Skip to main content

SSRF

2868 CVEs technique

Monthly

CVE-2025-30914 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in XpeedStudio Metform allows Server Side Request Forgery.9.2. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-2835 MEDIUM POC This Month

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Oneblog
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1912 HIGH PATCH This Week

The Product Import Export for WooCommerce - Import Export Product CSV Suite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Product Import Export For Woocommerce PHP
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2024-13411 MEDIUM This Month

The Zapier for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5.1 via the updated_user() function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-2109 MEDIUM This Month

The WP Compress - Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init() function. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF Wp Compress PHP
NVD
CVSS 3.1
5.8
EPSS
0.3%
CVE-2024-10207 MEDIUM This Month

A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an authenticated network-based attacker to force the web server to request arbitrary URLs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-10206 MEDIUM This Month

A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to force the web server to request arbitrary URLs. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-2691 npm HIGH POC PATCH This Week

Authentication bypass in nossrf JavaScript library (versions <1.0.4) enables Server-Side Request Forgery against internal network resources by circumventing the library's SSRF protection mechanism. Attackers can supply hostnames resolving to reserved IP ranges (RFC 1918 private addresses, loopback, link-local) to access internal services despite nossrf being deployed specifically to prevent SSRF attacks. Publicly available exploit code exists (Snyk advisory). EPSS score of 0.14% (34th percentile) indicates limited observed exploitation attempts despite POC availability, likely due to the library's niche usage pattern. No CISA KEV listing indicates targeted rather than widespread exploitation campaigns.

SSRF
NVD
CVSS 4.0
7.8
EPSS
0.1%
CVE-2025-1970 HIGH PATCH This Week

The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the validate_file() function. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Import Export Wordpress Users PHP
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2024-13856 MEDIUM This Month

The Your Friendly Drag and Drop Page Builder - Make Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.10 via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-48590 CRITICAL Act Now

Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side Request Forgery (SSRF) via the NewsReaderService. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Spirateam
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2025-27888 Maven MEDIUM POC PATCH This Month

Severity: medium (5.8) / important Server-Side Request Forgery (SSRF), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), URL Redirection to Untrusted Site ('Open. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Apache XSS SSRF Druid
NVD
CVSS 4.0
5.8
EPSS
1.0%
CVE-2024-13923 HIGH PATCH This Week

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 via the validate_file() function. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Order Export Order Import For Woocommerce
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-0454 HIGH POC PATCH This Week

A Server-Side Request Forgery (SSRF) vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google SSRF Autogpt Platform
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-0188 PyPI MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) vulnerability was discovered in gaizhenbiao/chuanhuchatgpt version 20240914. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Authentication Bypass Chuanhuchatgpt
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2025-0184 MEDIUM POC PATCH This Month

A Server-Side Request Forgery (SSRF) vulnerability was identified in langgenius/dify version 0.10.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Dify
NVD GitHub
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-9309 CRITICAL POC Act Now

A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in haotian-liu/llava version v1.2.0 (LLaVA-1.6). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Llava
NVD
CVSS 3.0
9.3
EPSS
0.1%
CVE-2024-8955 PyPI HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Composio
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-8952 PyPI HIGH POC This Month

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOL_SCRAPE_WEBSITE_CONTENT endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Composio
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-8099 HIGH This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of vanna-ai/vanna when using DuckDB as the database. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SSRF Authentication Bypass
NVD
CVSS 3.0
8.3
EPSS
0.1%
CVE-2024-7959 PyPI HIGH POC This Week

The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Open Webui
NVD VulDB
CVSS 3.1
7.7
EPSS
0.4%
CVE-2024-6827 PyPI HIGH PATCH This Week

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling XSS SSRF Red Hat +1
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-12882 HIGH POC This Week

comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery (SSRF) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Comfyui
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-12779 HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in infiniflow/ragflow version 0.12.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Authentication Bypass Ragflow
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-12775 MEDIUM POC This Month

langgenius/dify version 0.10.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the test functionality for the Create Custom Tool option via the REST API `POST. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Dify
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-12766 HIGH POC This Month

parisneo/lollms-webui version V13 (feather) suffers from a Server-Side Request Forgery (SSRF) vulnerability in the `POST /api/proxy` REST API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Lollms Web Ui
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-12450 CRITICAL POC PATCH Act Now

In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multiple vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google SSRF RCE Ragflow Chrome
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-12392 MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) vulnerability exists in binary-husky/gpt_academic version git 310122f. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Gpt Academic
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-12376 PyPI HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Fastchat
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-12068 HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SSRF Llava
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-11822 HIGH POC This Week

langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Authentication Bypass Dify
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-11603 PyPI HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in lm-sys/fastchat version 0.2.36. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SSRF Authentication Bypass Fastchat
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-11449 HIGH POC This Week

A vulnerability in haotian-liu/llava version 1.2.0 (LLaVA-1.6) allows for Server-Side Request Forgery (SSRF) through the /run/predict endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SSRF Authentication Bypass Large Language And Vision Assistant
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-11031 HIGH POC This Week

In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Forgery (SSRF) vulnerability exists in the Markdown_Translate.get_files_from_everything() API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Gpt Academic
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-11030 HIGH POC This Week

GPT Academic version 3.83 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability through its HotReload plugin function, which calls the crazy_utils.get_files_from_everything() API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Gpt Academic
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-10457 MEDIUM This Month

Multiple Server-Side Request Forgery (SSRF) vulnerabilities were identified in the significant-gravitas/autogpt repository, specifically in the GitHub Integration and Web Search blocks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Authentication Bypass
NVD GitHub
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-10252 HIGH POC PATCH This Week

A vulnerability in langgenius/dify versions <=v0.9.1 allows for code injection via internal SSRF requests in the Dify sandbox service. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE SSRF Code Injection Python Dify
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-27785 HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Path Traversal Applio
NVD GitHub
CVSS 4.0
7.7
EPSS
0.3%
CVE-2025-27784 HIGH POC This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SSRF Applio
NVD GitHub
CVSS 4.0
7.7
EPSS
0.2%
CVE-2025-27777 HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Applio
NVD GitHub
CVSS 4.0
7.7
EPSS
0.2%
CVE-2025-27776 HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE Deserialization Applio
NVD GitHub
CVSS 4.0
8.8
EPSS
0.4%
CVE-2025-27775 HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE Deserialization Applio
NVD GitHub
CVSS 4.0
8.8
EPSS
0.4%
CVE-2025-27774 HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE Deserialization Applio
NVD GitHub
CVSS 4.0
8.8
EPSS
0.4%
CVE-2024-49822 MEDIUM This Month

IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Qradar Advisor
NVD
CVSS 3.1
4.1
EPSS
0.1%
CVE-2025-22474 MEDIUM This Month

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) a Server-Side Request Forgery (SSRF) vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell SSRF Smartfabric Os10
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-13838 MEDIUM PATCH This Month

The Uncanny Automator - Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.2. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Uncanny Automator
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-2192 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in Stoque Zeev.it 4.24. This affects an unknown part of the file /Login?inpLostSession=1 of the component Login Page. [CVSS 4.3 MEDIUM]

SSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-28607 LOW Monitor

The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via a falsy isPrivate return value. [CVSS 2.9 LOW]

Node.js SSRF
NVD GitHub
CVSS 3.1
2.9
EPSS
0.0%
CVE-2025-22603 HIGH POC PATCH This Week

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Versions prior to autogpt-platform-beta-v0.4.2 contains a server-side request forgery (SSRF) vulnerability inside component (or block) `Send Web Request`. [CVSS 8.1 HIGH]

SSRF
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-2116 MEDIUM This Month

A vulnerability has been found in Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System 3.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2024-13924 MEDIUM This Month

The Starter Templates by FancyWP plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.0.0 via the 'http_request_host_is_external' filter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF Starter Templates
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-53696 MEDIUM This Month

A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Qulog Center Qts Quts Hero
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-27152 npm HIGH POC PATCH MAL This Week

axios is a promise based HTTP client for the browser and node.js. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Node.js Axios Red Hat Suse
NVD GitHub
CVSS 4.0
7.7
EPSS
0.1%
CVE-2024-13857 MEDIUM This Month

The WPGet API - Connect to any external REST API plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.10. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-13904 MEDIUM PATCH This Month

The Platform.ly for WooCommerce plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.6 via the 'hooks' function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Platform Ly For Woocommerce
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-27600 MEDIUM This Month

FastGPT is a knowledge-based platform built on the LLMs. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Fastgpt
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-27655 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: CPA v1 V-2023-009. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27652 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: rfIDEAS V-2023-015. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27651 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: Elatec V-2023-014. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-27501 HIGH This Week

OpenZiti is a free and open source project focused on bringing zero trust to any application. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Openziti
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-25303 MEDIUM This Month

The MouseTooltipTranslator Chrome extension allows mouseover translation of any language at once. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google SSRF Chrome
NVD GitHub
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-25301 PyPI MEDIUM POC PATCH This Month

Rembg is a tool to remove images background. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SSRF Rembg
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-1849 MEDIUM POC This Month

A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Zz
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-1848 MEDIUM POC This Month

A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Zz
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-1833 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Zz
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-1799 MEDIUM This Month

A vulnerability, which was classified as critical, was found in Zorlan SkyCaiji 2.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Skycaiji
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13697 MEDIUM This Month

The Better Messages - Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress SSRF Better Messages
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2025-1662 MEDIUM This Month

The URL Media Uploader plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.0 via the 'url_media_uploader_url_upload' action. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-22952 Go CRITICAL POC PATCH THREAT Act Now

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.0%.

SSRF Memos Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
35.0%
Threat
4.5
CVE-2025-25760 HIGH This Week

A Server-Side Request Forgery (SSRF) in the component admin_webgather.php of SUCMS v1.0 allows attackers to access internal data and services via a crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF PHP Sucms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-13907 MEDIUM PATCH This Month

The Total Upkeep - WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Total Upkeep
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-13905 MEDIUM PATCH This Month

The OneStore Sites plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.1.1 via the class-export.php file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF PHP Onestore Sites
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-25827 MEDIUM This Month

A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows attackers to scan local and internal ports via supplying a crafted URL. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF PHP Emlog
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-25785 CRITICAL Act Now

JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \c\PluginsController.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF PHP Jizhicms
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-30150 MEDIUM This Month

HCL MyCloud is affected by Improper Access Control - an unauthenticated privilege escalation vulnerability which may lead to information disclosure and potential for Server-Side Request Forgery. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SSRF Privilege Escalation Denial Of Service Dryice Mycloud
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-13695 MEDIUM This Month

The Enfold theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.9 via the 'attachment_id' parameter. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Enfold
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-1043 MEDIUM This Month

The Embed Any Document - Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.5 via the 'embeddoc'. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-37359 HIGH This Week

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-27090 Go MEDIUM POC PATCH This Month

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Sliver Suse
NVD GitHub
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-1447 MEDIUM This Month

A vulnerability was found in kasuganosoras Pigeon 1.0.177. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13741 MEDIUM This Month

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to Limited Server-Side Request Forgery in all versions up to, and including, 5.9.4.2 via the pm_upload_image. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Profilegrid
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-20075 HIGH This Week

Server-side request forgery (SSRF) vulnerability exists in FileMegane versions above 3.0.0.0 prior to 3.4.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.0
7.2
EPSS
0.2%
CVE-2024-13879 MEDIUM This Month

The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.2 due to insufficient validation on the webhook feature. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-13834 MEDIUM PATCH This Month

The Responsive Plus - Starter Templates, Advanced Features and Customizer Settings for Responsive Theme plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Responsive Addons
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-25297 PyPI HIGH POC PATCH This Week

Label Studio is an open source data labeling tool. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Label Studio
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-25182 CRITICAL Act Now

Stroom is a data processing, storage and analysis platform. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SSRF Authentication Bypass
NVD GitHub
CVSS 3.1
9.4
EPSS
0.0%
CVE-2025-26494 HIGH This Month

Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server allows Authentication Bypass.3 through 2023.3.5. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Authentication Bypass Tableau Server
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-22399 HIGH PATCH This Week

Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. Rated high severity (CVSS 7.9), this vulnerability is no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Dell SSRF Utility Configuration Collector Edge
NVD
CVSS 3.1
7.9
EPSS
0.0%
CVE-2024-52606 LOW Monitor

SolarWinds Platform is affected by server-side request forgery vulnerability. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

SSRF Solarwinds Platform
NVD
CVSS 3.1
3.5
EPSS
0.4%
CVE-2025-1211 LOW Monitor

Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 4.0
2.9
EPSS
0.0%
EPSS 0% CVSS 4.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in XpeedStudio Metform allows Server Side Request Forgery.9.2. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Oneblog
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

The Product Import Export for WooCommerce - Import Export Product CSV Suite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Product Import Export For Woocommerce +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Zapier for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5.1 via the updated_user() function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

The WP Compress - Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init() function. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF Wp Compress +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an authenticated network-based attacker to force the web server to request arbitrary URLs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to force the web server to request arbitrary URLs. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Authentication bypass in nossrf JavaScript library (versions <1.0.4) enables Server-Side Request Forgery against internal network resources by circumventing the library's SSRF protection mechanism. Attackers can supply hostnames resolving to reserved IP ranges (RFC 1918 private addresses, loopback, link-local) to access internal services despite nossrf being deployed specifically to prevent SSRF attacks. Publicly available exploit code exists (Snyk advisory). EPSS score of 0.14% (34th percentile) indicates limited observed exploitation attempts despite POC availability, likely due to the library's niche usage pattern. No CISA KEV listing indicates targeted rather than widespread exploitation campaigns.

SSRF
NVD
EPSS 0% CVSS 7.6
HIGH PATCH This Week

The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the validate_file() function. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Import Export Wordpress Users +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Your Friendly Drag and Drop Page Builder - Make Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.10 via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side Request Forgery (SSRF) via the NewsReaderService. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Spirateam
NVD GitHub
EPSS 1% CVSS 5.8
MEDIUM POC PATCH This Month

Severity: medium (5.8) / important Server-Side Request Forgery (SSRF), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), URL Redirection to Untrusted Site ('Open. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Apache XSS +2
NVD
EPSS 0% CVSS 7.6
HIGH PATCH This Week

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 via the validate_file() function. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Order Export Order Import For Woocommerce
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

A Server-Side Request Forgery (SSRF) vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google SSRF Autogpt Platform
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) vulnerability was discovered in gaizhenbiao/chuanhuchatgpt version 20240914. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Authentication Bypass Chuanhuchatgpt
NVD
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

A Server-Side Request Forgery (SSRF) vulnerability was identified in langgenius/dify version 0.10.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Dify
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in haotian-liu/llava version v1.2.0 (LLaVA-1.6). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Llava
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Composio
NVD
EPSS 0% CVSS 7.5
HIGH POC This Month

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOL_SCRAPE_WEBSITE_CONTENT endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Composio
NVD
EPSS 0% CVSS 8.3
HIGH This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of vanna-ai/vanna when using DuckDB as the database. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SSRF Authentication Bypass
NVD
EPSS 0% CVSS 7.7
HIGH POC This Week

The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Open Webui
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling XSS +3
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery (SSRF) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Comfyui
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in infiniflow/ragflow version 0.12.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Authentication Bypass Ragflow
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

langgenius/dify version 0.10.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the test functionality for the Create Custom Tool option via the REST API `POST. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Dify
NVD
EPSS 0% CVSS 7.5
HIGH POC This Month

parisneo/lollms-webui version V13 (feather) suffers from a Server-Side Request Forgery (SSRF) vulnerability in the `POST /api/proxy` REST API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Lollms Web Ui
NVD
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multiple vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google SSRF RCE +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) vulnerability exists in binary-husky/gpt_academic version git 310122f. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Gpt Academic
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Fastchat
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SSRF Llava
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Authentication Bypass Dify
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in lm-sys/fastchat version 0.2.36. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SSRF Authentication Bypass +1
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

A vulnerability in haotian-liu/llava version 1.2.0 (LLaVA-1.6) allows for Server-Side Request Forgery (SSRF) through the /run/predict endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SSRF Authentication Bypass +1
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Forgery (SSRF) vulnerability exists in the Markdown_Translate.get_files_from_everything() API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Gpt Academic
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

GPT Academic version 3.83 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability through its HotReload plugin function, which calls the crazy_utils.get_files_from_everything() API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Gpt Academic
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Multiple Server-Side Request Forgery (SSRF) vulnerabilities were identified in the significant-gravitas/autogpt repository, specifically in the GitHub Integration and Web Search blocks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Authentication Bypass
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC PATCH This Week

A vulnerability in langgenius/dify versions <=v0.9.1 allows for code injection via internal SSRF requests in the Dify sandbox service. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE SSRF Code Injection +2
NVD GitHub
EPSS 0% CVSS 7.7
HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Path Traversal Applio
NVD GitHub
EPSS 0% CVSS 7.7
HIGH POC This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SSRF Applio
NVD GitHub
EPSS 0% CVSS 7.7
HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Applio
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE Deserialization +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE Deserialization +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE Deserialization +1
NVD GitHub
EPSS 0% CVSS 4.1
MEDIUM This Month

IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Qradar Advisor
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) a Server-Side Request Forgery (SSRF) vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell SSRF Smartfabric Os10
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Uncanny Automator - Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.2. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Uncanny Automator
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A vulnerability, which was classified as problematic, was found in Stoque Zeev.it 4.24. This affects an unknown part of the file /Login?inpLostSession=1 of the component Login Page. [CVSS 4.3 MEDIUM]

SSRF
NVD VulDB
EPSS 0% CVSS 2.9
LOW Monitor

The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via a falsy isPrivate return value. [CVSS 2.9 LOW]

Node.js SSRF
NVD GitHub
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Versions prior to autogpt-platform-beta-v0.4.2 contains a server-side request forgery (SSRF) vulnerability inside component (or block) `Send Web Request`. [CVSS 8.1 HIGH]

SSRF
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability has been found in Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System 3.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

The Starter Templates by FancyWP plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.0.0 via the 'http_request_host_is_external' filter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF Starter Templates
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Qulog Center Qts +1
NVD
EPSS 0% CVSS 7.7
HIGH POC PATCH This Week

axios is a promise based HTTP client for the browser and node.js. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Node.js Axios +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

The WPGet API - Connect to any external REST API plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.10. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The Platform.ly for WooCommerce plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.6 via the 'hooks' function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Platform Ly For Woocommerce
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

FastGPT is a knowledge-based platform built on the LLMs. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Fastgpt
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: CPA v1 V-2023-009. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Vasion Print Virtual Appliance
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: rfIDEAS V-2023-015. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Vasion Print Virtual Appliance
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: Elatec V-2023-014. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Vasion Print Virtual Appliance
NVD
EPSS 0% CVSS 8.6
HIGH This Week

OpenZiti is a free and open source project focused on bringing zero trust to any application. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Openziti
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM This Month

The MouseTooltipTranslator Chrome extension allows mouseover translation of any language at once. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google SSRF +1
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM POC PATCH This Month

Rembg is a tool to remove images background. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SSRF Rembg
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Zz
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Zz
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Zz
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability, which was classified as critical, was found in Zorlan SkyCaiji 2.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Skycaiji
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

The Better Messages - Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress SSRF Better Messages
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The URL Media Uploader plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.0 via the 'url_media_uploader_url_upload' action. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
EPSS 35% 4.5 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.0%.

SSRF Memos Suse
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

A Server-Side Request Forgery (SSRF) in the component admin_webgather.php of SUCMS v1.0 allows attackers to access internal data and services via a crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF PHP Sucms
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

The Total Upkeep - WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Total Upkeep
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The OneStore Sites plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.1.1 via the class-export.php file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF PHP +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows attackers to scan local and internal ports via supplying a crafted URL. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF PHP Emlog
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \c\PluginsController.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF PHP Jizhicms
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

HCL MyCloud is affected by Improper Access Control - an unauthenticated privilege escalation vulnerability which may lead to information disclosure and potential for Server-Side Request Forgery. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SSRF Privilege Escalation +2
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Enfold theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.9 via the 'attachment_id' parameter. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Enfold
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Embed Any Document - Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.5 via the 'embeddoc'. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF PHP
NVD
EPSS 0% CVSS 8.6
HIGH This Week

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 6.9
MEDIUM POC PATCH This Month

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Sliver Suse
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability was found in kasuganosoras Pigeon 1.0.177. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to Limited Server-Side Request Forgery in all versions up to, and including, 5.9.4.2 via the pm_upload_image. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Profilegrid
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Server-side request forgery (SSRF) vulnerability exists in FileMegane versions above 3.0.0.0 prior to 3.4.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.2 due to insufficient validation on the webhook feature. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The Responsive Plus - Starter Templates, Advanced Features and Customizer Settings for Responsive Theme plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Responsive Addons
NVD
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

Label Studio is an open source data labeling tool. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Label Studio
NVD GitHub
EPSS 0% CVSS 9.4
CRITICAL Act Now

Stroom is a data processing, storage and analysis platform. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SSRF Authentication Bypass
NVD GitHub
EPSS 0% CVSS 7.7
HIGH This Month

Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server allows Authentication Bypass.3 through 2023.3.5. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Authentication Bypass Tableau Server
NVD
EPSS 0% CVSS 7.9
HIGH PATCH This Week

Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. Rated high severity (CVSS 7.9), this vulnerability is no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Dell SSRF Utility Configuration Collector Edge
NVD
EPSS 0% CVSS 3.5
LOW Monitor

SolarWinds Platform is affected by server-side request forgery vulnerability. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

SSRF Solarwinds Platform
NVD
EPSS 0% CVSS 2.9
LOW Monitor

Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
Prev Page 17 of 32 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy