR #13927 - which adds a Content-Security-Policy response header rather than sanitizing SVG content at upload - indicates the primary exploitation path may be browser-mediated rather than purely server-side, warranting scrutiny of the PR:N (no privileges required) CVSS assignment.

SSRF Thingsboard
NVD GitHub Exploit-DB
EPSS 0% CVSS 2.9
LOW POC Monitor

Server-side request forgery in Tomofun Furbo 360 and Furbo Mini dog cameras allows remote attackers to manipulate the TF_FQDN.json configuration file via the GATT Interface URL Handler, enabling arbitrary internal network requests with low confidentiality and integrity impact. Affected firmware versions are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. Publicly available exploit code exists, though the attack requires high complexity and is not actively exploited at scale per EPSS data (0.06%, percentile 18%).

SSRF Furbo Mini Firmware Furbo 360 Dog Camera Firmware
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

Server-Side Request Forgery (SSRF) in WP Scraper WordPress plugin versions up to 5.8.1 allows authenticated administrators to make arbitrary web requests from the affected server, enabling reconnaissance of internal services, metadata theft on cloud instances, and potential information disclosure. The vulnerability exists in the wp_scraper_extract_content function and requires high-level administrative privileges to exploit, making it a post-authentication lateral movement and reconnaissance vector for compromised administrator accounts.

WordPress SSRF
NVD
EPSS 0% CVSS 2.0
LOW POC Monitor

Server-side request forgery (SSRF) in MCPHub up to version 0.9.10 allows authenticated high-privilege users to manipulate the baseUrl argument in the MCPRouter Service, enabling arbitrary HTTP requests from the server. The vulnerability requires high privilege level and has publicly available proof-of-concept code, though EPSS analysis suggests limited real-world exploitation probability despite active public disclosure.

SSRF Mcphub
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

Two unauthenticated diagnostic endpoints allow arbitrary backend-initiated network connections to an attacker‑supplied destination. Both endpoints are exposed with permission => 'any', enabling unauthenticated SSRF for internal network scanning and service interaction. This issue affects OpenSupports: 4.11.0.

SSRF Opensupports
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM POC This Month

TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 (Android TV, Kernel 5.4.242+), is vulnerable to a blind, unauthenticated Server-Side Request Forgery (SSRF) vulnerability via the UPnP MediaRenderer service (AVTransport:1). The device accepts unauthenticated SetAVTransportURI SOAP requests over TCP/16398 and attempts to retrieve externally referenced URIs, including attacker-controlled payloads. The blind SSRF allows for sending requests on behalf of the TV, which can be leveraged to probe for other internal or external services accessible by the device (e.g., 127.0.0.1:16XXX, LAN services, or internet targets), potentially enabling additional exploit chains.

SSRF 65c655 Firmware Android
NVD GitHub
EPSS 0% CVSS 2.6
LOW PATCH Monitor

Server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack complexity is high, there are no attack requirements, and user interaction is required. There is no direct impact to confidentiality, integrity, or availability. There is a low severity subsequent system impact to integrity.

SSRF
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

VitaraCharts 5.3.5 is vulnerable to Server-Side Request Forgery in fileLoader.jsp.

SSRF Vitaracharts
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue.

SSRF Apache Kylin
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user.

SSRF Splunk Splunk Cloud Platform
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The Block For Mailchimp - Easy Mailchimp Form Integration plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.12 via the mcbSubmit_Form_Data(). This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

SSRF WordPress PHP
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

Dify v1.6.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Dify
NVD GitHub
EPSS 0% CVSS 8.5
HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a protection mechanism failure. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Virtual Appliance Application Virtual Appliance Host
NVD
EPSS 0% CVSS 6.9
MEDIUM POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP SSRF +2
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind and non-blind server-side. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP HP +3
NVD
EPSS 0% CVSS 6.9
MEDIUM POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP HP +3
NVD
EPSS 0% CVSS 6.9
MEDIUM POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP HP +3
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP SSRF +2
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP SSRF +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security flaw has been discovered in Tencent WeKnora 0.1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in silence Silencesoft RSS Reader allows Server Side Request Forgery.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in BdThemes ZoloBlocks zoloblocks allows Server Side Request Forgery.3.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The Snow Monkey theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 29.1.5 via the request() function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress SSRF PHP
NVD GitHub
EPSS 1% CVSS 9.5
CRITICAL Act Now

Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets (SSRF). Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Privilege Escalation +1
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM Monitor

SAP BI Platform allows an attacker to modify the IP address of the LogonToken for the OpenDoc. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP SSRF
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Flowise is a drag & drop user interface to build a customized large language model flow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Flowise
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A restriction bypass vulnerability in is-localhost-ip could allow attackers to perform Server-Side Request Forgery (SSRF).0.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in publitio Publitio allows Server Side Request Forgery.2.1. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Alex Content Mask allows Server Side Request Forgery.8.5.2. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft DriCub allows Server Side Request Forgery.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Pratik Ghela MakeStories (for Google Web Stories) allows Server Side Request Forgery.0.4. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Google SSRF
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Skimlinks Skimlinks Affiliate Marketing Tool allows Server Side Request Forgery.3. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Binsaifullah Beaf allows Server Side Request Forgery.6.2. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in activewebsight SEO Backlink Monitor allows Server Side Request Forgery.6.0. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Webmethods Integration
NVD
EPSS 0% CVSS 2.1
LOW Monitor

A vulnerability was found in MuYuCMS up to 2.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A security flaw has been discovered in SeriaWei ZKEACMS up to 4.3. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

A vulnerability was identified in SeriaWei ZKEACMS up to 4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD GitHub VulDB
Prev Page 13 of 32 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy