Skip to main content

SSRF

2868 CVEs technique

Monthly

CVE-2025-47791 MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nextcloud Server Nextcloud
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-6584 CRITICAL POC Act Now

The 'wp_ajax_boost_proxy_ig' action allows administrators to make GET requests to arbitrary URLs. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Jetpack Boost
NVD WPScan
CVSS 3.1
9.1
EPSS
0.6%
CVE-2025-40595 HIGH This Month

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2024-13940 MEDIUM This Month

The Ninja Forms Webhooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.7 via the form webhook functionality. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-45887 CRITICAL POC Act Now

Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) in /api/file/getRemoteContent. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Yifang
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2025-47733 CRITICAL This Week

Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SSRF Power Apps
NVD
CVSS 3.1
9.1
EPSS
2.7%
CVE-2025-29972 CRITICAL This Week

Server-side request forgery (ssrf) in Azure Storage Resource Provider allows an authorized attacker to perform spoofing over a network. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft SSRF Azure Storage Resource Provider
NVD
CVSS 3.1
9.9
EPSS
4.5%
CVE-2025-47664 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in ThimPress WP Pipes allows Server Side Request Forgery.4.2. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2025-47635 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem WebinarPress allows Server Side Request Forgery.33.27. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-47548 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Varun Dubey Wbcom Designs - Activity Link Preview For BuddyPress allows Server Side Request Forgery.4.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-47484 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Oliver Campion Display Remote Posts Block allows Server Side Request Forgery.1.0. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-47483 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Iulia Cazan Easy Replace Image allows Server Side Request Forgery.5.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-47464 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra allows Server Side Request Forgery.3.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-45250 MEDIUM POC This Month

MrDoc v0.95 and before is vulnerable to Server-Side Request Forgery (SSRF) in the validate_url function of the app_doc/utils.py file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Mrdoc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-55910 MEDIUM This Month

IBM Concert Software 1.0.0 through 1.0.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM SSRF Concert
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-48907 HIGH POC This Week

Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Replyone
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-46568 HIGH POC This Week

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Stirling Pdf
NVD GitHub
CVSS 4.0
7.7
EPSS
0.3%
CVE-2024-13845 MEDIUM This Month

The Gravity Forms WebHooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.0 via the 'process_feed' method of the GF_Webhooks class This. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Gravity Forms Webhooks
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-2170 HIGH This Week

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Sma1000 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2023-35817 MEDIUM This Month

DevExpress before 23.1.3 allows AsyncDownloader SSRF. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Devexpress
NVD
CVSS 3.1
5.0
EPSS
0.3%
CVE-2025-4012 MEDIUM POC This Month

A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Playedu
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2025-3954 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in ChurchCRM 5.16.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Churchcrm
NVD VulDB
CVSS 4.0
6.3
EPSS
0.6%
CVE-2025-3775 MEDIUM This Month

The ShopLentor - WooCommerce Builder for Elementor & Gutenberg +20 Modules - All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF Shoplentor PHP
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-46531 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Ankur Vishwakarma WP AVCL Automation Helper (formerly WPFlyLeads) allows Server Side Request Forgery.4. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-46511 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Derek Springer BeerXML Shortcode allows Server Side Request Forgery.71. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-46503 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in josheli Simple Google Photos Grid allows Server Side Request Forgery.5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Google SSRF
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-46443 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Adam Pery Animate allows Server Side Request Forgery.5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-1522 MEDIUM PATCH This Month

PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Information Disclosure SSRF Posthog
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-1521 MEDIUM PATCH This Month

PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Information Disclosure SSRF Posthog
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-27907 MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Websphere Application Server
NVD
CVSS 3.1
4.1
EPSS
0.2%
CVE-2025-2987 LOW Monitor

IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Maximo Asset Management
NVD
CVSS 3.1
3.8
EPSS
0.1%
CVE-2025-29446 LOW POC Monitor

open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SSRF Open Webui Ollama AI / ML
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-28197 PyPI CRITICAL Act Now

Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Crawl4ai
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2025-3787 MEDIUM POC This Month

A vulnerability was found in PbootCMS 3.2.5. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Pbootcms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2025-29461 HIGH POC This Week

An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ path. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF A Blogcms
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2025-29460 HIGH This Week

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Mybb
NVD
CVSS 3.1
7.6
EPSS
0.6%
CVE-2025-29459 HIGH POC This Week

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Mybb
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2025-29458 HIGH POC This Week

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Mybb
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2025-29457 HIGH POC This Week

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Mybb
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2025-29456 MEDIUM POC This Month

An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Personal Management System
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-29453 MEDIUM POC This Month

An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Personal Management System
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-29455 MEDIUM POC This Month

An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Personal Management System
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-29454 MEDIUM POC This Month

An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Personal Management System
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-29452 HIGH POC This Week

An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Seo Panel
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2025-29451 HIGH POC This Week

An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail Setting component. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Seo Panel
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2025-29450 MEDIUM POC This Month

An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the site settings component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Twonav
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-29449 MEDIUM POC This Month

An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Twonav
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-56736 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat.7.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SSRF Hertzbeat
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-3691 MEDIUM POC This Month

A vulnerability was found in mirweiye Seven Bears Library CMS 2023. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Seven Bears Library Cms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2025-31497 HIGH This Week

TEIGarage is a webservice and RESTful service to transform, convert and validate various formats, focussing on the TEI format. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE SSRF
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-32948 HIGH POC This Week

The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send requests to arbitrary URLs (Blind SSRF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption SSRF Denial Of Service Peertube
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-32102 MEDIUM POC This Month

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=telnetSocket request to the /WebInterface/function/ URI. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Crushftp
NVD
CVSS 3.1
5.0
EPSS
0.5%
CVE-2025-30964 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in EPC Photography.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-26990 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in WP Royal Royal Elementor Addons allows Server Side Request Forgery.7.1006. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Elementor
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2025-31490 HIGH POC PATCH This Week

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python SSRF Autogpt Platform
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-29720 MEDIUM POC This Month

Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SSRF Dify
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-3572 HIGH This Week

SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even access arbitrary local files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Smartrobot Red Hat
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-22374 MEDIUM This Month

A Server-Side Request Forgery (SSRF) vulnerability was discovered in the videx-legacy-ssl web service of Videx’s CyberAudit-Web, affecting versions prior to 1.1.3. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Authentication Bypass
NVD
CVSS 4.0
6.0
EPSS
0.3%
CVE-2025-0539 MEDIUM This Month

In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft SSRF Octopus Server Windows
NVD
CVSS 4.0
5.9
EPSS
0.1%
CVE-2025-32691 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Angelo Mandato PowerPress Podcasting allows Server Side Request Forgery.12.4. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-32675 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in QuantumCloud SEO Help allows Server Side Request Forgery.6.0. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-32487 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Joe Waymark allows Server Side Request Forgery.5.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-31009 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Jan Boddez IndieBlocks allows Server Side Request Forgery.13.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-32372 NuGet MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Microsoft SSRF Dotnetnuke
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-3412 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in mymagicpower AIAS 20250308. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Aias
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3411 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in mymagicpower AIAS 20250308.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Aias
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-32013 PyPI CRITICAL POC PATCH Act Now

LNbits is a Lightning wallet and accounts system. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Lnbits
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-32358 MEDIUM This Month

In Zammad 6.4.x before 6.4.2, SSRF can occur. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF Zammad
NVD
CVSS 3.1
4.0
EPSS
0.2%
CVE-2025-3254 MEDIUM POC This Month

A vulnerability was found in xujiangfei admintwo 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Admintwo
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-2245 MEDIUM This Month

A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gravityzone Update Server
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-2243 MEDIUM This Month

A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gravityzone
NVD
CVSS 4.0
6.9
EPSS
0.8%
CVE-2025-3192 PHP HIGH This Week

Server-Side Request Forgery in spatie/browsershot enables remote attackers to probe internal network infrastructure and enumerate localhost directories via the setUrl() function. All versions from 0.0.0 onwards are affected, creating broad exposure for PHP applications using this Puppeteer wrapper library. EPSS score of 0.29% (53rd percentile) suggests low automated scanning activity currently, and publicly available exploit code exists demonstrating the vulnerability.

SSRF
NVD GitHub
CVSS 4.0
7.8
EPSS
0.3%
CVE-2025-31824 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Wombat Plugins WP Optin Wheel allows Server Side Request Forgery.4.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-31796 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in TheInnovs Team ElementsCSS Addons for Elementor allows Server Side Request Forgery.0.8.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-21384 HIGH This Week

An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft SSRF Azure Health Bot
NVD
CVSS 3.1
8.3
EPSS
1.1%
CVE-2025-31117 MEDIUM POC PATCH This Month

OpenEMR is a free and open source electronic health records and medical practice management application. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Openemr
NVD GitHub
CVSS 4.0
6.9
EPSS
1.0%
CVE-2025-31116 PyPI MEDIUM POC PATCH This Month

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available.

SSRF Mobile Security Framework
NVD GitHub
CVSS 3.1
4.4
EPSS
0.3%
CVE-2025-2997 MEDIUM POC This Month

A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Youkefu
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-31527 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Kishan WP Link Preview allows Server Side Request Forgery.4.1. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-28096 MEDIUM POC This Month

OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Onenav
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-28094 PHP MEDIUM POC This Month

shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XSS Shopxo
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-28093 PHP MEDIUM POC This Month

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Shopxo
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2025-28092 PHP MEDIUM POC This Month

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Shopxo
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2025-28091 CRITICAL POC Act Now

maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Maccms
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2025-28090 CRITICAL POC Act Now

maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Maccms
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2025-28089 CRITICAL POC Act Now

maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Maccms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2025-1781 HIGH POC This Week

There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF). Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF Css Validator
NVD GitHub
CVSS 4.0
8.4
EPSS
0.2%
CVE-2025-31076 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in WP Compress WP Compress for MainWP allows Server Side Request Forgery.30.03. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-48944 Maven MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SSRF Kylin
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-22672 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows Server Side Request Forgery.1.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.1%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Nextcloud Server is a self hosted personal cloud system. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nextcloud Server Nextcloud
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

The 'wp_ajax_boost_proxy_ig' action allows administrators to make GET requests to arbitrary URLs. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Jetpack Boost
NVD WPScan
EPSS 0% CVSS 7.2
HIGH This Month

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Ninja Forms Webhooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.7 via the form webhook functionality. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
EPSS 0% CVSS 9.1
CRITICAL POC Act Now

Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) in /api/file/getRemoteContent. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Yifang
NVD
EPSS 3% CVSS 9.1
CRITICAL This Week

Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SSRF Power Apps
NVD
EPSS 4% CVSS 9.9
CRITICAL This Week

Server-side request forgery (ssrf) in Azure Storage Resource Provider allows an authorized attacker to perform spoofing over a network. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft SSRF Azure Storage Resource Provider
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in ThimPress WP Pipes allows Server Side Request Forgery.4.2. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem WebinarPress allows Server Side Request Forgery.33.27. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Varun Dubey Wbcom Designs - Activity Link Preview For BuddyPress allows Server Side Request Forgery.4.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Oliver Campion Display Remote Posts Block allows Server Side Request Forgery.1.0. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Iulia Cazan Easy Replace Image allows Server Side Request Forgery.5.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra allows Server Side Request Forgery.3.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

MrDoc v0.95 and before is vulnerable to Server-Side Request Forgery (SSRF) in the validate_url function of the app_doc/utils.py file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Mrdoc
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Concert Software 1.0.0 through 1.0.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM SSRF Concert
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Replyone
NVD
EPSS 0% CVSS 7.7
HIGH POC This Week

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Stirling Pdf
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

The Gravity Forms WebHooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.0 via the 'process_feed' method of the GF_Webhooks class This. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Gravity Forms Webhooks
NVD
EPSS 0% CVSS 7.2
HIGH This Week

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Sma1000 Firmware
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

DevExpress before 23.1.3 allows AsyncDownloader SSRF. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Devexpress
NVD
EPSS 1% CVSS 5.1
MEDIUM POC This Month

A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Playedu
NVD GitHub VulDB
EPSS 1% CVSS 6.3
MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in ChurchCRM 5.16.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Churchcrm
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

The ShopLentor - WooCommerce Builder for Elementor & Gutenberg +20 Modules - All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF Shoplentor +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Ankur Vishwakarma WP AVCL Automation Helper (formerly WPFlyLeads) allows Server Side Request Forgery.4. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Derek Springer BeerXML Shortcode allows Server Side Request Forgery.71. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in josheli Simple Google Photos Grid allows Server Side Request Forgery.5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Google SSRF
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Adam Pery Animate allows Server Side Request Forgery.5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Information Disclosure SSRF Posthog
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Information Disclosure SSRF Posthog
NVD GitHub
EPSS 0% CVSS 4.1
MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Websphere Application Server
NVD
EPSS 0% CVSS 3.8
LOW Monitor

IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Maximo Asset Management
NVD
EPSS 0% CVSS 3.3
LOW POC Monitor

open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SSRF Open Webui Ollama +1
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL Act Now

Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Crawl4ai
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A vulnerability was found in PbootCMS 3.2.5. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Pbootcms
NVD GitHub VulDB
EPSS 1% CVSS 7.6
HIGH POC This Week

An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ path. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF A Blogcms
NVD
EPSS 1% CVSS 7.6
HIGH This Week

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Mybb
NVD
EPSS 1% CVSS 7.6
HIGH POC This Week

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Mybb
NVD
EPSS 1% CVSS 7.6
HIGH POC This Week

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Mybb
NVD
EPSS 1% CVSS 7.6
HIGH POC This Week

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Mybb
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Personal Management System
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Personal Management System
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Personal Management System
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Personal Management System
NVD
EPSS 1% CVSS 7.6
HIGH POC This Week

An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Seo Panel
NVD
EPSS 1% CVSS 7.6
HIGH POC This Week

An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail Setting component. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Seo Panel
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the site settings component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Twonav
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF Twonav
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat.7.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SSRF Hertzbeat
NVD
EPSS 1% CVSS 5.1
MEDIUM POC This Month

A vulnerability was found in mirweiye Seven Bears Library CMS 2023. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Seven Bears Library Cms
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

TEIGarage is a webservice and RESTful service to transform, convert and validate various formats, focussing on the TEI format. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE SSRF
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send requests to arbitrary URLs (Blind SSRF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption SSRF Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM POC This Month

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=telnetSocket request to the /WebInterface/function/ URI. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Crushftp
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in EPC Photography.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in WP Royal Royal Elementor Addons allows Server Side Request Forgery.7.1006. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Elementor
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python SSRF Autogpt Platform
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC This Month

Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SSRF Dify
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even access arbitrary local files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Smartrobot Red Hat
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

A Server-Side Request Forgery (SSRF) vulnerability was discovered in the videx-legacy-ssl web service of Videx’s CyberAudit-Web, affecting versions prior to 1.1.3. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Authentication Bypass
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft SSRF Octopus Server +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Angelo Mandato PowerPress Podcasting allows Server Side Request Forgery.12.4. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in QuantumCloud SEO Help allows Server Side Request Forgery.6.0. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Joe Waymark allows Server Side Request Forgery.5.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Jan Boddez IndieBlocks allows Server Side Request Forgery.13.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Microsoft SSRF Dotnetnuke
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in mymagicpower AIAS 20250308. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Aias
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in mymagicpower AIAS 20250308.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Aias
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

LNbits is a Lightning wallet and accounts system. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Lnbits
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM This Month

In Zammad 6.4.x before 6.4.2, SSRF can occur. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF Zammad
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in xujiangfei admintwo 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Admintwo
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gravityzone Update Server
NVD
EPSS 1% CVSS 6.9
MEDIUM This Month

A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gravityzone
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Server-Side Request Forgery in spatie/browsershot enables remote attackers to probe internal network infrastructure and enumerate localhost directories via the setUrl() function. All versions from 0.0.0 onwards are affected, creating broad exposure for PHP applications using this Puppeteer wrapper library. EPSS score of 0.29% (53rd percentile) suggests low automated scanning activity currently, and publicly available exploit code exists demonstrating the vulnerability.

SSRF
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Wombat Plugins WP Optin Wheel allows Server Side Request Forgery.4.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in TheInnovs Team ElementsCSS Addons for Elementor allows Server Side Request Forgery.0.8.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
EPSS 1% CVSS 8.3
HIGH This Week

An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft SSRF Azure Health Bot
NVD
EPSS 1% CVSS 6.9
MEDIUM POC PATCH This Month

OpenEMR is a free and open source electronic health records and medical practice management application. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Openemr
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM POC PATCH This Month

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available.

SSRF Mobile Security Framework
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Youkefu
NVD GitHub VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Kishan WP Link Preview allows Server Side Request Forgery.4.1. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Onenav
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XSS Shopxo
NVD
EPSS 0% CVSS 6.3
MEDIUM POC This Month

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Shopxo
NVD
EPSS 0% CVSS 6.3
MEDIUM POC This Month

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Shopxo
NVD
EPSS 0% CVSS 9.1
CRITICAL POC Act Now

maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Maccms
NVD
EPSS 0% CVSS 9.1
CRITICAL POC Act Now

maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Maccms
NVD
EPSS 0% CVSS 9.1
CRITICAL POC Act Now

maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Maccms
NVD GitHub
EPSS 0% CVSS 8.4
HIGH POC This Week

There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF). Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF Css Validator
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in WP Compress WP Compress for MainWP allows Server Side Request Forgery.30.03. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SSRF Kylin
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows Server Side Request Forgery.1.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
Prev Page 16 of 32 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy