Skip to main content

SSRF

2868 CVEs technique

Monthly

CVE-2025-25194 Cargo MEDIUM This Month

Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypub_federation, a framework for ActivityPub federation in Rust. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-25069 MEDIUM PATCH This Month

A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Redis Kvrocks Suse
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2025-21177 HIGH This Week

Server-side request forgery (ssrf) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft SSRF Dynamics 365 Sales
NVD
CVSS 3.1
8.7
EPSS
0.5%
CVE-2025-23217 PyPI HIGH PATCH This Month

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE Suse
NVD GitHub
CVSS 4.0
8.2
EPSS
3.6%
CVE-2024-56471 MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Aspera Shares
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-56470 MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Aspera Shares
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-25065 MEDIUM This Month

SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Zimbra Collaboration Suite
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-22701 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in NotFound Traveler Layout Essential For Elementor.0.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-44055 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in NotFound Oshine Modules. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-6195 LOW POC Monitor

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Gitlab SSRF
NVD
CVSS 3.1
2.6
EPSS
0.1%
CVE-2025-24354 Go MEDIUM POC PATCH This Month

imgproxy is server for resizing, processing, and converting images. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
2.4%
CVE-2024-10705 MEDIUM PATCH This Month

The Multiple Page Generator Plugin - MPG plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.5 via the 'mpg_download_file_by_link' function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Multiple Page Generator
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-13450 LOW Monitor

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Contact Form Builder
NVD
CVSS 3.1
3.8
EPSS
0.3%
CVE-2025-24703 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in DLX Plugins Comment Edit Core - Simple Comment Editing allows Server Side Request Forgery.0.33. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-24701 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Kiboko Labs Chained Quiz allows Server Side Request Forgery.3.2.9. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2025-24695 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in HasThemes Extensions For CF7 allows Server Side Request Forgery.2.0. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-11913 MEDIUM This Month

The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajax_preview_link' function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Activity Plus Reloaded For Buddypress
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-43710 MEDIUM PATCH Monitor

A server side request forgery vulnerability was identified in Kibana where the /api/fleet/health_check API could be used to send requests to internal endpoints. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Elastic SSRF Kibana
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-42182 LOW Monitor

BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. Rated low severity (CVSS 2.5). No vendor patch available.

SSRF
NVD
CVSS 3.1
2.5
EPSS
0.1%
CVE-2024-13360 MEDIUM PATCH This Month

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicg_troubleshoot_add_vector(). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Aipower
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-23195 HIGH This Month

An XML External Entity (XXE) vulnerability exists in the Ambari/Oozie project, allowing an attacker to inject malicious XML entities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE SSRF Ambari
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-45479 Maven CRITICAL PATCH This Week

SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Ranger
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2023-50733 HIGH This Week

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer Lexmark devices. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-23221 npm MEDIUM PATCH This Month

Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF Denial Of Service
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-0584 MEDIUM This Month

The a+HRD from aEnrich Technology has a Server-side Request Forgery, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF A Hrd
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-57252 MEDIUM Monitor

OtCMS <=V7.46 is vulnerable to Server-Side Request Forgery (SSRF) in /admin/read.php, which can Read system files arbitrarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Otcms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-52602 Go MEDIUM PATCH This Month

Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Matrix Media Repo Suse
NVD GitHub
CVSS 3.1
5.0
EPSS
0.1%
CVE-2024-52594 Go MEDIUM PATCH Monitor

Gomatrixserverlib is a Go library for matrix federation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-0480 MEDIUM POC This Month

A vulnerability classified as problematic has been found in wuzhicms 4.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Wuzhicms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-22346 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Faizaan Gagan Course Migration for LearnDash allows Server Side Request Forgery.0.2 through n/a. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-57767 HIGH POC This Week

MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Mysiteforme
NVD
CVSS 3.1
8.6
EPSS
0.3%
CVE-2024-55892 PHP MEDIUM PATCH Monitor

TYPO3 is a free and open source Content Management Framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Open Redirect SSRF Typo3
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-0474 HIGH This Week

Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery (SSRF) allowing for arbitrary file read and network resource requests as the application user.8.56 through 5.11.23. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.2%
CVE-2025-23082 HIGH This Month

Veeam Backup for Microsoft Azure is vulnerable to Server-Side Request Forgery (SSRF). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SSRF Backup
NVD
CVSS 3.0
7.2
EPSS
0.5%
CVE-2025-21385 HIGH This Week

Microsoft Purview contains a server-side request forgery vulnerability that allows an authorized attacker to access internal network resources and disclose sensitive information. The SSRF enables reading internal service responses, accessing cloud metadata endpoints, and potentially pivoting to internal infrastructure.

Microsoft SSRF Purview
NVD
CVSS 3.1
8.8
EPSS
48.3%
CVE-2024-6155 MEDIUM This Month

The Greenshift - animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress SSRF XSS Greenshift Animation And Page Builder Blocks
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-53705 HIGH This Month

A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-13195 MEDIUM POC This Month

A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SSRF Bookstore
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-22215 MEDIUM Monitor

VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware SSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-54819 CRITICAL This Week

I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 42.5% and no vendor patch available.

SSRF PHP
NVD GitHub
CVSS 3.1
9.1
EPSS
42.5%
CVE-2024-35532 CRITICAL This Week

An XML External Entity (XXE) injection vulnerability in Intersec Geosafe-ea 2022.12, 2022.13, and 2022.14 allows attackers to perform arbitrary file reading under the privileges of the running. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Buffer Overflow Denial Of Service Information Disclosure SSRF
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-56279 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Tips and Tricks HQ Compact WP Audio Player allows Server Side Request Forgery.9.14. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-56275 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Envato Envato Elements allows Server Side Request Forgery.0.14. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.1
EPSS
0.1%
CVE-2024-13139 MEDIUM POC This Month

A vulnerability was found in wangl1989 mysiteforme 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SSRF Mysiteforme
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-12237 MEDIUM Monitor

The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.15 via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-56324 LOW PATCH Monitor

GoCD is a continuous deliver server. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE SSRF Information Disclosure Path Traversal Gocd
NVD GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2024-56800 HIGH This Week

Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-10044 CRITICAL POC Act Now

A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Fastchat
NVD
CVSS 3.0
9.3
EPSS
0.5%
CVE-2024-13032 MEDIUM POC This Month

A vulnerability classified as problematic was found in Antabot White-Jotter up to 0.2.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF White Jotter
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-13029 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Antabot White-Jotter up to 0.2.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF White Jotter
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-50714 HIGH This Week

A Server-Side Request Forgery (SSRF) in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacker to obtain sensitive information via a crafted script to the /FB/getFbVideoSource.php component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF PHP
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-12989 MEDIUM This Month

A vulnerability was found in WISI Tangram GT31 up to 20241214 and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-10903 MEDIUM POC This Month

The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Broken Link Checker
NVD WPScan
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-51463 MEDIUM POC This Month

IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF IBM
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2024-12867 HIGH This Week

Server-Side Request Forgery in URL Mapper in Arctic Security's Arctic Hub versions 3.0.1764-5.6.1877 allows an unauthenticated remote attacker to exfiltrate and modify configurations and data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 4.0
8.8
EPSS
0.5%
CVE-2024-49336 MEDIUM This Month

IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF IBM Security Guardium
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-12801 Maven LOW PATCH Monitor

Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

SSRF Java
NVD
CVSS 4.0
2.4
EPSS
0.2%
CVE-2024-55082 HIGH POC This Week

A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-12121 MEDIUM This Month

The Broken Link Checker | Finder plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the 'moblc_check_link' function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-52579 MEDIUM This Month

Misskey is an open source, federated social media platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Misskey
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-55089 MEDIUM This Month

Rhymix before 2.1.24 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function because XML documents may contain external entities. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Rhymix
NVD GitHub
CVSS 3.1
4.1
EPSS
0.2%
CVE-2024-55088 HIGH This Week

GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF CSRF Getsimple Cms
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-55086 HIGH This Week

In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved in the plug-in download address in the backend management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Getsimple Cms
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-9624 HIGH This Week

The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download function. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-54385 HIGH POC THREAT Act Now

Server-Side Request Forgery (SSRF) vulnerability in princeahmed Radio Player radio-player allows Server Side Request Forgery.0.83. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 83.7%.

SSRF
NVD
CVSS 3.1
7.2
EPSS
83.7%
Threat
5.5
CVE-2024-54330 HIGH POC THREAT Act Now

Server-Side Request Forgery (SSRF) vulnerability in hurraki Hurrakify hurrakify allows Server Side Request Forgery.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 63.1%.

SSRF
NVD
CVSS 3.1
7.2
EPSS
63.1%
Threat
4.8
CVE-2024-11836 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in PlexTrac allowing requests to internal system resources.61.3 before 2.8.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Plextrac
NVD
CVSS 4.0
8.6
EPSS
0.3%
CVE-2024-55875 Maven CRITICAL POC PATCH GHSA Act Now

http4k is a functional toolkit for Kotlin HTTP applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF RCE XXE Information Disclosure
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
7.2%
CVE-2024-54197 HIGH This Week

SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF SAP
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-47578 CRITICAL Act Now

Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2024-48874 CRITICAL Act Now

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Reyee Os
NVD
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-6784 HIGH This Week

Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Abb Information Disclosure Aspect Ent 2 Firmware Aspect Ent 256 Firmware +17
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-45206 MEDIUM This Month

A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Veeam Service Provider Console
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2024-54000 PyPI HIGH PATCH This Week

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Mobile Security Framework
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-53738 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster wp-asset-clean-up allows Server Side Request Forgery.3.9.8. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2024-53983 npm MEDIUM PATCH This Month

The Backstage Scaffolder plugin Houses types and utilities for building scaffolder-related modules. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Authentication Bypass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-35451 MEDIUM POC This Month

LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favicon.blade.php link SSRF. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Linkstack
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-32965 npm HIGH POC PATCH THREAT This Week

Lobe Chat is an open-source, AI chat framework. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Lobe Chat
NVD GitHub
CVSS 3.1
8.6
EPSS
23.7%
CVE-2024-6538 Go MEDIUM This Month

A flaw was found in OpenShift Console. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-9710 HIGH PATCH This Week

PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Posthog
NVD GitHub
CVSS 3.1
8.3
EPSS
0.7%
CVE-2024-11618 MEDIUM This Month

A vulnerability classified as critical was found in IPC Unigy Management System 04.03.00.08.0027. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-38645 CRITICAL Act Now

A server-side request forgery (SSRF) vulnerability has been reported to affect Notes Station 3. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Notes Station 3
NVD
CVSS 4.0
9.4
EPSS
0.6%
CVE-2024-52598 HIGH POC This Week

2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XSS 2fauth
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-47208 CRITICAL Act Now

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.12.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Code Injection Apache RCE Ofbiz
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-5917 LOW Monitor

A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Paloalto Pan Os
NVD
CVSS 4.0
2.1
EPSS
0.5%
CVE-2024-11168 MEDIUM This Month

The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD GitHub
CVSS 4.0
6.3
EPSS
0.7%
CVE-2024-49521 HIGH This Week

Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe Commerce Magento
NVD
CVSS 3.1
7.7
EPSS
0.7%
CVE-2024-47590 HIGH This Week

An unauthenticated attacker can create a malicious link which they can make publicly available. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-51785 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Nks Responsive Filterable Portfolio responsive-filterable-portfolio allows Server Side Request Forgery.0.22. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-10814 MEDIUM This Month

The Code Embed plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5 via the ce_get_file() function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
CVSS 3.1
6.4
EPSS
0.3%
EPSS 0% CVSS 4.0
MEDIUM This Month

Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypub_federation, a framework for ActivityPub federation in Rust. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Redis +2
NVD
EPSS 1% CVSS 8.7
HIGH This Week

Server-side request forgery (ssrf) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft SSRF Dynamics 365 Sales
NVD
EPSS 4% CVSS 8.2
HIGH PATCH This Month

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE Suse
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Aspera Shares
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Aspera Shares
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Zimbra Collaboration Suite
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in NotFound Traveler Layout Essential For Elementor.0.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in NotFound Oshine Modules. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 2.6
LOW POC Monitor

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Gitlab SSRF
NVD
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

imgproxy is server for resizing, processing, and converting images. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Suse
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The Multiple Page Generator Plugin - MPG plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.5 via the 'mpg_download_file_by_link' function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Multiple Page Generator
NVD
EPSS 0% CVSS 3.8
LOW Monitor

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Contact Form Builder
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in DLX Plugins Comment Edit Core - Simple Comment Editing allows Server Side Request Forgery.0.33. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Kiboko Labs Chained Quiz allows Server Side Request Forgery.3.2.9. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in HasThemes Extensions For CF7 allows Server Side Request Forgery.2.0. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajax_preview_link' function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Activity Plus Reloaded For Buddypress
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

A server side request forgery vulnerability was identified in Kibana where the /api/fleet/health_check API could be used to send requests to internal endpoints. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Elastic SSRF Kibana
NVD
EPSS 0% CVSS 2.5
LOW Monitor

BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. Rated low severity (CVSS 2.5). No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicg_troubleshoot_add_vector(). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Aipower
NVD
EPSS 0% CVSS 7.5
HIGH This Month

An XML External Entity (XXE) vulnerability exists in the Ambari/Oozie project, allowing an attacker to inject malicious XML entities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE SSRF Ambari
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH This Week

SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Ranger
NVD
EPSS 0% CVSS 8.6
HIGH This Week

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer Lexmark devices. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF Denial Of Service
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

The a+HRD from aEnrich Technology has a Server-side Request Forgery, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF A Hrd
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

OtCMS <=V7.46 is vulnerable to Server-Side Request Forgery (SSRF) in /admin/read.php, which can Read system files arbitrarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Otcms
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Matrix Media Repo Suse
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

Gomatrixserverlib is a Go library for matrix federation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Suse
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as problematic has been found in wuzhicms 4.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Wuzhicms
NVD GitHub VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Faizaan Gagan Course Migration for LearnDash allows Server Side Request Forgery.0.2 through n/a. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 8.6
HIGH POC This Week

MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Mysiteforme
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH Monitor

TYPO3 is a free and open source Content Management Framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Open Redirect SSRF Typo3
NVD GitHub
EPSS 0% CVSS 7.7
HIGH This Week

Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery (SSRF) allowing for arbitrary file read and network resource requests as the application user.8.56 through 5.11.23. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH This Month

Veeam Backup for Microsoft Azure is vulnerable to Server-Side Request Forgery (SSRF). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SSRF Backup
NVD
EPSS 48% CVSS 8.8
HIGH This Week

Microsoft Purview contains a server-side request forgery vulnerability that allows an authorized attacker to access internal network resources and disclose sensitive information. The SSRF enables reading internal service responses, accessing cloud metadata endpoints, and potentially pivoting to internal infrastructure.

Microsoft SSRF Purview
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Greenshift - animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress SSRF +2
NVD
EPSS 0% CVSS 7.5
HIGH This Month

A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SSRF Bookstore
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM Monitor

VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware SSRF
NVD
EPSS 43% CVSS 9.1
CRITICAL This Week

I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 42.5% and no vendor patch available.

SSRF PHP
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL This Week

An XML External Entity (XXE) injection vulnerability in Intersec Geosafe-ea 2022.12, 2022.13, and 2022.14 allows attackers to perform arbitrary file reading under the privileges of the running. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Buffer Overflow Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Tips and Tricks HQ Compact WP Audio Player allows Server Side Request Forgery.9.14. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 4.1
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Envato Envato Elements allows Server Side Request Forgery.0.14. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in wangl1989 mysiteforme 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SSRF Mysiteforme
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM Monitor

The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.15 via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

GoCD is a continuous deliver server. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE SSRF Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 7.4
HIGH This Week

Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Fastchat
NVD
EPSS 1% CVSS 5.1
MEDIUM POC This Month

A vulnerability classified as problematic was found in Antabot White-Jotter up to 0.2.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF White Jotter
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Antabot White-Jotter up to 0.2.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF White Jotter
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH This Week

A Server-Side Request Forgery (SSRF) in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacker to obtain sensitive information via a crafted script to the /FB/getFbVideoSource.php component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF PHP
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability was found in WISI Tangram GT31 up to 20241214 and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM POC This Month

The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Broken Link Checker
NVD WPScan
EPSS 1% CVSS 5.4
MEDIUM POC This Month

IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF IBM
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH This Week

Server-Side Request Forgery in URL Mapper in Arctic Security's Arctic Hub versions 3.0.1764-5.6.1877 allows an unauthenticated remote attacker to exfiltrate and modify configurations and data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF IBM Security Guardium
NVD
EPSS 0% CVSS 2.4
LOW PATCH Monitor

Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

SSRF Java
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

The Broken Link Checker | Finder plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the 'moblc_check_link' function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Misskey is an open source, federated social media platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Misskey
NVD GitHub
EPSS 0% CVSS 4.1
MEDIUM This Month

Rhymix before 2.1.24 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function because XML documents may contain external entities. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Rhymix
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF CSRF Getsimple Cms
NVD
EPSS 0% CVSS 7.2
HIGH This Week

In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved in the plug-in download address in the backend management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Getsimple Cms
NVD
EPSS 0% CVSS 7.6
HIGH This Week

The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download function. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
EPSS 84% 5.5 CVSS 7.2
HIGH POC THREAT Act Now

Server-Side Request Forgery (SSRF) vulnerability in princeahmed Radio Player radio-player allows Server Side Request Forgery.0.83. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 83.7%.

SSRF
NVD
EPSS 63% 4.8 CVSS 7.2
HIGH POC THREAT Act Now

Server-Side Request Forgery (SSRF) vulnerability in hurraki Hurrakify hurrakify allows Server Side Request Forgery.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 63.1%.

SSRF
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in PlexTrac allowing requests to internal system resources.61.3 before 2.8.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Plextrac
NVD
EPSS 7% CVSS 9.8
CRITICAL POC PATCH Act Now

http4k is a functional toolkit for Kotlin HTTP applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF RCE XXE +1
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH This Week

SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF SAP
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Reyee Os
NVD
EPSS 1% CVSS 8.7
HIGH This Week

Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Abb Information Disclosure +19
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Veeam Service Provider Console
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Mobile Security Framework
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster wp-asset-clean-up allows Server Side Request Forgery.3.9.8. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The Backstage Scaffolder plugin Houses types and utilities for building scaffolder-related modules. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Authentication Bypass
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC This Month

LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favicon.blade.php link SSRF. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Linkstack
NVD
EPSS 24% CVSS 8.6
HIGH POC PATCH THREAT This Week

Lobe Chat is an open-source, AI chat framework. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Lobe Chat
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

A flaw was found in OpenShift Console. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
EPSS 1% CVSS 8.3
HIGH PATCH This Week

PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Posthog
NVD GitHub
EPSS 1% CVSS 6.9
MEDIUM This Month

A vulnerability classified as critical was found in IPC Unigy Management System 04.03.00.08.0027. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub VulDB
EPSS 1% CVSS 9.4
CRITICAL Act Now

A server-side request forgery (SSRF) vulnerability has been reported to affect Notes Station 3. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Notes Station 3
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XSS 2fauth
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.12.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Code Injection Apache +2
NVD
EPSS 0% CVSS 2.1
LOW Monitor

A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Paloalto Pan Os
NVD
EPSS 1% CVSS 6.3
MEDIUM This Month

The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD GitHub
EPSS 1% CVSS 7.7
HIGH This Week

Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe Commerce +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An unauthenticated attacker can create a malicious link which they can make publicly available. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Nks Responsive Filterable Portfolio responsive-filterable-portfolio allows Server Side Request Forgery.0.22. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Code Embed plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5 via the ce_get_file() function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
Prev Page 18 of 32 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy